Skip to content

Instantly share code, notes, and snippets.


Aung Khant yehgdotnet

View GitHub Profile
jtuberville /
Created May 11, 2012
How to urlencode using HttpClient
public static String sendViaHttpClient(String userName, String apiKey, String from, String fromName, String subject, String body, String to) {
NameValuePair[] data = {
new BasicNameValuePair("userName", userName),
new BasicNameValuePair("api_key", apiKey),
new BasicNameValuePair("from", from),
new BasicNameValuePair("from_name", fromName),
new BasicNameValuePair("subject", subject),
new BasicNameValuePair("body_html", body),
new BasicNameValuePair("to", to)
jjfiv /
Created Feb 27, 2015
JSON escaping and unescaping that really works, no dependencies.
// BSD License (
package org.lemurproject.galago.utility.json;
public class JSONUtil {
public static String escape(String input) {
StringBuilder output = new StringBuilder();
for(int i=0; i<input.length(); i++) {
char ch = input.charAt(i);
int chx = (int) ch;
joswr1ght / iosdebugdetect.cpp
Created Dec 29, 2014
Sample code to use ptrace() through dlsym on iOS to terminate when a debugger is attached. NOT FOOLPROOF, but it bypasses Rasticrac decryption.
View iosdebugdetect.cpp
// Build on OS X with:
// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/ -miphoneos-version-min=7
#import <dlfcn.h>
#import <sys/types.h>
#import <stdio.h>
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
void disable_dbg() {
ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
Graph-X /
Last active Oct 1, 2019
PoC for hiding things in the registry. My testing hasn't returned any errors when viewing in regedit
from Microsoft.Win32 import Registry
from time import sleep
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
rkey.SetValue(u'\x00 this is a test',u'\x00look at me!')
rkey = Registry.CurrentUser.CreateSubKey("SOFTWARE\\aatest")
values = rkey.GetValueNames()
print("We have {0} values.".format(str(len(values))))
print("The value names returned are: {0}.".format(values[0]))
value = rkey.GetValue(u'\x00 this is a test')
# Author: b0yd @rwincey
# Website:
# Setup:
# -------------------------------------------------
# pip install selenium
# wget
# google-chrome-stable --version
# Vist to identity the right version
# wget
mattifestation / RunscripthelperBypass.ps1
Created Oct 29, 2017
PowerShell weaponization for the runscripthelper.exe constrained language mode bypass
View RunscripthelperBypass.ps1
function Invoke-RunScriptHelperExpression {
Executes PowerShell code in full language mode in the context of runscripthelper.exe.
Invoke-RunScriptHelperExpression executes PowerShell code in the context of runscripthelper.exe - a Windows-signed PowerShell host application which appears to be used for telemetry collection purposes. The PowerShell code supplied will run in FullLanguage mode and bypass constrained language mode.
mritunjay-k /
Last active Nov 24, 2019
Provide it a list of domains and it will show you which of them is 200 OK or 404 NOT FOUND (extremly helpful for web application bug hunting)
#!/usr/bin/env python
import requests
read_file = open(input("Enter path of the file containing subdomains: "),'r')
for host in read_file:
domain = host.rstrip("\n")
oleavr / trust-manager.js
Created Jun 8, 2017
How to implement an X509TrustManager using Frida
View trust-manager.js
'use strict';
var TrustManager;
var manager;
Java.perform(function () {
var X509TrustManager = Java.use('');
TrustManager = Java.registerClass({
name: 'com.example.TrustManager',
frohoff /
Last active Jul 6, 2020
Java 7u21 Security Advisory

Security Advisory – Java SE

Chris Frohoff – Qualcomm Information Security and Risk Management


  • Affected Product(s): Java SE 6, Java SE 7
  • Fixed in: Java SE 7u25 (2013-06-18), Java SE 8 (2014-03-18)
  • Vendor Contact:
  • Vulnerability Type: Unsafe Object Deserialization
limitedmage / cracker.js
Created Nov 28, 2010
MD5 Cracker in JavaScript (free under )
View cracker.js
// Global variables
var word, count, time, status; // search status
var running; // should status be updated?
var showPause, showResume, showStop; // to show or hide buttons
var worker; // main WebWorker
$(document).ready(function () {
// Update DOM every 500 ms
setInterval("updateDom()", 500);