johnkhbaek
johnkhbaek
/ runbin_debug_bigsur_m1.c
Last active
April 1, 2021 01:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Learning the magic | |
| // matched to work with M1 Rosetta which seems to have multiple macho (not just binary and dyld) | |
| /************************************************************************************* | |
| * Author: Stephanie Archibald <[email protected]> * | |
| * Copyright (c) 2017 Cylance Inc. All rights reserved. * | |
| * * | |
| * Redistribution and use in source and binary forms, with or without modification, * | |
| * are permitted provided that the following conditions are met: * | |
| * * |
johnkhbaek
/ keys.c
Created
May 18, 2021 21:46
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // gcc keys.c | |
| // ./a.out | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <sys/ioctl.h> | |
| int main() { | |
| int fd = open("/dev/tty", O_RDWR); | |
| if (fd < 0) { |
johnkhbaek
/ run_macho_fat_supported.c
Created
June 8, 2021 18:35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ================================================================================ | |
| modified from this: https://github.com/its-a-feature/macos_execute_from_memory (supports only bundle) | |
| code injection : https://github.com/CylanceVulnResearch/osx_runbin by Stephanie Archibald (does not support m1 x64 emulation and FAT header) | |
| added FAT header (universal Macho) parsing | |
| script-kiddied, debugged, etc. by @exploitpreacher | |
| ================================================================================ | |
| */ |
johnkhbaek
/ msbuild_ntqueueapcthread
Last active
October 19, 2021 15:44
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- This inline task executes c# code. --> | |
| <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj --> | |
| <!-- Save This File And Execute The Above Command --> | |
| <!-- Original Author: Casey Smith, Twitter: @subTee --> | |
| <!-- Modified by John Baek, @exploitpreacher to use ntqueueapcthread (https://github.com/FuzzySecurity/Sharp-Suite/tree/master/UrbanBishop) --> | |
| <!-- License: BSD 3-Clause --> | |
| <Target Name="Hello"> | |
| <ClassExample /> | |
| </Target> |
johnkhbaek
/ machoload.c
Last active
October 9, 2024 23:18
Load macho using NSLinkModule with arguments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| ================================================================================ | |
| modified from this: https://github.com/its-a-feature/macos_execute_from_memory (supports only bundle) | |
| code injection : https://github.com/CylanceVulnResearch/osx_runbin by Stephanie Archibald (does not support m1 x64 emulation and FAT header) | |
| added FAT header (universal Macho) parsing | |
| script-kiddied, debugged, etc. by @exploitpreacher | |
| ================================================================================ | |
| */ |