| # Build the target application (PewPew is the name for my app) | |
| xcodebuild build build -workspace PewPew.xcworkspace -scheme PewPew -sdk iphonesimulator12.2 | |
| # | |
| # iOS Simulator setup | |
| # | |
| echo "Simulator Setup" | |
| echo "===============" |
This plugin should sideload Flex[1], loaded as a plugin in objection[2]. Flex itself should be a shared library (with your target's architecture as either a thin/fat Mach-o).
The source code for a shared library called libFlex is included in this gist as .h and .m files. You need to copy the Classes/ directory from the official Flex project[1] into your project.
[1] https://github.com/Flipboard/FLEX
[2] https://github.com/sensepost/objection
| diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts | |
| index 1f9407a..aa2152a 100644 | |
| --- a/agent/src/ios/pinning.ts | |
| +++ b/agent/src/ios/pinning.ts | |
| @@ -283,6 +283,38 @@ export namespace sslpinning { | |
| }); | |
| }; | |
| + const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => { | |
| + // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/ |
This plugin should sideload Facebook's Stetho [1], loaded as a plugin in objection[2].
[1] http://facebook.github.io/stetho/
[2] https://github.com/sensepost/objection
| # CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass | |
| # Specifying an X-Forwarded-For header bypasses the local only check | |
| # https://kc.mcafee.com/corporate/index?page=content&id=SB10240 | |
| # https://nvd.nist.gov/vuln/detail/CVE-2018-6671 | |
| # | |
| # 2019 @leonjza | |
| # | |
| # Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850 | |
| POST /Notifications/testRegExe.do HTTP/1.1 |
| #!/usr/bin/env python3 | |
| # CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC | |
| # 2019 @leonjza | |
| # Technical details for this exploit is available at: | |
| # https://www.drupal.org/sa-core-2019-003 | |
| # https://www.ambionics.io/blog/drupal8-rce | |
| # https://twitter.com/jcran/status/1099206271901798400 |
| <html> | |
| <head></head> | |
| <body id="drop_zone" ondragenter="dragEnterHandler(event);"> | |
| <div> | |
| <p>Drag one or more files to this Drop Zone ...</p> | |
| </div> | |
| </body> |
| package main | |
| import ( | |
| "context" | |
| "flag" | |
| "log" | |
| "os" | |
| "os/exec" | |
| "regexp" | |
| "strings" |
| #!/usr/bin/python | |
| # Invoke-Kerberoast output hash extractor. | |
| # | |
| # For when you have: | |
| # TicketByteHexStream : | |
| # Hash : $krb5tgs$23$*sqlSvc$Adomain.com$MSSQLSvc/sqlserver.Adomain.com:1433*$C13BFD40143C0E | |
| # .... | |
| # SamAccountName : sqlSvc | |
| # DistinguishedName : CN=sqlSvc,OU=ServiceAccounts,DC=Adomain,DC=com |
A simple, dependency free, Golang egress buster using @mubix letmeoutofyour.net and @bhinfosecurity allports.exposed services.
Save the main.go file and either go run main.go or build it with go build -o go-out main.go, moving the resultant binary to your place of choice.