Skip to content

Instantly share code, notes, and snippets.

View jimtje's full-sized avatar
🏠
Working from home

jim zhou jimtje

🏠
Working from home
28 followers · 22 following
View GitHub Profile
@carnal0wnage
carnal0wnage / gcp_enum.sh
Last active January 24, 2024 18:06
use the gcloud utilities to enumerate as much access as possible from a GCP service account json file. see blog post: <to insert>
# gcloud auth activate-service-account --key-file=85.json
# gcloud projects list
project="my-project"
space=""
echo "gcloud auth list"
gcloud auth list
echo -e "$space"
@marulitua
marulitua / setup.sh
Last active November 16, 2023 00:38
Instal php5.6 with phpbrew on ubuntu 18.04
#!/bin/bash
# Instal php5.6 with phpbrew on ubuntu 18.04
# Install all dependencies
sudo apt update
sudo apt install wget php build-essential libxml2-dev libxslt1-dev libbz2-dev libcurl4-openssl-dev libmcrypt-dev libreadline-dev libssl-dev autoconf
wget https://github.com/phpbrew/phpbrew/raw/master/phpbrew
chmod +x phpbrew
mv phpbrew /usr/local/bin
@SocraticBliss
SocraticBliss / CertNXtractionPack.cmd
Last active May 30, 2024 04:01
CertNXtractionPack
@ECHO OFF
TITLE CertNXtractionPack by SocraticBliss and SimonMKWii (R)
ECHO: && ECHO PRE-REQUISITES:
ECHO -- Get your BIS Keys (via biskeydump)
ECHO -- Dump your SYSNAND (via hekate)
ECHO -- Decrypt your PRODINFO (BIS 0 Key) and Save to file - PRODINFO.bin to your working directory (via HacDiskMount)
ECHO -- keys.txt (ie. key = 32 digit hex value) file with the following keys...
ECHO --- master_key_00
ECHO --- rsa_private_kek_generation_source
@SciresM
SciresM / public_keys.md
Last active April 19, 2024 07:41

Nintendo Switch RSA-PKCS#1 Public Key Recovery

This is a short writeup of a fun (but ultimately pretty useless) attack I implemented on the Nintendo Switch a few months ago resulting in the recovery of some otherwise unobtainable RSA public keys. Since public keys aren't private keys, this is pretty useless, apart from letting us validate some signatures on PC. Even so, the attack is a pretty cool one, so I thought I'd write it up.

Every Switch gamecart has a unique certificate (called its "CERT"), storing an RSA signature followed by some kind of unknown but unique encrypted data. I was trying to reverse how these certificates work, and the obvious first step was to try to see how they were validated. However, when I tried looking through the FileSystem (FS) module, which should be responsible for validating these certificates, I found no references to the format at all. The "CERT" magic number was nowhere to be seen, and I couldn't find an RSA modulus that validated the signatures I had. This was in

@phith0n
phith0n / fpm.py
Last active July 20, 2024 11:18
Fastcgi PHP-FPM Client && Code Execution
import socket
import random
import argparse
import sys
from io import BytesIO
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client
PY2 = True if sys.version_info.major == 2 else False
@twilight-sparkle-irl
twilight-sparkle-irl / webcrack.js
Last active June 4, 2024 20:52
webcrack: mess with webpacked (webpackJsonp) applications
// webcrack, a script that allows you to break webpack.js's sandbox and randomization easily
// made by @yourcompanionAI
// licensed under the trust that you will credit me for my work visibly and other than that you can go have fun with this
// window.wc is the webcrack object
// wc.get gives you the module attached to the id you give it.
// literally just what webpack functions use. not much to it
// this is the basic part of all this, everything else is just to allow you to updateproof your code
// both find functions return modules in this format: