pich4ya

# @author Pichaya Morimoto ([email protected])
# Exploit for HackTheBox Clicker Machine (https://app.hackthebox.com/machines/564)
import requests
import random
import string
import urllib.parse
from base64 import b64encode,b64decode

requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)
proxies = {'http':'http://127.0.0.1:8080','https':'http://127.0.0.1:8080'}

pich4ya

# @author Pichaya Morimoto ([email protected])
# Compiled list of my common bloodhound-python problems & solutions

Bloodhound-python Error #0
You do not get info like GPO and permission abuse edges.
You need to add option -> -c All,LoggedOn

Bloodhound-python Error #1
    raise NoNameservers(request=self.request, errors=self.errors)
dns.resolver.NoNameservers: All nameservers failed to answer the query _ldap._tcp.pdc._msdcs.DCHOSTNAME. IN SRV: Server 10.3.3.7 TCP port 53 answered SERVFAIL

pich4ya

# A numeric lock has a 3 digit key
# "682" - One number is correct and well placed
# "614" - One number is correct but wrongly placed
# "206" - Two number are correct but wrongly placed
# "738" - Nothing is correct
# "780" - One number is correct but wrongly placed

from z3 import *

# Create three integer variables for the lock digits

pich4ya

# @author Pichaya Morimoto ([email protected])
# I tried all jadx options for debof, but it did not work.
# This script can be used to replace strings.xml values in a target Java file
# if (!Intrinsics.areEqual(param, context.getString(R.string.m1))) {  -> if (!Intrinsics.areEqual(param, "monday")) {
# Prompted and modified with ChatGPT for FlareOn 10's ItsOnFire
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources/com/secure/itsonfire/MessageWorker.java
# Usage: python apk_getString_R_string.py resources/res/values/strings.xml sources
import xml.etree.ElementTree as ET
import re
import sys

pich4ya

#!/usr/bin/env zsh
# @author Pichaya Morimoto ([email protected])
# Ansible's Vultr module is suck. I have built my own.
# Nuke all my Vultr instances
ssh_key=$(cat ~/.ssh/id_ed25519_vultr.pub)
echo $ssh_key

# List Instances
curl "https://api.vultr.com/v2/instances" \
  -X GET \

pich4ya

#!/bin/zsh
# @author Pichaya Morimoto ([email protected])
# https://tryhackme.com/room/lookingglass
# 10.10.169.23

function ssh_connect {
    ssh [email protected] -p $1 2>/dev/null | grep -q 'Higher' && echo "Higher" && exit 0
    echo "Lower"
}

pich4ya

#!/usr/bin/env python
# @author Pichaya Morimoto ([email protected])
# 2023-03-07
# Weed Shop RCE Exploit

import requests

def create_dbfile(filename):
	# Vulnerability 1: IP Spoofing 
	# File: function.php

pich4ya

#!/usr/bin/env python
# @author Pichaya Morimoto ([email protected])
# Ported from https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/chrome_debugger.rb
# pip install requests websocket-client python-socks
# This exploit code can be used to read arbitrary files on the victim machine with
# chrome/chromium --remote-debugging-port=9222, usually runs as a test automation tool in any software testing phase
import requests
import json
import urllib3
import websocket

pich4ya

# @author Pichaya Morimoto ([email protected])
# The note at https://gist.github.com/shqld/256e2c4f4b97957fb0ec250cdc6dc463 is incomplete.

brew uninstall rust 
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
rustup target add x86_64-pc-windows-gnu
rustup target add x86_64-unknown-linux-gnu
rustup target list |grep installed

### Build Windows x86_64

pich4ya

# @author Pichaya Morimoto ([email protected])

Problem:

```bash
brew install proxychains-ng 
proxychains4 ncat 1.2.3.4 # not working
```

There are public workarounds like https://benobi.one/posts/running_brew_on_m1_for_x86/