!!! For M1/M2 apple silicon see this comment:
For MacOS | Mojave | High Sierra
pich4ya
/ root_bypass.js
Created
August 5, 2019 20:14
Bypass Android Root Detection / Bypass RootBeer - August 2019
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // $ frida -l antiroot.js -U -f com.example.app --no-pause | |
| // CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh): | |
| // - I added extra whitelisted items to deal with the latest versions | |
| // of RootBeer/Cordova iRoot as of August 6, 2019 | |
| // - The original one just fucked up (kill itself) if Magisk is installed lol | |
| // Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/ | |
| // If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so | |
| Java.perform(function() { | |
| var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu", |
Peredery
/ Fix_gpg_Mac_OS_error.md
Last active
March 12, 2024 10:12
FIX - gpg failed to sign the data fatal: failed to write commit object
d3vilbug
/ frida-get-AES-keys
Created
November 2, 2018 06:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from __future__ import print_function | |
| import frida | |
| import sys | |
| import json | |
| import time | |
| def on_message(message, payload): | |
| if(message['type'] == 'send'): |
ole
/ Mojave-dynamic-wallpaper-notes.md
Last active
March 8, 2024 02:17
Reverse-engineering the dynamic wallpaper file format in macOS Mojave.
The dynamic wallpaper in MacOS Mojave is a single 114 MB .heic file that seems to contain 16 embedded images.
It also contains the following binary plist data in its metadata under the key "Solar". It's an array of 16 items, each with four keys:
i(integer). This seems to be the image index.o(integer). This is always 1 or 0. Stephen Radford thinks it indicates dark mode (0) vs. light mode (1).a(decimal). I’m pretty sure this is the angle of the sun over the horizon. 0º = sunset/sunrise. 90º = sun directly overhead. Negative values = sun below horizon.z(decimal). This seems to be the cardinal position of the sun relative to the camera. 0º = sun is directly in front of the camera. 90º = sun is directly to the right of the camera. 180º = sun is directly behind the camera.
lucasbrigida
/ disable_intel_turbo_boost.md
Last active
November 1, 2023 19:20
Disable Intel Turbo Boost
g0tmi1k
/ drupalgeddon2_CVE-2018-7600_SA-CORE-2018-002.md
Last active
February 16, 2023 12:37
drupalgeddon2 / SA-CORE-2018-002 / CVE-2018-7600 cURL (PoC)
CVE-2018-7600 | Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' RCE (SA-CORE-2018-002)
Source: https://gist.github.com/g0tmi1k/7476eec3f32278adc07039c3e5473708
Improved (Ruby) exploit ~ http://github.com/dreadlocked/Drupalgeddon2/ // https://www.exploit-db.com/exploits/44449/
Nevacomp
/ BNSonLinux
Last active
December 3, 2018 15:40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Note: BNS runs mostly slowy avg fps are 30. Max FPS was 90. Anyways fps are instable. | |
| 1. Install Wine | |
| sudo apt-get install wine-stable | |
| 2. Install Wine-Staging | |
| wget -nc https://repos.wine-staging.com/wine/Release.key | |
| sudo apt-key add Release.key | |
| sudo apt-add-repository 'https://dl.winehq.org/wine-builds/ubuntu/ | |
| sudo apt-get update sudo apt-get install |
The official version is found at https://berzerk0.github.io/GitPage/CTF-Writeups/Optimum-HTB.html
This was one of my first capture the flags, and the first HTB to go retired while I had a good enough grasp of it to do a write up. The steps are directed towards beginners, just like the box.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| import socket | |
| s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
| # -------------------1st Step------------------- | |
| # Framing similar charecters (say, A) to crash the application | |
| # /usr/share/metasploit-framework/tools/exploit/pattern_create.rb -l 3000 |