HackSys Team hacksysteam
mistymntncop
/ CVE-2024-4761.js
Last active
May 26, 2024 02:27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Build d8 using: | |
| // a) Run once | |
| // git checkout 6f98fbe86a0d11e6c902e2ee50f609db046daf71 | |
| // gclient sync | |
| // gn gen ./out/x64.debug | |
| // gn gen ./out/x64.release | |
| // | |
| // b) | |
| // Debug Build: | |
| // ninja -C ./out/x64.debug d8 |
mistymntncop
/ exploit.html
Last active
October 12, 2023 11:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script type="text/javascript" src="utility.js"></script> |
tandasat
/ dump_vmcs.js
Last active
November 28, 2023 19:09
Deprecated: see https://github.com/tandasat/hvext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict"; | |
| // This script implements the !dump_vmcs command that displays values of the all | |
| // fields in the current VMCS. The processor must be in VMX-root operation with | |
| // an active VMCS. | |
| // | |
| // As a reference, there are some other implementations of the same concept. The | |
| // author is now aware of those two at least. Check them out as it may fit your | |
| // need better. | |
| // - https://github.com/ergot86/crap/blob/main/hyperv_stuff.js (Windbg JavaScript) |
incogbyte
/ mixunpin.js
Last active
May 2, 2024 07:03
Frida script to bypass common methods of sslpining Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| console.log("[*] SSL Pinning Bypasses"); | |
| console.log(`[*] Your frida version: ${Frida.version}`); | |
| console.log(`[*] Your script runtime: ${Script.runtime}`); | |
| /** | |
| * by incogbyte | |
| * Common functions | |
| * thx apkunpacker, NVISOsecurity, TheDauntless | |
| * Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
| * !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
pagabuc
/ extract_offsets.py
Created
August 18, 2022 02:07
Find kernel objects containing function pointers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Written by pagabuc, run with the following: | |
| # gdb --batch --nx -q -x extract_offsets.py ./vmlinux | |
| # This script finds kernel objects that contain function pointers and with size between 1024 and 2048. | |
| # Nested structure types are traversed recursively. | |
| import gdb | |
| import re | |
| struct_regex = re.compile("(struct [a-zA-Z0-9_]*)") |
gamozolabs
/ proc_mem.py
Last active
July 1, 2022 15:23
IDA Python loader for /proc/pid/mem without debugging a process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import re, subprocess, idaapi, ida_segment, ida_kernwin | |
| # To install this, simply put it in your ida_install/loaders folder and open | |
| # a `/proc/<pid>/mem` file! | |
| # | |
| # You might need to set `echo 0 > /proc/sys/kernel/yama/ptrace_scope` if you | |
| # want to be able to dump processes depending on your system configuration. | |
| # Check if the file is supported by our loader | |
| def accept_file(li, filename): |
0xsha
/ CVE-2021-44142.py
Last active
October 3, 2023 13:34
CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CVE-2021-44142 PoC Samba 4.15.0 OOB Read/Write | |
| # (C) 2022 - 0xSha.io - @0xSha | |
| # This PoC is un-weaponized and for educational purposes only . | |
| # To learn how to use the PoC please read the writeup : | |
| # https://0xsha.io/blog/a-samba-horror-story-cve-2021-44142 | |
| # requires samba4-python | |
| # Refrences : | |
| # https://www.thezdi.com/blog/2022/2/1/cve-2021-44142-details-on-a-samba-code-execution-bug-demonstrated-at-pwn2own-austin | |
| # Patch : https://attachments.samba.org/attachment.cgi?id=17092 |
floyd-fuh
/ repackage_apk_for_burp.py
Last active
June 14, 2024 21:23
Automatically repackage an Android apk and resign it for usage with Burp Proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| if not sys.version.startswith('3'): | |
| print('\n[-] This script will only work with Python3. Sorry!\n') | |
| exit() | |
| import subprocess | |
| import os |
theevilbit
/ get_apple_oss.sh
Last active
April 25, 2022 04:32
Download All Apple OSS Tarballs from Github
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| : ' | |
| You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs: | |
| https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api | |
| https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token | |
| ' | |
| APPLE_OSS_DIR="all_apple_oss_archives" | |
| APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class Helpers { | |
| constructor() { | |
| this.buf = new ArrayBuffer(8); | |
| this.f64 = new Float64Array(this.buf); | |
| this.f32 = new Float32Array(this.buf); | |
| this.u32 = new Uint32Array(this.buf); | |
| this.u64 = new BigUint64Array(this.buf); | |
| this.state = {}; | |
| } |
NewerOlder