I hereby claim:
- I am matt- on github.
- I am mattaustin (https://keybase.io/mattaustin) on keybase.
- I have a public key whose fingerprint is 786C 4715 840B FD51 B2F4 F1A3 5E96 6468 3EB5 F20B
To claim this, I am signing this object:
Matt Austin matt-
matt-
/ rce_for_rce.html
Last active
January 31, 2022 00:05
An RCE in the POC by Jonathan Scott for the RCE V1.0 PoC iOS 15.0.1 https://twitter.com/mattaustin/status/1447787504837398530
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!doctype html> | |
| <html lang="en" class="h-100"> | |
| <head> | |
| <!-- Required meta tags --> | |
| <meta charset="utf-8"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1"> | |
| <!-- Bootstrap CSS --> | |
| <link href="https://getbootstrap.com/docs/5.0/dist/css/bootstrap.min.css" rel="stylesheet" crossorigin="anonymous"> |
matt-
/ hacker_hot_key.ino
Created
April 29, 2021 17:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <Keyboard.h> | |
| #include <Bounce2.h> | |
| #define NUM_BUTTONS 8 | |
| const uint8_t BUTTON_PINS[NUM_BUTTONS] = {13, 5, 10, 9, 8, 6, 12, 4}; | |
| Bounce2::Button * buttons = new Bounce2::Button[NUM_BUTTONS]; | |
| extern void openUrl(String url); | |
| // array of function pointers | |
| void (*keyActions []) () = { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <script> | |
| var proc = false; | |
| Function.prototype.call= new Proxy(Function.prototype.call, { | |
| apply: function(target, thisArg, argumentsList) { | |
| console.log(thisArg) | |
| if(!proc){ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Hello World!</title> | |
| </head> | |
| <body> | |
| <h1>Hello ASD!</h1> | |
| <p>This window does not have access to node bindings.</p> | |
| <pre>process: <script>//document.write(process)</script></pre> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var r44_btime = r44_btime || new Date(); | |
| var r44_btimems = r44_btime.getTime()/1000; | |
| var r44_smu_time = r44_smu_time || new Date().getTime(); | |
| var r44_is_cached = r44_is_cached || false; | |
| var r44_retime, r44_retimems, r44_letime; | |
| var r44_enable = (window.location != window.parent.location) ? false : true; | |
| var R44 = R44 || {}; | |
| R44.domain = R44.domain || ''; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| x="q=String.fromCharCode(34);console.log(require('crypto').createHash('md5').update(`x=${q+x+q};${x}`).digest('hex'))";q=String.fromCharCode(34);console.log(require('crypto').createHash('md5').update(`x=${q+x+q};${x}`).digest('hex')) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var Module = require('module'); | |
| var old_wrap_zero = Module.wrapper[0]; | |
| // some code to inject into a module load. | |
| var code = '\n(' + (function (){ | |
| process.NativeModule = require('native_module'); | |
| }) + ')();\n'; | |
| Module.wrapper[0] += code; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var startRender = function() { | |
| "use strict"; | |
| startRender = function () {}; | |
| /*eslint strict:0*/ | |
| var isSuspectedBot = false; | |
| if (!Function.prototype.bind) { | |
| isSuspectedBot = true; | |
| Function.prototype.bind = function (object) { //eslint-disable-line no-extend-native | |
| var self = this, | |
| slice = Array.prototype.slice, |
matt-
/ keybase.md
Last active
April 20, 2016 17:22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| name: 'test plugin', | |
| description: 'This is a test plugin' | |
| } |
NewerOlder