Skip to content

Instantly share code, notes, and snippets.

😎
Focusing

Sabri pwnsdx

😎
Focusing
Block or report user

Report or block pwnsdx

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@pwnsdx
pwnsdx / disable.sh
Last active Sep 18, 2019
Disable bunch of #$!@ in Catalina (It's back!)
View disable.sh
#!/bin/bash
# IMPORTANT: Don't forget to logout from your Apple ID in the settings before running it!
# IMPORTANT: You will need to run this script from Recovery. In fact, macOS Catalina brings read-only filesystem which prevent this script from working from the main OS.
# This script needs to be run from the volume you wish to use.
# E.g. run it like this: cd /Volumes/Macintosh\ HD && sh /Volumes/Macintosh\ HD/Users/sabri/Desktop/disable.sh
# WARNING: It might disable things that you may not like. Please double check the services in the TODISABLE vars.
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
View safari-reaper.html
<!DOCTYPE html>
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
body {
background: repeat url('data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEASABIAAD/7QCIUGhvdG9zaG9wIDMuMAA4QklNBAQAAAAAAGscAVoAAxslRxwCAAACAAAcAnQAV8KpIENoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbGQgLSBodHRwOi8vd3d3LnJlZGJ1YmJsZS5jb20vcGVvcGxlL0NoYWV5b3VuZ1dpbGxOZXZlckNoYWVvbAD/4gxYSUNDX1BST0ZJTEUAAQEAAAxITGlubwIQAABtbnRyUkdCIFhZWiAHzgACAAkABgAxAABhY3NwTVNGVAAAAABJRUMgc1JHQgAAAAAAAAAAAAAAAAAA9tYAAQAAAADTLUhQICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFjcHJ0AAABUAAAADNkZXNjAAABhAAAAGx3dHB0AAAB8AAAABRia3B0AAACBAAAABRyWFlaAAACGAAAABRnWFlaAAACLAAAABRiWFlaAAACQAAAABRkbW5kAAACVAAAAHBkbWRkAAACxAAAAIh2dWVkAAADTAAAAIZ2aWV3AAAD1AAAACRsdW1pAAAD+AAAABRtZWFzAAAEDAAAACR0ZWNoAAAEMAAAAAxyVFJDAAAEPAAACAxnVFJDAAAEPAAACAxiVFJDAAAEPAAACAx0ZXh0AAAAAENvcHlyaWdodCAoYykgMTk5OCBIZXdsZXR0LVBhY2thcmQgQ29tcGFueQAAZGVzYwAAAAAAAAASc1JHQiBJRUM2MTk2Ni0yLjEAAAAAAAAAAAAAABJzUkdCIElFQzYxOTY2LTIuMQAAAAAAAA
View iremember.js
// How to:
// 1) Login into https://icloud.com
// 2) Open the developer tools and execute this code in the console
// See more @ https://medium.com/bugbountywriteup/how-apple-stored-all-your-email-metadata-for-years-on-their-servers-2a61b1a3232d
const _API_URL='https://p18-mailws.icloud.com/wm/recents';
const _requestContacts = () => {
console.warn('Requesting your contacts...');
return fetch(_API_URL, {
method: 'POST',
headers: {
@pwnsdx
pwnsdx / nosleep.sh
Last active Sep 14, 2019
Completely disable sleep on any Mac
View nosleep.sh
# Useful to prevent Macbooks to go to sleep when closing the lid instead of running tools that requires a Kernel Extension (e.g. InsomniaX) and more
# Before doing anything, save your current configuration using
pmset -g
# To disable sleep
sudo pmset -a sleep 0; sudo pmset -a hibernatemode 0; sudo pmset -a disablesleep 1;
# And to go back to normal
sudo pmset -a sleep 1; sudo pmset -a hibernatemode [original hibernatemode value]; sudo pmset -a disablesleep 0;
@robsaunders
robsaunders / mac.sh
Last active Sep 26, 2018 — forked from pwnsdx/disable.sh
Forked from another file and documented, each entry on a new line to provide easy commenting / disabling of lines.
View mac.sh
#!/bin/bash
# PRO TIP: Don't disable shit until you know exactly what it does. Remember that disabling doesn't kill the process, so most tweaks you need to reboot to fully see effects.
# MINI TUTORIAL ON LAUNCHCTL
# List all jobs in system:
# launchctl list
# first column is the process id, or - if the job is not loaded. second is exit code.
@pwnsdx
pwnsdx / disable.sh
Last active Sep 18, 2019
Disable bunch of #$!@ in Sierra (Version 2.1). Using Catalina? Check https://gist.github.com/pwnsdx/1217727ca57de2dd2a372afdd7a0fc21
View disable.sh
#!/bin/bash
# IMPORTANT: You will need to disable SIP aka Rootless in order to fully execute this script, you can reenable it after.
# WARNING: It might disable things that you may not like. Please double check the services in the TODISABLE vars.
# Get active services: launchctl list | grep -v "\-\t0"
# Find a service: grep -lR [service] /System/Library/Launch* /Library/Launch* ~/Library/LaunchAgents
# Agents to disable
TODISABLE=('com.apple.security.keychainsyncingoveridsproxy' 'com.apple.personad' 'com.apple.passd' 'com.apple.screensharing.MessagesAgent' 'com.apple.CommCenter-osx' 'com.apple.Maps.mapspushd' 'com.apple.Maps.pushdaemon' 'com.apple.photoanalysisd' 'com.apple.telephonyutilities.callservicesd' 'com.apple.AirPlayUIAgent' 'com.apple.AirPortBaseStationAgent' 'com.apple.CalendarAgent' 'com.apple.DictationIM' 'com.apple.iCloudUserNotifications' 'com.apple.familycircled' 'com.apple.familycontrols.useragent' 'com.apple.familynotificationd' 'com.apple.gamed' 'com.apple.icloud.findmydeviced.findmydevi
@pwnsdx
pwnsdx / main.scpt
Last active Jun 17, 2019
Hardened Chrome Browser
View main.scpt
# Misc: --start-maximized --disable-save-password-bubble
# Reduce attack surface: --disable-presentation-api --disable-file-system --disable-contextual-search --disable-account-consistency --disable-translate --disable-background-mode --disable-plugins-discovery --disable-webgl --disable-webgl-image-chromium --disable-speech-api --disable-smart-virtual-keyboard --disable-print-preview --disable-password-generation --disable-overlay-scrollbar --disable-offer-upload-credit-cards --disable-ntp-popular-sites --disable-cloud-import --disable-component-cloud-policy --disable-credit-card-scan --disable-bundled-ppapi-flash --disable-java --disable-plugins --disable-ipv6 --disable-people-search --disable-default-apps
# Incognito, sandboxing & security stuff: --incognito --disable-sync --disable-sync-backup --disable-sync-rollback --disable-sync-app-list --disable-sync-types --enable-sandbox --enable-sandbox-logging --isolate-extensions --isolate-sites-for-testing=* --process-per-tab --process-per-site --safe-plugins
#
@pwnsdx
pwnsdx / 62078.md
Last active Sep 4, 2019
How to finally disable this ******* Wi-Fi Sync port (62078) on iOS (testers wanted)
View 62078.md

Hi there,

Why should I disable this port?

Apple enable this port by default if you want Wi-Fi Sync. The problem is, I (and probably you) never used this so this port should not be open. Enabling this port by default is a security risk as there is always an undocumented service (lockdownd) listening on this port.

This is an non-exhaustive list of what you are exposing to if you don't close this port:

  • If an attacker get the pairing keys of your iDevice, he can dump the whole content of your device transparently as soon as he is on the same network as you (at Home, Work, in a Café, in a Fast Food etc) or if he have access to your cellular network (yes, the port is open on all interfaces including cellular) e.g. if the NSA have access to AT&T network or if DGSE have access to Orange network (which is true: http://www.france24.com/fr/20140320-dgse-renseignement-espionage-nsa-donnees-operateur-orange-snowden/ ) or even if your neighbor have set up a IMSI-Catcher.
  • It make the iOS device easily identifiab
@tonymtz
tonymtz / gist:714e73ccb79e21c4fc9c
Created Nov 15, 2014
Uninstall XQuartz.app from OSX Yosemite
View gist:714e73ccb79e21c4fc9c
launchctl unload /Library/LaunchAgents/org.macosforge.xquartz.startx.plist
sudo launchctl unload /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist
sudo rm -rf /opt/X11* /Library/Launch*/org.macosforge.xquartz.* /Applications/Utilities/XQuartz.app /etc/*paths.d/*XQuartz
sudo pkgutil --forget org.macosforge.xquartz.pkg
# Log out and log in
@ahmozkya
ahmozkya / README.md
Last active Sep 16, 2019
Homebrew with DNSMasq + DNSCrypt-proxy (OpenDNS)
View README.md

Install & Configure

  1. Install DNSMasq
$ brew install dnsmasq
  1. Install DNSCrypt-proxy
$ brew install dnscrypt-proxy
You can’t perform that action at this time.