Skip to content

Instantly share code, notes, and snippets.

View FrankSpierings's full-sized avatar

Frank Spierings FrankSpierings

View GitHub Profile
@FrankSpierings
FrankSpierings / frida-script-rr3.js
Last active August 15, 2018 14:43
Learning how to use Frida - Trying to modify Real Racing 3
function ProgressHack() {
progressObject = null
intProgress = Interceptor.attach(Module.findExportByName("libRealRacing3.so", "_ZNK10Characters14CareerProgress16IsStreamUnlockedEi"), {
onEnter: function(args) {
progressObject = args[0]
},
onLeave: function(result) {
}
});
@FrankSpierings
FrankSpierings / frida-script-fruitninja.js
Created August 13, 2017 08:11
Learning how to use Frida - Trying to modify Fruit Ninja
function unlockHack() {
playerObject = null
interceptPlayer = Interceptor.attach(Module.findExportByName("Fruit", "_ZN16FruitNinjaPlayer11GetInstanceEv"), {
onEnter: function(args) {
},
onLeave: function(result) {
playerObject = ptr(result.toInt32())
}
});
@FrankSpierings
FrankSpierings / _etc_filebeat_filebeat.yml
Created September 16, 2017 16:05
ELK indexing iptables messages (UFW)
### Add this specific input
- input_type: log
paths:
- /var/log/ufw.log
tags: ["iptables"]
@FrankSpierings
FrankSpierings / ipa-resign.sh
Last active February 13, 2023 02:39
IPA Resigning (Frida Injection) Script (OSX)
#!/bin/bash
#
# Script requires `brew`
# - `/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"`
#
# Variables
# - $IPA -> Source IPA
# - $MOBILEPROVISION -> Source embedded.mobileprovision
# find ~/Library/Developer/Xcode | grep embedded.mobileprovision
@FrankSpierings
FrankSpierings / showObject.js
Created October 14, 2017 14:02
Javascript display an object
//Use this function to show an object's contents.
function showObject(obj) {
var result = null
if (obj && obj.constructor === Array) {
result = []
}
else if (obj === null) {
return null
}
else {
@FrankSpierings
FrankSpierings / hookalloverloads.js
Created October 14, 2017 18:57
Hook all overloads - Java/Android - Frida
function getGenericInterceptor(className, func, parameters) {
args = []
for (i = 0; i < parameters.length; i++) {
args.push('arg_' + i)
}
var script = "result = this.__FUNCNAME__(__SEPARATED_ARG_NAMES__);\nlogmessage = '__CLASSNAME__.__FUNCNAME__(' + __SEPARATED_ARG_NAMES__ + ') => ' + result;\nconsole.log(logmessage);\nreturn result;"
script = script.replace(/__FUNCNAME__/g, func);
script = script.replace(/__SEPARATED_ARG_NAMES__/g, args.join(', '));
script = script.replace(/__CLASSNAME__/g, className);
@FrankSpierings
FrankSpierings / Dockerfile
Last active January 11, 2018 08:33
Dockerfile - pwntools
FROM ubuntu:latest
MAINTAINER Frank Spierings
# Base setup
RUN dpkg --add-architecture i386 && \
apt-get update && apt-get upgrade -y && \
apt-get install libstdc++6:i386 -y
# Locales setup
RUN apt-get install locales -y && locale-gen en_US.UTF-8
@FrankSpierings
FrankSpierings / Readme.md
Last active March 18, 2024 19:31
Angr on a static stripped binary

Project

  • This is to demonstrate how to work with angr on a static/stripped binary

Source

  • Source angrtest.c
#include <stdio.h>
@FrankSpierings
FrankSpierings / XXE.md
Last active November 24, 2018 17:42
XXE Cheat Sheet

Variables

  • HTTP_DTD_SERVER = HTTP server that serves ext.dtd
  • HTTP_DTD_SERVER_PORT = Port of the HTTP server that serves ext.dtd
  • HTTP_EXFIL_SERVER = HTTP server that serves for the data exfiltration
  • HTTP_EXFIL_SERVER_PORT = Port of the HTTP that serves for the data exfiltration
  • FTP_EXFIL_SERVER = FTP server that serves for the data exfiltration
  • FTP_EXFIL_SERVER_PORT = Port of the FTP server that serves for the data exfiltration

Vanilla

@FrankSpierings
FrankSpierings / instructions.md
Last active June 15, 2024 09:27
Command line scripts for CTF's

Command line scripts for CTF's

Linux

Improve shell

  • Improve the prompt:
bash -i