leonjza

fwd_ios.sh

Forwards a remote iOS device, exposed via usbmuxd on Linux to a local macOS client.
The inverse (aka ssh -R) is left as an excercise to the reader, but shouldn't be too hard :)

This is basically a simple usbfluxd that only depends on socat.

install

Copy the bash script to a local file, say fwd_ios.sh and make it executable with chmod +x fwd_ios.sh.

leonjza

diff --git a/server/server.vala b/server/server.vala
index d3fc39f9..3e4d11b3 100644
--- a/server/server.vala
+++ b/server/server.vala
@@ -3,7 +3,7 @@ namespace Frida.Server {
 
 	private const string DEFAULT_LISTEN_ADDRESS = "127.0.0.1";
 	private const uint16 DEFAULT_LISTEN_PORT = 27042;
-	private const string DEFAULT_DIRECTORY = "re.frida.server";
+	private const string DEFAULT_DIRECTORY = "re.freeda.server";

leonjza

#!/usr/bin/env bash
#
# Dump headers for binaries in an extracted iOS applications'
# Payload folder using radare2.

dumpdir="headers/"
mkdir -p $dumpdir

find . -perm +111 -type f | grep -iv "libswift" | while read -r bin; do
    echo "< Processing -> $bin"

leonjza

<?php

/*
 * Quick 'n Dirty Laravel ~5.6 decrypter.
 *  @leonjza
 *
 * Typically, if you see a key with the format base64:key_string then
 * you know you need this decrypter.
 *
 * For Laravel ~5.1, use: https://gist.github.com/leonjza/ce27aa7435f8d131d93f

leonjza

1Password 8 .1pux Vault Extrator

Looks like 1Password 8 only allows you to export whole organsations with all the vaults you have access to. Exporting to .1pux format means you can use this script to separate vaults into their own exports.

use

./separate.sh 1password_export.1pux

leonjza

# 2017 - @leonjza
#
# Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC
# Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html

# Usage example:
#
# List available posts:
#
# $ python inject.py http://localhost:8070/

leonjza

#!/usr/bin/python

import socket

host = "127.0.0.1"
port = 4444

# try and connect to a bind shell
try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

leonjza

gream

I was curious about how hard it would be to implement something like pypipe[1] in go. Turns out, not that hard.

[1] https://github.com/bugen/pypipe

example

$ echo "foo bar" | go run main.go 4

leonjza

import socket
 
class Netcat:

    """ Python 'netcat like' module """

    def __init__(self, ip, port):

        self.buff = ""
        self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

leonjza

1. The door order that must be achieved to successfully allow the team to infiltrate the building is: [door_3, door_0, door_4, door_1, door_2] and must be sequential.

2. The coils for the doors have restricted access on the Modbus network and can not be written.

3. The sensors are hardwired to coils, thus driving the coil will result in the sensor signal being altered.

4. SYSTEM REST: Upon mission completion, the system will reset after approximately two minutes.

5. FLAG: the flag will be available on the holding registers starting at address 4 upon completion of the mission.