There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
转自——使用root跳过小米USB安装应用确认(续) | LeadroyaL's website
最近又抓来一台小米手机当测试机,部署环境时候发现了新的 usb 相关功能的修改方式。
众所周知,小米手机开启 USB 安装功能,需要插入 SIM 卡登陆、需要登小米账号。我这台手机已root,懒得登陆了,就准备通过修改文件的方式来开启相关功能,还真做到了。 关键词:root,无需 xposed,无需 frida。 测试环境:miui9、miui10、miui11、miui12。
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
| Java.perform(function () { | |
| var act = Java.use("android.app.Activity"); | |
| act.getIntent.overload().implementation = function () { | |
| var intent = this.getIntent() | |
| var cp = intent.getComponent() | |
| console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
| var ext = intent.getExtras(); | |
| if (ext) { | |
| var keys = ext.keySet() | |
| var iterator = keys.iterator() |
| app.alert("XSS") |
| //------------------------------------------------ | |
| //--- 010 Editor v8.0.1 Binary Template | |
| // | |
| // File: Transactional Registry Transaction Logs (.TxR) | |
| // Authors: Willi Ballenthin <[email protected]> | |
| // Version: 0.1 | |
| // Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html | |
| //------------------------------------------------ | |
| LittleEndian(); |
| #!/sbin/sh | |
| # | |
| # Copyright (C) 2018 Unlegacy Android Project | |
| # Copyright (C) 2018 Svyatoslav Ryhel | |
| # Copyright (C) 2019 Nick80835 | |
| # Copyright (C) 2019 z3dd3r | |
| # | |
| # Made for Hammerhead | |
| # |
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
| #Example on how to use adb to start an Activity, | |
| #BroadcastReceiver or Service from adb and include intent extras too. | |
| #for Activity: | |
| adb shell am start -n "com.peirr.test/com.peirr.test.MyActivity" --es name "John" --ei age 30 | |
| #for BroadcastReceiver | |
| adb shell am broadcast -n "com.peirr.test/com.peirr.test.MyReceiver" --es name "John" --ei age 30 |
