David Manouchehri Manouchehri

## example.js
'use strict';

Module.enumerateExports('libssl.so', {
  onMatch(e) {
    if (e.type === 'function')
      Interceptor.attach(e.address, createHook(e.name, e.address));
  },
  onComplete() {
  }
});

## memwrite.py
import angr
import analysis

class MemoryWrite(analysis.Analysis):
    def __init__(self, option):
        super(MemoryWrite, self).__init__(option)
        self.mem_write_check()

    def mem_write_check(self):
        print("[+] Initializing memory write analysis")

## Dalvik-x86-execution.txt
/*
* author Huber Flores
*/


#Wrapping a java class into dex.
#Remember to add "dex" command to .bashrc file so that you can call the command from any place
#dex is an utility that comes with the Android SKD, and it's located in .../android-linux-x86_64/sdk/platform-tools/

#export PATH=$PATH:/home/ubuntu/android-sdk-linux/platform-tools:/home/ubuntu/CyanogenModBuild/environment/bin

## parse_pbzx2.py
# v2 pbzx stream handler
# My personal writeup on the differences here: https://gist.github.com/pudquick/29fcfe09c326a9b96cf5
#
# Pure python reimplementation of .cpio.xz content extraction from pbzx file payload originally here:
# http://www.tonymacx86.com/general-help/135458-pbzx-stream-parser.html
#
# Cleaned up C version (as the basis for my code) here, thanks to Pepijn Bruienne / @bruienne
# https://gist.github.com/bruienne/029494bbcfb358098b41

import struct, sys

## align-git.py
#!/usr/bin/env python

import os
import subprocess

# We want to reach back to a commit where the following file is identical in the tarball.
FILENAME="page_alloc.c"

# We created this file with: git log | grep '^commit' | awk '{ print $2}' > /tmp/commit-list.txt
commit_file = open("/tmp/commit-list.txt", "r")

## gist:2b8a06065a5960a836772a5770a2cb06
from pwn import *
#Setup context
context(arch='i386', os='linux')
context.log_level = 'debug'

#Open connection to the process

#Remote
sock = remote(<host>, <port>)

## gist:3e8cfd9327b15d026c90353523333164
from pwn import *
#Setup context
context(arch='i386', os='linux')
context.log_level = 'debug'

#Open connection to the process

#Remote
sock = remote(<host>, <port>)

## sitecrawler.js
	var targetAddress = 'http://www.autohotkey.com/board/';
	var fileCount = 0;

	phantom.onError = function(msg, trace) {
		var msgStack = ['PHANTOM ERROR: ' + msg];
		if (trace && trace.length) {
			msgStack.push('TRACE:');
			trace.forEach(function(t) {
				msgStack.push(' -> ' + (t.file || t.sourceURL) + ': ' + t.line + (t.function ? ' (in function ' + t.function +')' : ''));
			});

## chromecast_test.py
#!/usr/bin/python
import socket, ssl, select, time, re
from thread import start_new_thread
from struct import pack

TYPE_ENUM = 0
TYPE_STRING = 2
TYPE_BYTES = TYPE_STRING

def clean(s):

## cowroot.c
/*
* (un)comment correct payload first (x86 or x64)!
*
* $ gcc cowroot.c -o cowroot -pthread
* $ ./cowroot
* DirtyCow root privilege escalation
* Backing up /usr/bin/passwd.. to /tmp/bak
* Size of binary: 57048
* Racing, this may take a while..
* /usr/bin/passwd overwritten
	'use strict';

	Module.enumerateExports('libssl.so', {
	onMatch(e) {
	if (e.type === 'function')
	Interceptor.attach(e.address, createHook(e.name, e.address));
	},
	onComplete() {
	}
	});
	import angr
	import analysis

	class MemoryWrite(analysis.Analysis):
	def __init__(self, option):
	super(MemoryWrite, self).__init__(option)
	self.mem_write_check()

	def mem_write_check(self):
	print("[+] Initializing memory write analysis")
	/*
	* author Huber Flores
	*/


	#Wrapping a java class into dex.
	#Remember to add "dex" command to .bashrc file so that you can call the command from any place
	#dex is an utility that comes with the Android SKD, and it's located in .../android-linux-x86_64/sdk/platform-tools/

	#export PATH=$PATH:/home/ubuntu/android-sdk-linux/platform-tools:/home/ubuntu/CyanogenModBuild/environment/bin
	# v2 pbzx stream handler
	# My personal writeup on the differences here: https://gist.github.com/pudquick/29fcfe09c326a9b96cf5
	#
	# Pure python reimplementation of .cpio.xz content extraction from pbzx file payload originally here:
	# http://www.tonymacx86.com/general-help/135458-pbzx-stream-parser.html
	#
	# Cleaned up C version (as the basis for my code) here, thanks to Pepijn Bruienne / @bruienne
	# https://gist.github.com/bruienne/029494bbcfb358098b41

	import struct, sys
	#!/usr/bin/env python

	import os
	import subprocess

	# We want to reach back to a commit where the following file is identical in the tarball.
	FILENAME="page_alloc.c"

	# We created this file with: git log \| grep '^commit' \| awk '{ print $2}' > /tmp/commit-list.txt
	commit_file = open("/tmp/commit-list.txt", "r")
	from pwn import *
	#Setup context
	context(arch='i386', os='linux')
	context.log_level = 'debug'

	#Open connection to the process

	#Remote
	sock = remote(<host>, <port>)
	var targetAddress = 'http://www.autohotkey.com/board/';
	var fileCount = 0;

	phantom.onError = function(msg, trace) {
	var msgStack = ['PHANTOM ERROR: ' + msg];
	if (trace && trace.length) {
	msgStack.push('TRACE:');
	trace.forEach(function(t) {
	msgStack.push(' -> ' + (t.file \|\| t.sourceURL) + ': ' + t.line + (t.function ? ' (in function ' + t.function +')' : ''));
	});
	#!/usr/bin/python
	import socket, ssl, select, time, re
	from thread import start_new_thread
	from struct import pack

	TYPE_ENUM = 0
	TYPE_STRING = 2
	TYPE_BYTES = TYPE_STRING

	def clean(s):
	/*
	* (un)comment correct payload first (x86 or x64)!
	*
	* $ gcc cowroot.c -o cowroot -pthread
	* $ ./cowroot
	* DirtyCow root privilege escalation
	* Backing up /usr/bin/passwd.. to /tmp/bak
	* Size of binary: 57048
	* Racing, this may take a while..
	* /usr/bin/passwd overwritten