ohio813’s gists

ohio813 / nowhal.js

Created January 17, 2020 02:41 — forked from jziggas/nowhal.js

JavaScript to delete all of your Reddit comments

	// Go to https://www.reddit.com/user/<username>/ and paste into your console.
	// Reddit throttles these actions, hence the 1s timer.
	let interval = setInterval(() => {
	let deleteButtons = $('a.togglebutton[data-event-action="delete"]');
	if (deleteButtons.length === 0) {
	clearInterval(interval);
	if ($('.next-button > a')[0]) {
	$('.next-button > a')[0].click();
	alert('Restart script.');
	}

ohio813 / patch.sh

Created January 9, 2020 03:19 — forked from jakeajames/patch.sh

Make h3lix work when installed not-via-Impactor. To be used with the latest h3lix.

	if [ $# != 2 ]; then
	echo "Usage: $0 /path/to/input_ipa /path/to/output_ipa"
	exit 1
	fi

	if ! [ -f $1 ]; then
	echo "'$1' does not exist"
	exit 1
	fi

ohio813 / launch_wsl.py

Created December 7, 2019 05:54 — forked from masthoon/launch_wsl.py

Launch a WSL process from Python (Windows)

	import sys
	import windows
	import windows.winproxy
	import windows.generated_def as gdef

	# List distro: wslconfig /l

	class WSLAPIProxy(windows.winproxy.ApiProxy):
	APIDLL = "wslapi"
	default_error_check = staticmethod(windows.winproxy.no_error_check)

ohio813 / fakewebdav.py

Created December 7, 2019 05:51 — forked from masthoon/fakewebdav.py

Basic WebDAV server

	import os, binascii
	from flask import Flask, Response, abort

	def random_etag():
	return "1000-" + binascii.b2a_hex(os.urandom(6))

	app = Flask(__name__)
	PORT = 80
	DLL_ETAG = random_etag()

ohio813 / lsass.py

Created December 7, 2019 05:50 — forked from masthoon/lsass.py

Add users / groups listing & privileges

	import windows.rpc
	from windows.rpc import ndr
	import windows.generated_def as gdef
	import ctypes


	class PLSAPR_OBJECT_ATTRIBUTES(ndr.NdrStructure):
	MEMBERS = [ndr.NdrLong,
	ndr.NdrUniquePTR(ndr.NdrWString),
	ndr.NdrUniquePTR(ndr.NdrLong), # We dont care of the subtype as we will pass None

ohio813 / encryption_bookmarklet.js

Created October 29, 2019 19:35 — forked from lukestokes/encryption_bookmarklet.js

A JavaScript encryption/decryption bookmarklet based on https://qiita.com/useiichi/items/0786199ee61443df3af5

javascript:w=window.open('','Links','scrollbars,resizable,width=640,height=550');w.document.write('<!DOCTYPE%20html><html><head><meta%20charset="utf-8"/><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/core.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/sha1.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/hmac.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/enc-base64.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/cipher-core.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/aes.js"></script><script%20src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/pbkdf2.js"></script><script%20type="text/javascript">function%20encrypt(){var%20encypt_text=document.getElementById("encypt-text").value;var%20pass=CryptoJS.enc.Utf8.parse(document.getElementById("encrypt-password").value);var%20salt=CryptoJS.lib.

ohio813 / apollo.txt

Created October 28, 2019 01:48 — forked from littlelailo/apollo.txt

Apple Bootrom Bug

	This bug was also called moonshine in the beginning
	Basically the following bug is present in all bootroms I have looked at:
	1. When usb is started to get an image over dfu, dfu registers an interface to handle all the commands and allocates a buffer for input and output
	2. if you send data to dfu the setup packet is handled by the main code which then calls out to the interface code
	3. the interface code verifies that wLength is shorter than the input output buffer length and if that's the case it updates a pointer passed as an argument with a pointer to the input output buffer
	4. it then returns wLength which is the length it wants to recieve into the buffer
	5. the usb main code then updates a global var with the length and gets ready to recieve the data packages
	6. if a data package is recieved it gets written to the input output buffer via the pointer which was passed as an argument and another global variable is used to keep track of how many bytes were recieved already
	7. if all the data was recieved th

ohio813 / akagi_58a.c

Created October 24, 2019 18:33 — forked from hfiref0x/akagi_58a.c

UAC bypass using EditionUpgradeManager COM interface


	typedef interface IEditionUpgradeManager IEditionUpgradeManager;

	typedef struct IEditionUpgradeManagerVtbl {

	BEGIN_INTERFACE

	HRESULT(STDMETHODCALLTYPE *QueryInterface)(
	__RPC__in IEditionUpgradeManager * This,
	__RPC__in REFIID riid,

ohio813 / AES.js

Created October 14, 2019 20:34 — forked from victornpb/AES.js

	/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
	/* AES implementation in JavaScript (c) Chris Veness 2005-2014 / MIT Licence */
	/* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */

	/* jshint node:true // global define */
	'use strict';


	/**
	* AES (Rijndael cipher) encryption routines,

ohio813 / process_image_logging.ps1

Created February 24, 2019 19:07 — forked from mattifestation/process_image_logging.ps1

	# These values were obtained from: logman query providers Microsoft-Windows-Kernel-Process
	$WINEVENT_KEYWORD_PROCESS = 0x10
	$WINEVENT_KEYWORD_IMAGE = 0x40

	# Normally when you enable an analytic log, all keywords are logged which can be veeeeerrrrryy noisy.
	# I'm going to limit collection to only image and process event
	$KernelProcessLog = New-Object -TypeName System.Diagnostics.Eventing.Reader.EventLogConfiguration -ArgumentList 'Microsoft-Windows-Kernel-Process/Analytic'
	$KernelProcessLog.ProviderKeywords = ($WINEVENT_KEYWORD_PROCESS -bor $WINEVENT_KEYWORD_IMAGE)
	$KernelProcessLog.ProviderLevel = 0xFF
	$KernelProcessLog.IsEnabled = $true