Skip to content

Instantly share code, notes, and snippets.

Avatar

Eduardo' Vela" <Nava> (sirdarckcat) sirdarckcat

View GitHub Profile
@sirdarckcat
sirdarckcat / Dockerfile
Created Jun 5, 2020
intent-intercept build dockerfile
View Dockerfile
FROM ubuntu:20.04
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget git unzip openjdk-8-jdk google-android-platform-24-installer google-android-build-tools-24-installer android-sdk
RUN cd /usr/lib/android-sdk/build-tools && wget https://dl.google.com/android/repository/build-tools_r24.0.1-linux.zip 2>/dev/null && unzip build-tools_r24.0.1-linux.zip && ls
RUN git clone https://github.com/k3b/intent-intercept.git
RUN cd /usr/lib/android-sdk && mkdir cmdline-tools && cd cmdline-tools && wget https://dl.google.com/android/repository/commandlinetools-linux-6514223_latest.zip 2>/dev/null && unzip commandlinetools-linux-6514223_latest.zip && ls -la
RUN yes | /usr/lib/android-sdk/cmdline-tools/tools/bin/sdkmanager --licenses
RUN update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
RUN cd intent-intercept && export ANDROID_HOME=/usr/lib/android-sdk && ./gradlew assembleDebug
@sirdarckcat
sirdarckcat / README.md
Last active Jun 22, 2019
gctf.sh download all CTF tasks
View README.md

gctf.sh

Usage:

wget https://gist.githubusercontent.com/sirdarckcat/087e32982bd77bddbd9c46ccbc72edf7/raw/gctf.sh && chmod +x gctf.sh
mkdir -p google-ctf-2019
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com ./gctf.sh google-ctf-2019/ctf
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com/beginners ./gctf.sh google-ctf-2019/bq
@sirdarckcat
sirdarckcat / 0README.md
Last active Mar 25, 2018
XS-Search Exploit for Secure Messaging Service
View 0README.md

XS-Search Exploit for Secure Messaging Service

Exploit used during Insomni'hack 2018 for team int3pids.

@sirdarckcat
sirdarckcat / 0README.md
Last active Mar 26, 2018
/sbin/dhclient Ubuntu AppArmor profile bypass
View 0README.md

/sbin/dhclient Ubuntu AppArmor profile bypass

This document explains how to bypass the /sbin/dhclient AppArmor profile installed in Ubuntu by installing a kernel module. This is a simple task, but I didn't know how to do it before today. Hopefully you find this useful.

Tested on 17.10.1 using the isc-dhcp 4.3.5-3ubuntu2.2 package.

Background

In this advisory, Ubuntu says that the vulnerability

@sirdarckcat
sirdarckcat / solution.js
Created Jun 30, 2017
A7 ~ Gee cue elle intended solution
View solution.js
var HANDICAP = 10*2;
var reqs = [];
function fetchReq() {
Promise.resolve().then(
reqs.length?
reqs.pop():
_=>0
).then(
_=>setTimeout(fetchReq, 1)
);
@sirdarckcat
sirdarckcat / prettybug.html
Created May 24, 2017
Make random screen click pretty
View prettybug.html
<script>
window.oncontextmenu=window.onauxclick=window.onclick=function(e){
with(document.body.appendChild(document.createElement('div'))){
style.left=e.clientX+'px';
style.top=e.clientY+'px';
style.position='absolute';
style.height='0';
style.width='0';
style.opacity='0.1';
style.boxShadow='0 0 0 '+(Math.random()*800+5)+'px #'+Math.floor(Math.random()*0xFFFFFF).toString(16);
View gist:440b2ee413d707f5ba7444cd276fe9ba
{<sc{r}ipt.*?>}
{<sc{r}ipt.*?[ /+\t]*?((src)|(xlink:href)|(href))[ /+\t]*=}
{<BUTTON[ /+\t].*?va{l}ue[ /+\t]*=}
{<fo{r}m.*?>}
{<OPTION[ /+\t].*?va{l}ue[ /+\t]*=}
{<INPUT[ /+\t].*?va{l}ue[ /+\t]*=}
{<is{i}ndex[ /+\t>]}
{<TEXTA{R}EA[ /+\t>]}
{<.*[:]vmlf{r}ame.*?[ /+\t]*?src[ /+\t]*=}
{<[i]?f{r}ame.*?[ /+\t]*?src[ /+\t]*=}
@sirdarckcat
sirdarckcat / app.yaml
Last active Jul 3, 2019
jQuery Mobile XSS
View app.yaml
application: jquery-mobile-xss
version: 1
runtime: python27
api_version: 1
threadsafe: yes
handlers:
- url: /.*
script: main.APP
You can’t perform that action at this time.