| // Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c |
Not long ago I tweeted about some PayPal phishing mails I got, which appeared to use hacked websites for their cause, and of which all traces were gone 24h after my initial recon.
Well, I got another such mail:
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from linuxhosting09.rediff.com (host152-150.mxout.rediffmailpro.com [119.252.152.150])
| // This is a patch for the macOS version of Graveyard Keeper (might work for arbitrary apps, but zero guarantees). | |
| // The game completely fails to support fullscreen, yet runs beautifully with it if you force it to. | |
| // So this patch simply brings back the functionality of the little green button in the window's upper left corner. | |
| // I have sadly not found a way to automatically inject this by means of a Steam interface - if you do, please let me know! | |
| // For the rest, you should probably be an advanced user to use this. No support or warranty. | |
| // Compile and inject with: | |
| // clang -shared -o FullScreen.dylib FullScreen.m -Wall -O3 -framework AppKit | |
| // DYLD_INSERT_LIBRARIES=/path/to/FullScreen.dylib /path/to/Graveyard\ Keeper |
| // Bugs by NSO Group / Ian Beer. | |
| // Exploit by Siguza & tihmstar. | |
| // Thanks also to Max Bazaliy. | |
| #include <stdint.h> // uint32_t, uint64_t | |
| #include <stdio.h> // fprintf, stderr | |
| #include <string.h> // memcpy, memset, strncmp | |
| #include <unistd.h> // getpid | |
| #include <mach/mach.h> | |
| #include <stdlib.h> |
| #!/bin/zsh | |
| set -e; | |
| set -m; | |
| num_workers=64; | |
| incr=false; | |
| if [ "$1" = '-i' ]; then | |
| incr=true; |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <sys/mman.h> | |
| #include <sys/stat.h> | |
| #include <mach-o/loader.h> | |
| #include <mach-o/nlist.h> | |
| int main(int argc, const char **argv) | |
| { | |
| if(argc != 2) |
| Title : Revisiting Mac OS X Kernel Rootkits | |
| Author : fG! | |
| Date : April 18, 2014 | |
| |=----------------------------------------------------------------------------=| | |
| |=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
| |=----------------------------------------------------------------------------=| | |
| |=------------------------=[ fG! <[email protected]> ]=---------------------------=| | |
| |=----------------------------------------------------------------------------=| |
| Title : Revisiting Mac OS X Kernel Rootkits | |
| Author : fG! | |
| Date : April 18, 2014 | |
| |=----------------------------------------------------------------------------=| | |
| |=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
| |=----------------------------------------------------------------------------=| | |
| |=------------------------=[ fG! <[email protected]> ]=---------------------------=| | |
| |=----------------------------------------------------------------------------=| |
| #include <IOKit/IOKitLib.h> | |
| #include <mach/mach.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
| # CVE-2020-10148 (local file disclosure PoC for SolarWinds Orion aka door to SuperNova ? ) | |
| # @0xSha | |
| # (C) 2020 0xSha.io | |
| # Advisory : https://www.solarwinds.com/securityadvisory | |
| # Mitigation : https://downloads.solarwinds.com/solarwinds/Support/SupernovaMitigation.zip | |
| # Details : https://kb.cert.org/vuls/id/843464 | |
| # C:\inetpub\SolarWinds\bin\OrionWeb.DLL | |
| # According to SolarWinds.Orion.Web.HttpModules |