Skip to content

Instantly share code, notes, and snippets.

View hacksysteam's full-sized avatar

HackSys Team hacksysteam

View GitHub Profile
// Build d8 using:
// a) Run once
// git checkout 6f98fbe86a0d11e6c902e2ee50f609db046daf71
// gclient sync
// gn gen ./out/x64.debug
// gn gen ./out/x64.release
//
// b)
// Debug Build:
// ninja -C ./out/x64.debug d8
<script type="text/javascript" src="utility.js"></script>
"use strict";
// This script implements the !dump_vmcs command that displays values of the all
// fields in the current VMCS. The processor must be in VMX-root operation with
// an active VMCS.
//
// As a reference, there are some other implementations of the same concept. The
// author is now aware of those two at least. Check them out as it may fit your
// need better.
// - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript)
@incogbyte
incogbyte / mixunpin.js
Last active May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
console.log("[*] SSL Pinning Bypasses");
console.log(`[*] Your frida version: ${Frida.version}`);
console.log(`[*] Your script runtime: ${Script.runtime}`);
/**
* by incogbyte
* Common functions
* thx apkunpacker, NVISOsecurity, TheDauntless
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that.
* !!! THIS SCRIPT IS NOT A SILVER BULLET !!
@pagabuc
pagabuc / extract_offsets.py
Created August 18, 2022 02:07
Find kernel objects containing function pointers
# Written by pagabuc, run with the following:
# gdb --batch --nx -q -x extract_offsets.py ./vmlinux
# This script finds kernel objects that contain function pointers and with size between 1024 and 2048.
# Nested structure types are traversed recursively.
import gdb
import re
struct_regex = re.compile("(struct [a-zA-Z0-9_]*)")
@gamozolabs
gamozolabs / proc_mem.py
Last active July 1, 2022 15:23
IDA Python loader for /proc/pid/mem without debugging a process
import re, subprocess, idaapi, ida_segment, ida_kernwin
# To install this, simply put it in your ida_install/loaders folder and open
# a `/proc/<pid>/mem` file!
#
# You might need to set `echo 0 > /proc/sys/kernel/yama/ptrace_scope` if you
# want to be able to dump processes depending on your system configuration.
# Check if the file is supported by our loader
def accept_file(li, filename):
@0xsha
0xsha / CVE-2021-44142.py
Last active October 3, 2023 13:34
CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
# (C) 2022 - 0xSha.io - @0xSha
# This PoC is un-weaponized and for educational purposes only .
# To learn how to use the PoC please read the writeup :
# https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142
# requires samba4-python
# Refrences :
# https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin
# Patch : https://attachments.samba.org/attachment.cgi?id=17092
@floyd-fuh
floyd-fuh / repackage_apk_for_burp.py
Last active June 14, 2024 21:23
Automatically repackage an Android apk and resign it for usage with Burp Proxy
#!/usr/bin/env python3
import sys
if not sys.version.startswith('3'):
print('\n[-] This script will only work with Python3. Sorry!\n')
exit()
import subprocess
import os
@theevilbit
theevilbit / get_apple_oss.sh
Last active April 25, 2022 04:32
Download All Apple OSS Tarballs from Github
#!/bin/zsh
: '
You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs:
https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
'
APPLE_OSS_DIR="all_apple_oss_archives"
APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt"
class Helpers {
constructor() {
this.buf = new ArrayBuffer(8);
this.f64 = new Float64Array(this.buf);
this.f32 = new Float32Array(this.buf);
this.u32 = new Uint32Array(this.buf);
this.u64 = new BigUint64Array(this.buf);
this.state = {};
}