- Use the modified Magisk module to install the certificate in both the user and the system store.
git clone https://github.com/Magisk-Modules-Repo/movecert.git- Apply
cppatch - Magisk-Modules-Repo/movecert#16
Frank Spierings FrankSpierings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function demangle(mangledName, options = {}) { | |
| const { nameOnly = false } = options; | |
| let index = 0; | |
| function parseNumber() { | |
| let num = ''; | |
| while (index < mangledName.length && /\d/.test(mangledName[index])) { | |
| num += mangledName[index++]; | |
| } | |
| return parseInt(num, 10); |
FrankSpierings
/ aesinfo-mod.js
Created
July 24, 2024 14:23
Modded version of the Frida script from dzonerzy/aesinfo
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Thanks @dzonerzy/aesinfo | |
| Java.perform(function() { | |
| var use_single_byte = false; | |
| var complete_bytes = new Array(); | |
| var index = 0; | |
| var secretKeySpecDef = Java.use('javax.crypto.spec.SecretKeySpec'); |
FrankSpierings
/ frida-redirect-txt-all.ini.js
Last active
July 12, 2024 13:20
Frida sample that applies structs and intercepts calls to NtCreateFile and changes all .txt to c:/windows/win.ini
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fieldTypes = { | |
| int8: { size: 1, read: 'readS8', write: 'writeS8', align: 1 }, | |
| uint8: { size: 1, read: 'readU8', write: 'writeU8', align: 1 }, | |
| int16: { size: 2, read: 'readS16', write: 'writeS16', align: 2 }, | |
| uint16: { size: 2, read: 'readU16', write: 'writeU16', align: 2 }, | |
| int32: { size: 4, read: 'readS32', write: 'writeS32', align: 4 }, | |
| uint32: { size: 4, read: 'readU32', write: 'writeU32', align: 4 }, | |
| int64: { size: 8, read: 'readS64', write: 'writeS64', align: 8 }, | |
| uint64: { size: 8, read: 'readU64', write: 'writeU64', align: 8 }, | |
| float: { size: 4, read: 'readFloat', write: 'writeFloat', align: 4 }, |
FrankSpierings
/ pretty_print_ntlm_impacket.py
Created
February 12, 2024 06:54
Impacket - Print NTLM packets in JSON format for further analysis
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import datetime | |
| import json | |
| from impacket.structure import Structure | |
| from enum import Flag, Enum | |
| class NegotiateFlags(Flag): | |
| NTLMSSP_NEGOTIATE_56 = 0x80000000 | |
| NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000 | |
| NTLMSSP_NEGOTIATE_128 = 0x20000000 |
FrankSpierings
/ mitmproxy-http-ntlm.py
Created
February 4, 2024 08:28
Mitmproxy script to authenticate NTLM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from mitmproxy import http, ctx | |
| from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
| import requests | |
| import logging | |
| import base64 | |
| username = "username" | |
| password = "password" | |
| domain = '' |
FrankSpierings
/ http-ntlm.py
Created
February 4, 2024 06:36
Request website using NTLM (can do pass-the-hash if you change getNTLMSSPType3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from impacket.ntlm import getNTLMSSPType1, getNTLMSSPType3 | |
| import requests | |
| import base64 | |
| # Replace these values with your IIS server details | |
| target_url = "http://localhost" | |
| username = "username" | |
| password = "password" | |
| domain = '' |
FrankSpierings
/ deploy-applocker.ps1
Last active
November 9, 2023 13:05
AppLocker On Windows 10 Pro
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Requires system privileges! | |
| # Thank you: https://github.com/sandytsang/MSIntune/blob/master/Intune-PowerShell/AppLocker/Delete-AppLockerEXE.ps1 | |
| $path = "<PATH TO APPLOCKER XML'S>" | |
| $xmls = (ls -filter '*.xml' $path |% {$_.FullName}) | |
| $Appx, $Dll, $Exe, $Msi, $Script = $null | |
| $xmls |% { |
FrankSpierings
/ client-desync-error-path.bcheck
Created
July 3, 2023 12:10
Tests for Client-Side Desync vulnerabilities on specifically erroneous paths
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| metadata: | |
| language: v1-beta | |
| name: "Potential Client-Side Desync on erroneous path" | |
| description: "Tests for Client-Side Desync vulnerabilities on specifically erroneous paths" | |
| author: "Frank Spierings" | |
| run for each: | |
| potential_path = | |
| "/..%2f", | |
| "/%2e%2e", |
FrankSpierings
/ BurpCAMagiskRooted.md
Created
July 25, 2022 10:08
Install Burp CA Certificate on Magisk Rooted Device
FrankSpierings
/ lab-request-smuggling-h2-request-splitting-via-crlf-injection-solution.py
Created
July 21, 2022 07:22
Python3 solution to Portswigger's Lab; HTTP/2 request splitting via CRLF injection
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Thanks to h2 for the example code and thanks to Portswigger for the awesome free labs! | |
| # - https://python-hyper.org/projects/h2/en/stable/plain-sockets-example.html | |
| # - https://portswigger.net/web-security/request-smuggling/advanced/lab-request-smuggling-h2-request-splitting-via-crlf-injection | |
| # | |
| import socket | |
| import ssl | |
| import h2.connection | |
| import h2.events |