This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add lr, pc, #4 | |
ldr pc, [pc, #-4] | |
dcd <function_address> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# usage(): ./sniff_remote.sh <target ip> <ssh passwd> && mkfifo /tmp/pipe | |
sshpass -p "$2" ssh root@$1 "tcpdump -nn -w - -U -s 0 -w - not port 22" > /tmp/pipe & | |
wireshark -k -i /tmp/pipe & |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a notification that you have multiple apps, listed below, built on a version of Apache Cordova that contains security vulnerabilities. This includes a high severity cross-application scripting (XAS) vulnerability. Under certain circumstances, vulnerable apps could be remotely exploited to steal sensitive information, such as user login credentials. | |
You should upgrade to Apache Cordova 3.5.1 or higher as soon as possible. For more information about the vulnerabilities, and for guidance on upgrading Apache Cordova, please see http://cordova.apache.org/announcements/2014/08/04/android-351.html. | |
Please note, applications with vulnerabilities that expose users to risk of compromise may be considered dangerous products and subject to removal from Google Play. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Zircon Process Loader Test ONE - @depletionmode | |
[+] Created process object (koid: 3018) | |
[i] Root vmar (koid: 3019) - base: 0x1000000, len: 0x7ffffefff000 | |
[+] Created stack region vmo (koid: 3020) - size: 4096 | |
[+] Created code region vmo (koid: 3021) - size: 4096 | |
[+] Wrote code to code vmo | |
[+] Mapped stack vmar - address: 0x72df27263000 | |
[+] Mapped code vmar - address: 0x4273d98d0000 | |
[+] Created thread object (koid: 3022) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zx_vaddr_t zx_thread_exit_loc; | |
Dl_info dli; | |
dladdr(&zx_thread_exit, &dli); | |
zx_thread_exit_loc = (dli.dli_saddr - dli.dli_fbase) + vdso_base; | |
uint8_t code[] = { 0xff, 0xd6, /* call rsi */ | |
0xeb, 0xfe /* jmp $2 -- should never be reached */ }; | |
zx_vmo_write(code_vmo, &code, 0, sizeof(code)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
uint8_t* elf_buffer = info_buffer; | |
status = zx_vmo_read(vdso_vmo, elf_buffer, 0, page_size); | |
off_t e_phoff = *(off_t*)&elf_buffer[0x20]; | |
uint8_t* elf_prog_hdr_tbl = elf_buffer + e_phoff; | |
off_t vdso_ro_p_offset = *(off_t*)&elf_prog_hdr_tbl[0x08]; | |
size_t vdso_ro_p_filesz = *(size_t*)&elf_prog_hdr_tbl[0x20]; | |
off_t vdso_rx_p_offset = *(off_t*)&elf_prog_hdr_tbl[0x08+0x38]; | |
size_t vdso_rx_p_filesz = *(size_t*)&elf_prog_hdr_tbl[0x20+0x38]; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zx_handle_t vdso_vmo = zx_take_startup_handle(PA_HND(PA_VMO_VDSO, 0)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sleep(1); // short delay to ensure the new thread is executing | |
zx_object_get_info(thread, | |
ZX_INFO_THREAD, | |
info_buffer, | |
sizeof(info_buffer), | |
NULL, | |
NULL); | |
zx_info_thread_t* thread_info = (zx_info_thread_t*)info_buffer; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zx_handle_t event; | |
zx_event_create(0u, &event); | |
zx_process_start(process, | |
thread, | |
code_base, | |
compute_initial_stack_pointer(stack_base, page_size), | |
event, | |
0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zx_handle_t thread = ZX_HANDLE_INVALID; | |
zx_thread_create(process, "initial", 7, 0, &thread); |
NewerOlder