Skip to content

Instantly share code, notes, and snippets.

[hip, hip]

Leon Jacobs leonjza

[hip, hip]
Block or report user

Report or block leonjza

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
leonjza /
Created Aug 14, 2019
objection Jenkins pipeline steps
# Build the target application (PewPew is the name for my app)
xcodebuild build build -workspace PewPew.xcworkspace -scheme PewPew -sdk iphonesimulator12.2
# iOS Simulator setup
echo "Simulator Setup"
echo "==============="
leonjza /
Last active Aug 14, 2019
objection Flex plugin

objection Flex plugin

This plugin should sideload Flex[1], loaded as a plugin in objection[2]. Flex itself should be a shared library (with your target's architecture as either a thin/fat Mach-o).

The source code for a shared library called libFlex is included in this gist as .h and .m files. You need to copy the Classes/ directory from the official Flex project[1] into your project.


leonjza / pinning.ts.diff
Created May 16, 2019
SSLCertificateChecker-PhoneGap-Plugin Pinning Disable
View pinning.ts.diff
diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts
index 1f9407a..aa2152a 100644
--- a/agent/src/ios/pinning.ts
+++ b/agent/src/ios/pinning.ts
@@ -283,6 +283,38 @@ export namespace sslpinning {
+ const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => {
+ //
leonjza /
Last active May 19, 2019
objection Stetho sideload plugin
leonjza / cve-2018-6671.txt
Last active Aug 20, 2019
cve-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
View cve-2018-6671.txt
# CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
# Specifying an X-Forwarded-For header bypasses the local only check
# 2019 @leonjza
# Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850
POST /Notifications/ HTTP/1.1
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
leonjza / index.html
Created Jul 23, 2018
HTML5 Drag 'n drop API test
View index.html
<body id="drop_zone" ondragenter="dragEnterHandler(event);">
<p>Drag one or more files to this Drop Zone ...</p>
leonjza / mq_clients.go
Last active Jun 11, 2018
IBM MQ "mq_clients" osquery Custom Table
View mq_clients.go
package main
import (
leonjza /
Created Apr 10, 2018
Invoke-Kerberoast Output Converter
# Invoke-Kerberoast output hash extractor.
# For when you have:
# TicketByteHexStream :
# Hash : $krb5tgs$23$*sqlSvc$$MSSQLSvc/*$C13BFD40143C0E
# ....
# SamAccountName : sqlSvc
# DistinguishedName : CN=sqlSvc,OU=ServiceAccounts,DC=Adomain,DC=com
leonjza /
Last active Feb 17, 2019
☄️go-out - A dependency free, Golang egress buster using @mubix and @bhinfosecurity services.

☄️ go-out

This code now lives at:

A simple, dependency free, Golang egress buster using @mubix and @bhinfosecurity services.


Save the main.go file and either go run main.go or build it with go build -o go-out main.go, moving the resultant binary to your place of choice.

cross compiling

You can’t perform that action at this time.