This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* This DLL is designed for use in conjunction with the Ruler tool for | |
* security testing related to the CVE-2024-21378 vulnerability, | |
* specifically targeting MS Outlook. | |
* | |
* It can be used with the following command line syntax: | |
* ruler [auth-params] form add-com [attack-params] --dll ./test.dll | |
* Ruler repository: https://github.com/NetSPI/ruler/tree/com-forms (com-forms branch). | |
* | |
* After being loaded into MS Outlook, it sends the PC's hostname and |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import usb.core | |
import struct | |
from collections import namedtuple | |
APPLE_VID = 0x05ac | |
Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
console.log("[*] SSL Pinning Bypasses"); | |
console.log(`[*] Your frida version: ${Frida.version}`); | |
console.log(`[*] Your script runtime: ${Script.runtime}`); | |
/** | |
* by incogbyte | |
* Common functions | |
* thx apkunpacker, NVISOsecurity, TheDauntless | |
* Remember that sslpinning can be custom, and sometimes u need to reversing using ghidra,IDA or something like that. | |
* !!! THIS SCRIPT IS NOT A SILVER BULLET !! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-RdpLogonEvent | |
{ | |
[CmdletBinding()] | |
param( | |
[Int32] $Last = 10 | |
) | |
$RdpInteractiveLogons = Get-WinEvent -FilterHashtable @{ | |
LogName='Security' | |
ProviderName='Microsoft-Windows-Security-Auditing' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
""" | |
summary: drawing custom graphs | |
description: | |
Showing custom graphs, using `ida_graph.GraphViewer`. In addition, | |
show how to write actions that can be performed on those. | |
keywords: graph, actions | |
""" | |
from __future__ import print_function | |
# ----------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System.Linq; | |
using System.Reflection; | |
namespace HashInvoke; | |
public class HInvoke | |
{ | |
public static T InvokeMethod<T>(uint classID, uint methodID, object[]? args = null) | |
{ | |
// Get the System assembly and go trough all its types hash their name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Exploit Title: Oracle WebLogic Server 12.1.3.0.0 / 12.2.1.3.0 / 12.2.1.4.0 / 14.1.1.0.0 Local File Inclusion | |
# Date: 25/1/2022 | |
# Exploit Author: Jonah Tan (@picar0jsu) | |
# Vendor Homepage: https://www.oracle.com | |
# Software Link: https://www.oracle.com/middleware/technologies/weblogic-server-installers-downloads.html | |
# Version: 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 | |
# Tested on: Windows Server 2019, WebLogic 12.2.1.3.0, Peoplesoft 8.57.22 | |
# CVE : CVE-2022-21371 | |
# Description |
以下分析基于 Magisk 76ddfeb93a8b3612cd68988323f422e996751e16
由于 Magisk 更新太快了,决定弃坑,自己去看源码罢!
Zygisk 加载是通过替换 app_process ,修改 LD_PRELOAD ,再执行原 app_process 实现的。
The challenge was to achieve RCE with this file:
<?php ($_GET['action'] ?? 'read' ) === 'read' ? readfile($_GET['file'] ?? 'index.php') : include_once($_GET['file'] ?? 'index.php');
Some additional hardening was applied to the php installation to make sure that previously known solutions wouldn't work (for further information read this writeup from the challenge author).
I didn't solve the challenge during the competition - here is a writeup from someone who did - but since the idea I had differed from the techniques used in the published writeups I read (and I thought it was cool :D), here is my approach.
NewerOlder