numan numanturle

## frida_multiple_unpinning.js
/*  Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu

	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
*/

setTimeout(function() {
	Java.perform(function() {
		console.log('');

## frida-get-AES-keys
#!/usr/bin/env python3

from __future__ import print_function
import frida
import sys
import json
import time

def on_message(message, payload):
	if(message['type'] == 'send'):

## qnap-qts-fw-cryptor.py
#!/usr/bin/env python3
import os, sys
import argparse
import struct
from functools import reduce

"""
QNAP QTS firmware encryptor/decryptor.

Based on https://pastebin.com/KHbX85nG

## README.md

      
              6 files
            
          
              12 forks
            
          
              21 comments
            
          
              26 stars
            
          
                maxious
                / README.md
            
            
              Last active
              April 5, 2024 05:52
            
              
                Esee/Anran 960P 180° Wireless Fisheye Panoramic CCTV Smart Camera HD WIFI Webcam IP
              
          
Might also be the dv163 P1: http://help.dvr163.com/index.php/P1
Based on Ankya  AK3918 HD IP Camera SoC http://caxapa.ru/thumbs/914089/ak3818ds.pdf http://caxapa.ru/thumbs/914089/ak3818ds.pdf
Firmware => Telnet/FTP

Check/download latest firmware (site blocked for malware in Chrome/Firefox)
http://42.96.185.60:8088/XVR/common/checkCommonUpdate.php?DevModel=IPCAM&SWVersion=1.4.47.0&DeviceSN=F2731110583936&ODMNum=391802&FirmwareMagic=SlVBTiBJUENBTSBGSVJNV0FSRSBERVNJR05FRCBCWSBMQVc=&Release=1&app_version=2.3.13
Response:

  
## solver.py
import z3


def sym_xoroshiro128plus(solver, sym_s0, sym_s1, mask, result):
	s0 = sym_s0
	s1 = sym_s1
	sym_r = (sym_s0 + sym_s1)

	condition = z3.Bool('c0x%0.16x' % result)
	solver.add(z3.Implies(condition, (sym_r & mask) == result & mask))

## gql.py
import requests
import string
import random
import urllib
import time
import base64
from decimal import Decimal

# Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017
# https://www.youtube.com/watch?v=za_9hrq-ZuA

## gist:a8d1326db44aa7857660
http://stackoverflow.com/questions/3372962/can-i-remove-the-x-requested-with-header-from-ajax-requests

jQuery.ajax({

    url: yourAjaxUrl,

    // 'xhr' option overrides jQuery's default
    // factory for the XMLHttpRequest object.
    // Use either in global settings or individual call as shown here.
    xhr: function() {

## nginx-tuning.md

      
              1 file
            
          
              670 forks
            
          
              69 comments
            
          
              2362 stars
            
          
                denji
                / nginx-tuning.md
            
            
              Last active
              May 3, 2024 03:57
            
              
                NGINX tuning for best performance
              
          
    Moved to git repository: https://github.com/denji/nginx-tuning

NGINX Tuning For Best Performance

For this configuration you can use web server you like, i decided, because i work mostly with it to use nginx.
Generally, properly configured nginx can handle up to 400K to 500K requests per second (clustered), most what i saw is 50K to 80K (non-clustered) requests per second and 30% CPU load, course, this was 2 x Intel Xeon with HyperThreading enabled, but it can work without problem on slower machines.
You must understand that this config is used in testing environment and not in production so you will need to find a way to implement most of those features best possible for your servers.

  
## network-tuning.conf
## Place this file in "/etc/sysctl.d/network-tuning.conf" and
## run "sysctl -p" to have the kernel pick the new settings up

# Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Turn on syncookies for SYN flood attack protection
	/* Android ssl certificate pinning bypass script for various methods
	by Maurizio Siddu

	Run with:
	frida -U -f <APP_ID> -l frida_multiple_unpinning.js [--no-pause]
	*/

	setTimeout(function() {
	Java.perform(function() {
	console.log('');
	#!/usr/bin/env python3

	from __future__ import print_function
	import frida
	import sys
	import json
	import time

	def on_message(message, payload):
	if(message['type'] == 'send'):
	#!/usr/bin/env python3
	import os, sys
	import argparse
	import struct
	from functools import reduce

	"""
	QNAP QTS firmware encryptor/decryptor.

	Based on https://pastebin.com/KHbX85nG
	import z3


	def sym_xoroshiro128plus(solver, sym_s0, sym_s1, mask, result):
	s0 = sym_s0
	s1 = sym_s1
	sym_r = (sym_s0 + sym_s1)

	condition = z3.Bool('c0x%0.16x' % result)
	solver.add(z3.Implies(condition, (sym_r & mask) == result & mask))
	import requests
	import string
	import random
	import urllib
	import time
	import base64
	from decimal import Decimal

	# Blind GQL injection and optimised binary search - A7 ~ Gee cue elle (misc) Google CTF 2017
	# https://www.youtube.com/watch?v=za_9hrq-ZuA
	http://stackoverflow.com/questions/3372962/can-i-remove-the-x-requested-with-header-from-ajax-requests

	jQuery.ajax({

	url: yourAjaxUrl,

	// 'xhr' option overrides jQuery's default
	// factory for the XMLHttpRequest object.
	// Use either in global settings or individual call as shown here.
	xhr: function() {
	## Place this file in "/etc/sysctl.d/network-tuning.conf" and
	## run "sysctl -p" to have the kernel pick the new settings up

	# Avoid a smurf attack
	net.ipv4.icmp_echo_ignore_broadcasts = 1

	# Turn on protection for bad icmp error messages
	net.ipv4.icmp_ignore_bogus_error_responses = 1

	# Turn on syncookies for SYN flood attack protection