Jann thejh
thejh
/ gist:11b5fc8a7db44ed66716
Created
March 25, 2015 01:50
Android Security issue [#1086869776] Browser doesn't properly delimit protocol and domain in the "password" table, reported 02.08.12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| EDIT: changed the domain names for public disclosure | |
| Have a look at /data/data/com.android.browser/databases/webview.db, table "password". | |
| columns: _id, host, username, password | |
| "host" contains protocol and hostname concatenated without any delimiter. What this means: | |
| - login to https://example.org/ with valid username and password | |
| - go to http://sexample.org/ |
thejh
/ gist:0cc96201155470714279
Created
March 25, 2015 01:48
Android Security issues #1069937150, reported 10.07.12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Content-Type: multipart/mixed; boundary="LpQ9ahxlCli8rRTG" | |
| Content-Disposition: inline | |
| --LpQ9ahxlCli8rRTG | |
| Content-Type: text/plain; charset=us-ascii | |
| Content-Disposition: inline | |
| Hello, | |
| two more pretty interesting issues (verified both on my phone): |
thejh
/ seccomp_compat_regs.c
Created
March 16, 2015 17:56
Demo: seccomp preserves high bits of i386 syscall arguments on 64bit kernels
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <sys/syscall.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> |
thejh
/ seccomp_x32_bypass.c
Created
March 16, 2015 17:25
PoC for bypassing sloppy seccomp blacklists on X86-64 using X32 syscalls
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <sys/syscall.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> |
thejh
/ seccomp_ptrace_escape.c
Last active
September 2, 2024 05:46
PoC for bypassing seccomp if ptrace is allowed (known, documented issue, even mentioned in the manpage)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <assert.h> | |
| #include <signal.h> | |
| #include <errno.h> | |
| #include <fcntl.h> | |
| #include <stddef.h> | |
| #include <sys/syscall.h> | |
| #include <sys/types.h> | |
| #include <sys/stat.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Mar 11 17:51:00 pc systemd-modules-load[307]: Failed to find module 'lp' | |
| Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'ppdev' is builtin | |
| Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'parport_pc' is builtin | |
| Mar 11 17:51:00 pc systemd-modules-load[307]: Module 'fuse' is builtin | |
| Mar 11 17:51:00 pc systemd[1]: systemd-modules-load.service: main process exited, code=exited, status=1/FAILURE | |
| Mar 11 17:51:00 pc systemd[1]: Failed to start Load Kernel Modules. | |
| Mar 11 17:51:00 pc systemd[1]: Dependency failed for netfilter persistent configuration. | |
| Mar 11 17:51:00 pc systemd[1]: Unit systemd-modules-load.service entered failed state. |
thejh
/ gist:0cf5af6151518d0fc6d8
Created
March 12, 2015 14:55
couchdb localhost latency issue (tested with 1.6.0)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ab -k -n 1000 -A XXX:XXX http://127.0.0.1:5984/jann_mail/8de31498bb790a5e6979f4b16f322481 | |
| This is ApacheBench, Version 2.3 <$Revision: 1604373 $> | |
| Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ | |
| Licensed to The Apache Software Foundation, http://www.apache.org/ | |
| Benchmarking 127.0.0.1 (be patient) | |
| Completed 100 requests | |
| Completed 200 requests | |
| Completed 300 requests | |
| Completed 400 requests |
thejh
/ canttermme.c
Created
March 11, 2015 19:55
PoC for blocking signals under SECCOMP_MODE_STRICT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <sys/prctl.h> | |
| #include <linux/seccomp.h> | |
| #include <stdint.h> | |
| #include <stddef.h> | |
| #define __u16 uint16_t | |
| #define __u32 uint32_t | |
| #define __u64 uint64_t |
thejh
/ gist:effb87638bddae9c7541
Created
February 27, 2015 18:36
scenes from android boot (5.0.555 AOSP build)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 13328 18:23:41.051041 clock_gettime(CLOCK_MONOTONIC, {1794, 795397756}) = 0 <0.000092> | |
| 13328 18:23:41.051377 clock_gettime(CLOCK_MONOTONIC, {1794, 795733449}) = 0 <0.000092> | |
| 13328 18:23:41.138657 clock_gettime(CLOCK_MONOTONIC, {1794, 883013723}) = 0 <0.000092> | |
| 13328 18:23:41.138932 clock_gettime(CLOCK_MONOTONIC, {1794, 883288381}) = 0 <0.000061> | |
| 13328 18:23:41.139176 clock_gettime(CLOCK_MONOTONIC, {1794, 883532522}) = 0 <0.000061> | |
| 13328 18:23:41.139451 clock_gettime(CLOCK_MONOTONIC, {1794, 883776662}) = 0 <0.000061> | |
| 13328 18:23:41.139756 clock_gettime(CLOCK_MONOTONIC, {1794, 884112356}) = 0 <0.000061> | |
| 13328 18:23:41.140122 clock_gettime(CLOCK_MONOTONIC, {1794, 884448049}) = 0 <0.000061> | |
| 13328 18:23:41.140366 clock_gettime(CLOCK_MONOTONIC, {1794, 884692190}) = 0 <0.000061> | |
| 13328 18:23:41.140641 clock_gettime(CLOCK_MONOTONIC, {1794, 884966848}) = 0 <0.000061> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| while true; do | |
| errorstr="$(ping -c1 -n -w1 8.8.8.8 2>&1 | grep '100% packet loss')" | |
| if [ "$errorstr" != '' ]; then | |
| echo -n 'reconnecting... ' | |
| ./uni_reauth.sh | |
| else | |
| echo 'still ok' | |
| fi | |
| sleep 1 |