sirdarckcat

Code for https://chrome.google.com/webstore/detail/ohcfioimjbmanibdlkhbcndkbdibpkpg

sirdarckcat

application: jquery-mobile-xss
version: 1
runtime: python27
api_version: 1
threadsafe: yes

handlers:
- url: /.*
  script: main.APP

sirdarckcat

{<sc{r}ipt.*?>}
{<sc{r}ipt.*?[ /+\t]*?((src)|(xlink:href)|(href))[ /+\t]*=}
{<BUTTON[ /+\t].*?va{l}ue[ /+\t]*=}
{<fo{r}m.*?>}
{<OPTION[ /+\t].*?va{l}ue[ /+\t]*=}
{<INPUT[ /+\t].*?va{l}ue[ /+\t]*=}
{<is{i}ndex[ /+\t>]}
{<TEXTA{R}EA[ /+\t>]}
{<.*[:]vmlf{r}ame.*?[ /+\t]*?src[ /+\t]*=}
{<[i]?f{r}ame.*?[ /+\t]*?src[ /+\t]*=}

sirdarckcat

<script>
  window.oncontextmenu=window.onauxclick=window.onclick=function(e){
    with(document.body.appendChild(document.createElement('div'))){
      style.left=e.clientX+'px';
      style.top=e.clientY+'px';
      style.position='absolute';
      style.height='0';
      style.width='0';
      style.opacity='0.1';
      style.boxShadow='0 0 0 '+(Math.random()*800+5)+'px #'+Math.floor(Math.random()*0xFFFFFF).toString(16);

sirdarckcat

var HANDICAP = 10*2;
var reqs = [];
function fetchReq() {
  Promise.resolve().then(
    reqs.length?
    reqs.pop():
    _=>0
  ).then(
    _=>setTimeout(fetchReq, 1)
  );

sirdarckcat

/sbin/dhclient Ubuntu AppArmor profile bypass

This document explains how to bypass the /sbin/dhclient AppArmor profile installed in Ubuntu by installing a kernel module. This is a simple task, but I didn't know how to do it before today. Hopefully you find this useful.

Tested on 17.10.1 using the isc-dhcp 4.3.5-3ubuntu2.2 package.

Background

In this advisory, Ubuntu says that the vulnerability

sirdarckcat

XS-Search Exploit for Secure Messaging Service

Exploit used during Insomni'hack 2018 for team int3pids.

sirdarckcat

gctf.sh

Usage:

wget https://gist.githubusercontent.com/sirdarckcat/087e32982bd77bddbd9c46ccbc72edf7/raw/gctf.sh && chmod +x gctf.sh
mkdir -p google-ctf-2019
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com ./gctf.sh google-ctf-2019/ctf
DATABASE_URL=https://gctf-2019-da0962m957mnki9l.firebaseio.com/beginners ./gctf.sh google-ctf-2019/bq

sirdarckcat

FROM ubuntu:20.04
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y wget git unzip openjdk-8-jdk google-android-platform-24-installer google-android-build-tools-24-installer android-sdk
RUN cd /usr/lib/android-sdk/build-tools && wget https://dl.google.com/android/repository/build-tools_r24.0.1-linux.zip 2>/dev/null && unzip build-tools_r24.0.1-linux.zip && ls
RUN git clone https://github.com/k3b/intent-intercept.git
RUN cd /usr/lib/android-sdk && mkdir cmdline-tools && cd cmdline-tools && wget https://dl.google.com/android/repository/commandlinetools-linux-6514223_latest.zip 2>/dev/null && unzip commandlinetools-linux-6514223_latest.zip && ls -la
RUN yes | /usr/lib/android-sdk/cmdline-tools/tools/bin/sdkmanager --licenses
RUN update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
RUN cd intent-intercept && export ANDROID_HOME=/usr/lib/android-sdk && ./gradlew assembleDebug

sirdarckcat

Keybase proof

I hereby claim:

• I am sirdarckcat on github.
• I am sirdarckcat (https://keybase.io/sirdarckcat) on keybase.
• I have a public key ASDI4N0BHgeTf4c7SqQxkNozR3Vh4z-dEdjXqNwXO1n6Xgo

To claim this, I am signing this object: