vavkamil

# https://securitychops.com/2019/08/31/dev/random/one-liner-to-install-burp-cacert-into-android.html
#
curl --proxy http://127.0.0.1:8080 -o cacert.der http://burp/cert  \
&& openssl x509 -inform DER -in cacert.der -out cacert.pem \
&& cp cacert.der $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 \
&& adb root \
&& adb remount \
&& adb push $(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /sdcard/ \
&& echo -n "mv /sdcard/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0 /system/etc/security/cacerts/" | adb shell \
&& echo -n "chmod 644 /system/etc/security/cacerts/$(openssl x509 -inform PEM -subject_hash_old -in cacert.pem |head -1).0" | adb shell \

vavkamil

addEventListener("fetch", event => {
  event.respondWith(handleRequest(event.request))
})

////////////////////////////////////////////////////////////////////////////////////////////////////
// ! DON'T LEAK THE SECRETS !
// Use Workers KV if you can https://developers.cloudflare.com/workers/reference/storage/

const telegram_token = "*****REDACTED*****";
const telegram_url = "https://api.telegram.org/bot" + telegram_token + "/sendMessage";

vavkamil

Keybase proof

I hereby claim:

• I am vavkamil on github.
• I am kamil_kiwi (https://keybase.io/kamil_kiwi) on keybase.
• I have a public key ASDQMrxWDIIThXhqFK9NJhP6hZTdrO5MjI7M_T4bBsTbsAo

To claim this, I am signing this object:

vavkamil

$ apt-get update && apt-get upgrade --assume-yes
$
$ pip3 install frida-tools
$ pip3 install objection
$
$ sudo apt-get install android-tools-adb android-tools-fastboot
$
$ wget wget https://github.com/frida/frida/releases/download/12.7.0/frida-server-12.7.0-android-arm64.xz
$ unxz frida-server-12.7.0-android-arm64.xz

vavkamil

<?php
ob_start();
ini_set('display_errors',0);
$ipa = $_SERVER['HTTP_CLIENT_IP']? $_SERVER['HTTP_CLIENT_IP'] : ($_SERVER['HTTP_X_FORWARDE‌​D_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'] );
$useragent = $_SERVER['HTTP_USER_AGENT'];

if(isset($_POST['gotcha'])){
     blockBot($ipa);
}

vavkamil

#!/usr/bin/env python

import argparse
import urllib.request
import concurrent.futures
from datetime import datetime, timedelta
import sys

domains = ["vavkamil.cz"]

vavkamil

<html>
<head>
<title>Hue Bridge CORS PoC</title>
<script>
            var xhr = new XMLHttpRequest();

            xhr.open("GET", "https://discovery.meethue.com/")
            xhr.send();
            xhr.onreadystatechange = function(e) {
                var hue_ip;

vavkamil

<html>
<head>
<title></title>
</head>
<body>
<h1>Strong TV DoS exploit</h1>
<h2>Proof of Concept</h2>
<label for="internal_ip">Any internal IP:</label>
<input type="text" name="internal_ip" id="internal_ip" autocomplete="off" onchange="get_tv_ip()">
<br><br>

vavkamil

import requests

from urllib3.exceptions import InsecureRequestWarning

import random

import string

import sys

vavkamil

<?php

/**
 * Plugin Name:       covid19-plugin-wp
 * Plugin URI:        https://wordpress.org/plugins/covid19-plugin-wp
 * Description:       This plugin adds a custom widget to display Covid19 statistics for a selected country.
 * Version:           1.0.1
 * Author:            @vavkamil
 * Author URI:        https://vavkamil.cz
 * License:           GPL v2 or later