Frank Spierings FrankSpierings
FrankSpierings
/ find-appids-ios.sh
Created
July 30, 2024 06:56
Shell script to find names and identifiers on a rooted IOS phone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| for app in /var/containers/Bundle/Application/*; do | |
| guid=$(basename "$app") | |
| name=$(plutil $app/*.app/Info.plist | grep CFBundleIdentifier) | |
| echo "$name => $guid" | |
| done |
FrankSpierings
/ Android.MASTG-TEST-0006.frida.js
Created
July 29, 2024 09:34
Android - MASTG-TEST-0006 - Frida help script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function() { | |
| var TextView = Java.use("android.widget.TextView"); | |
| // Constants for InputType flags | |
| var TYPE_CLASS_TEXT = 0x00000001; | |
| var TYPE_CLASS_NUMBER = 0x00000002; | |
| var TYPE_CLASS_PHONE = 0x00000003; | |
| var TYPE_CLASS_DATETIME = 0x00000004; | |
| var TYPE_TEXT_VARIATION_PASSWORD = 0x00000080; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function demangle(mangledName, options = {}) { | |
| const { nameOnly = false } = options; | |
| let index = 0; | |
| function parseNumber() { | |
| let num = ''; | |
| while (index < mangledName.length && /\d/.test(mangledName[index])) { | |
| num += mangledName[index++]; | |
| } | |
| return parseInt(num, 10); |
FrankSpierings
/ aesinfo-mod.js
Created
July 24, 2024 14:23
Modded version of the Frida script from dzonerzy/aesinfo
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Thanks @dzonerzy/aesinfo | |
| Java.perform(function() { | |
| var use_single_byte = false; | |
| var complete_bytes = new Array(); | |
| var index = 0; | |
| var secretKeySpecDef = Java.use('javax.crypto.spec.SecretKeySpec'); |
FrankSpierings
/ frida-redirect-txt-all.ini.js
Last active
July 12, 2024 13:20
Frida sample that applies structs and intercepts calls to NtCreateFile and changes all .txt to c:/windows/win.ini
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fieldTypes = { | |
| int8: { size: 1, read: 'readS8', write: 'writeS8', align: 1 }, | |
| uint8: { size: 1, read: 'readU8', write: 'writeU8', align: 1 }, | |
| int16: { size: 2, read: 'readS16', write: 'writeS16', align: 2 }, | |
| uint16: { size: 2, read: 'readU16', write: 'writeU16', align: 2 }, | |
| int32: { size: 4, read: 'readS32', write: 'writeS32', align: 4 }, | |
| uint32: { size: 4, read: 'readU32', write: 'writeU32', align: 4 }, | |
| int64: { size: 8, read: 'readS64', write: 'writeS64', align: 8 }, | |
| uint64: { size: 8, read: 'readU64', write: 'writeU64', align: 8 }, | |
| float: { size: 4, read: 'readFloat', write: 'writeFloat', align: 4 }, |
FrankSpierings
/ pretty_print_ntlm_impacket.py
Created
February 12, 2024 06:54
Impacket - Print NTLM packets in JSON format for further analysis
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| import json | |
| from impacket.structure import Structure | |
| from enum import Flag, Enum | |
| class NegotiateFlags(Flag): | |
| NTLMSSP_NEGOTIATE_56 = 0x80000000 | |
| NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000 | |
| NTLMSSP_NEGOTIATE_128 = 0x20000000 |
FrankSpierings
/ mitmproxy-http-ntlm.py
Created
February 4, 2024 08:28
Mitmproxy script to authenticate NTLM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from mitmproxy import http, ctx | |
| from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
| import requests | |
| import logging | |
| import base64 | |
| username = "username" | |
| password = "password" | |
| domain = '' |
FrankSpierings
/ http-ntlm.py
Created
February 4, 2024 06:36
Request website using NTLM (can do pass-the-hash if you change getNTLMSSPType3)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
| import requests | |
| import base64 | |
| # Replace these values with your IIS server details | |
| target_url = "http://localhost" | |
| username = "username" | |
| password = "password" | |
| domain = '' |
FrankSpierings
/ deploy-applocker.ps1
Last active
November 9, 2023 13:05
AppLocker On Windows 10 Pro
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires system privileges! | |
| # Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1 | |
| $path = "<PATH TO APPLOCKER XML'S>" | |
| $xmls = (ls -filter '*.xml' $path |% {$_.FullName}) | |
| $Appx, $Dll, $Exe, $Msi, $Script = $null | |
| $xmls |% { |
FrankSpierings
/ client-desync-error-path.bcheck
Created
July 3, 2023 12:10
Tests for Client-Side Desync vulnerabilities on specifically erroneous paths
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v1-beta | |
| name: "Potential Client-Side Desync on erroneous path" | |
| description: "Tests for Client-Side Desync vulnerabilities on specifically erroneous paths" | |
| author: "Frank Spierings" | |
| run for each: | |
| potential_path = | |
| "/..%2f", | |
| "/%2e%2e", |