There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
leesh3288
/ vm2_3.9.16_sandbox_escape.md
Last active
April 7, 2024 01:14
Sandbox Escape in vm2@3.9.16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| var act = Java.use("android.app.Activity"); | |
| act.getIntent.overload().implementation = function () { | |
| var intent = this.getIntent() | |
| var cp = intent.getComponent() | |
| console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
| var ext = intent.getExtras(); | |
| if (ext) { | |
| var keys = ext.keySet() | |
| var iterator = keys.iterator() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
williballenthin
/ TxR.bt
Created
November 22, 2019 20:49
010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------ | |
| //--- 010 Editor v8.0.1 Binary Template | |
| // | |
| // File: Transactional Registry Transaction Logs (.TxR) | |
| // Authors: Willi Ballenthin <william.ballenthin@fireeye.com> | |
| // Version: 0.1 | |
| // Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html | |
| //------------------------------------------------ | |
| LittleEndian(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/sbin/sh | |
| # | |
| # Copyright (C) 2018 Unlegacy Android Project | |
| # Copyright (C) 2018 Svyatoslav Ryhel | |
| # Copyright (C) 2019 Nick80835 | |
| # Copyright (C) 2019 z3dd3r | |
| # | |
| # Made for Hammerhead | |
| # |
pe3zx
/ disable_windows_defender.bat
Last active
December 25, 2023 10:27
Disable Windows Defender on Windows 10 1903
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
burinov
/ 1commands.sh
Last active
December 8, 2023 06:46
— forked from ckurtm/AndroidManifest.xml
Example on how to use adb to start an Activity,BroadcastReceiver or Service from adb and include intent extras too.for Activity: adb shell am start -n "com.peirr.test/com.peirr.test.MyActivity" --es name "John" --ei age 30for BroadcastReceiver adb shell am broadcast -n "com.peirr.test/com.peirr.test.MyReceiver" --es name "John" --ei age 30for Se…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Example on how to use adb to start an Activity, | |
| #BroadcastReceiver or Service from adb and include intent extras too. | |
| #for Activity: | |
| adb shell am start -n "com.peirr.test/com.peirr.test.MyActivity" --es name "John" --ei age 30 | |
| #for BroadcastReceiver | |
| adb shell am broadcast -n "com.peirr.test/com.peirr.test.MyReceiver" --es name "John" --ei age 30 |
feix
/ wx_t1t_hack.js
Last active
February 28, 2024 05:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| var CryptoJS = require('crypto-js') | |
| var request = require('request-promise') | |
| /* | |
| * npm install crypto-js request-promise request | |
| * node wx_t1t_hack.js | |
| */ | |
| // export function testEncription(msg, fullKey) { | |
| // var fullKey = fullKey.slice(0, 16) |
NewerOlder