A reverse shell that lets you evaluate PHP.
This is not an OS command reverse shell per-se but you could eval a function like system("id") for that if you wanted to.
Useful to poison an existing PHP file and explore the currently loaded environment.
Traefik docker-compose with Trauth, Wildcard Certs & Metrics
Ref: https://sensepost.com/blog/2020/building-a-hipster-aware-pi-home-server/
| #!/usr/bin/env bash | |
| # | |
| # Dump headers for binaries in an extracted iOS applications' | |
| # Payload folder using radare2. | |
| dumpdir="headers/" | |
| mkdir -p $dumpdir | |
| find . -perm +111 -type f | grep -iv "libswift" | while read -r bin; do | |
| echo "< Processing -> $bin" |
| diff --git a/server/server.vala b/server/server.vala | |
| index d3fc39f9..3e4d11b3 100644 | |
| --- a/server/server.vala | |
| +++ b/server/server.vala | |
| @@ -3,7 +3,7 @@ namespace Frida.Server { | |
| private const string DEFAULT_LISTEN_ADDRESS = "127.0.0.1"; | |
| private const uint16 DEFAULT_LISTEN_PORT = 27042; | |
| - private const string DEFAULT_DIRECTORY = "re.frida.server"; | |
| + private const string DEFAULT_DIRECTORY = "re.freeda.server"; |
| #!/bin/bash | |
| # Add a firewall NAT rule to expose a port open in a docker container, on a host. | |
| # | |
| # This is only really useful if the container is already running, and you don't | |
| # want to/can't shut it down, but need a new incoming port open. | |
| # | |
| # Requires `jq` for parsing docker container information. | |
| # | |
| # 2019 @leonjza |
| const dlib = 'mettle.dylib'; | |
| const NSDocumentDirectory = 9; | |
| const NSUserDomainMask = 1 | |
| const p = ObjC.classes.NSFileManager.defaultManager() | |
| .URLsForDirectory_inDomains_(NSDocumentDirectory, NSUserDomainMask).lastObject().path(); | |
| const dylibPath = p + '/' + dlib; | |
| const cm = new CModule(""+ | |
| "#include <glib.h>" + | |
| "" + |
| # Build the target application (PewPew is the name for my app) | |
| xcodebuild build build -workspace PewPew.xcworkspace -scheme PewPew -sdk iphonesimulator12.2 | |
| # | |
| # iOS Simulator setup | |
| # | |
| echo "Simulator Setup" | |
| echo "===============" |
This plugin should sideload Flex[1], loaded as a plugin in objection[2]. Flex itself should be a shared library (with your target's architecture as either a thin/fat Mach-o).
The source code for a shared library called libFlex is included in this gist as .h and .m files. You need to copy the Classes/ directory from the official Flex project[1] into your project.
[1] https://github.com/Flipboard/FLEX
[2] https://github.com/sensepost/objection
| diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts | |
| index 1f9407a..aa2152a 100644 | |
| --- a/agent/src/ios/pinning.ts | |
| +++ b/agent/src/ios/pinning.ts | |
| @@ -283,6 +283,38 @@ export namespace sslpinning { | |
| }); | |
| }; | |
| + const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => { | |
| + // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/ |
This plugin should sideload Facebook's Stetho [1], loaded as a plugin in objection[2].
[1] http://facebook.github.io/stetho/
[2] https://github.com/sensepost/objection
