Skip to content

Instantly share code, notes, and snippets.

@sleirsgoevy
sleirsgoevy / ff-addons.c
Created February 15, 2022 19:02
Firefox for Android custom addons hack
View ff-addons.c
#include <sys/socket.h>
#include <sys/un.h>
#include <stdio.h>
#include <stdlib.h>
#include <dirent.h>
#include <unistd.h>
#include <stddef.h>
void write_request(int fd, const char* c)
{
@sleirsgoevy
sleirsgoevy / serve_img.sh
Created December 14, 2021 15:42
Script for enabling mass storage emulation on rooted Samsung phones
View serve_img.sh
A=/sys/class/android_usb/android0
set -x
killall -STOP adbd
sleep 1
echo 0 > $A/enable
echo mass_storage > $A/functions
echo disk > $A/f_mass_storage/luns
echo 1 > $A/enable
sleep 1
@sleirsgoevy
sleirsgoevy / ps4.html
Created October 27, 2021 16:06
PS4 WebKit exploit on 9.00
View ps4.html
<script>
var PAGE_SIZE = 16384;
var SIZEOF_CSS_FONT_FACE = 0xb8;
var HASHMAP_BUCKET = 208;
var STRING_OFFSET = 20;
var SPRAY_FONTS = 0x1000;
var GUESS_FONT = 0x200430000;
var NPAGES = 20;
var INVALID_POINTER = 0;
var HAMMER_FONT_NAME = "font8"; //must take bucket 3 of 8 (counting from zero)
@sleirsgoevy
sleirsgoevy / ipv6-df-2.c
Last active March 8, 2021 15:34
FreeBSD 9 PoC of kernel code execution using the new TheFlow vulnerability
View ipv6-df-2.c
#include <sys/types.h>
#include <sys/param.h>
#include <sys/cpuset.h>
#include <sys/socket.h>
#include <sys/mman.h>
#include <sys/sysctl.h>
#include <sys/vmmeter.h>
#include <netinet/in.h>
#include <string.h>
#include <unistd.h>
@sleirsgoevy
sleirsgoevy / stats.json
Created December 27, 2020 22:52
Address statistics (7.02)
View stats.json
This file has been truncated, but you can view the full file.
{8640422552: 5, 8644121880: 2, 8608874096: 2, 8641777240: 6, 8644278192: 4, 8637739248: 6, 8641933552: 8, 8610228784: 1, 8640943600: 7, 8645137904: 4, 8607050504: 1, 8604705864: 2, 8638260296: 5, 8640109960: 7, 8612104520: 6, 8640787320: 7, 8640292344: 10, 8643991672: 5, 8639953680: 5, 8637609040: 5, 8645502672: 5, 8640813392: 3, 8645007696: 3, 8604419344: 2, 8606920296: 1, 8611114600: 3, 8604575656: 1, 8606086656: 2, 8638989800: 6, 8639146112: 7, 8643340416: 7, 8609291008: 2, 8638156160: 6, 8642350464: 6, 8644851416: 3, 8608301056: 2, 8641516824: 9, 8605617752: 3, 8609968368: 4, 8642871512: 7, 8640683184: 4, 8604940424: 2, 8642037872: 6, 8606790088: 2, 8631460936: 5, 8608144776: 1, 8611505440: 6, 8609160800: 2, 8640370592: 6, 8644564896: 8, 8604132856: 1, 8639536952: 7, 8612026488: 4, 8641386616: 6, 8609681848: 2, 8609838160: 3, 8606503568: 2, 8610697872: 4, 8606659880: 3, 8608014568: 2, 8612208872: 6, 8638729384: 5, 8642923688: 6, 8645424640: 5, 8640240384: 7, 8644434688: 4, 8608040640: 3, 8618278912: 1, 86
@sleirsgoevy
sleirsgoevy / sbrowse.py
Last active March 15, 2019 21:30
SBrowse - a minimalistic pure-Python text-mode browser
View sbrowse.py
import html.parser, urllib.parse, urllib.request, pydoc, random
class Parser(html.parser.HTMLParser):
def __init__(self):
html.parser.HTMLParser.__init__(self)
self.li_stack = [None]
self.table_stack = [None]
self.tag_stack = []
self.repr_stack = ['']
self.form_stack = [None]