Skip to content

Instantly share code, notes, and snippets.

View brandonprry's full-sized avatar
thought bleeding

Brandon Perry brandonprry

thought bleeding
View GitHub Profile
#export https_proxy=
KEY="bd516a32ff7db81c4a991acfc5656da3" #not secret
rm /tmp/fdsa
for i in `seq 0 39 500`; do curl --retry 5 \
-H $'Host:' -H $'Authority:' -H $'Accept: application/json, text/javascript, */*; q=0.01' -H $'Accept-Language: en-US,en;q=0.9' -H $'Content-Type: application/json' -H $'Referer:' -H $'Sec-Ch-Ua: \"Google Chrome\";v=\"113\", \"Chromium\";v=\"113\", \"Not-A.Brand\";v=\"24\"' -H $'Sec-Ch-Ua-Mobile: ?0' -H $'Sec-Ch-Ua-Platform: \"macOS\"' -H $'Sec-Fetch-Dest: empty' -H $'Sec-Fetch-Mode: cors' -H $'Sec-Fetch-Site: same-origin' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36' -H $'X-Detected-Locale: USD|en-US|US' -H $'X-Requested-With: XMLHttpRequest' \
-b "$COOKIE" \
Turn on debugging.
Still install sshd. File transfer over adb push/pull is too slow.
#Disable Sound
$ adb shell input keyevent 164
$ adb shell svc power stayon true
$ adb tcpip 4321 #Enable adb over wifi.
tell application "System Events" to key code (random number from 0 to 44)
delay 8
end repeat
cred_collection =
user_file: datastore['USER_FILE'],
username: datastore['USERNAME'],
blank_passwords: true
apt-get install xvfb && Xvfb :1 -screen 0 640x480x8 && export DISPLAY=:1.0 ; xcalc
bperry@ubuntu:~/tmp$ DYNINSTAPI_RT_LIB=./dyninst-9.2.0/build/dyninstAPI_RT/ LD_LIBRARY_PATH=.:$LD_LIBRARY_PATH ./afl-dyninst -i fisimple -o fi_inst -l -d
Skipping library:
Skipping library: crtstuff.c
Skipping library: libAflDyninst.cpp
Instrumenting module: fisimple
Instrumenting module: crtstuff.c
Skipping library: DEFAULT_MODULE
Instrumenting module:
Segmentation fault
for( j = 0; j < n->classname_len && j<9; j++)
kv[j] = b[j*2];
kv[8] = 0;
sscanf( kv, "%x", (unsigned int*)( &key[i*4] ) );
brandonprry / gist:1fec884bc1253e972e77
Last active January 15, 2016 20:59
Apache Jetspeed 2 Unauthenticated Reflected XSS

During a recent pentest, we came across the Apache Jetspeed 2 HTTP server. After a few hours of testing, I realised that the web application was vulnerable to an unauthenticated reflected XSS attack. However, I was limited, as I could not use < or > in the URL, as Jetspeed would return a 400 Bad Request HTTP response.

I could break out of an attribute that was storing the URL with a double-quote ("), though, so I could control the attributes on a random element. A specially crafted URL could define a style attribute making the arbitrary HTML element take up the entire page, then an onmouseover attribute could execute random javascript. I ended up with a generic URL that looked like this (URL encoded):

brandonprry /
Last active March 15, 2023 11:44
Parallelize afl-tmin to use multiple cores
total=`ls $inputdir | wc -l`
for k in `seq 1 $cores $total`