From Terminal
# install dependencies
brew install autoconf # required by pecl
brew install libzip
# install zip extenion in your selected MAMP PHP version
ls /Applications/MAMP/bin/php/
Aung Khant yehgdotnet
yehgdotnet
/ install_phpzip.md
Last active
February 7, 2023 13:14
MAMP PRO for Mac OSX - Installing PHP ZIP extension
yehgdotnet
/ gist:020f83a9ac0c1292efdbd39729614383
Created
November 11, 2019 00:34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <</div>script</div>>alert()<</div>/script</div>> | |
| <</p>script</p>>alert()<</p>/script</p>> | |
| <</h1>script</h1>>alert()<</h1>/script</h1>> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2 | |
| #============================================================================================================# | |
| #======= Simply injects a JavaScript Payload into a GIF. ====================================================# | |
| #======= or it creates a JavaScript Payload as a GIF. ====================================================# | |
| #======= The resulting GIF must be a valid (not corrupted) GIF. =============================================# | |
| #======= Author: marcoramilli.blogspot.com ==================================================================# | |
| #======= Version: PoC (don't even think to use it in development env.) ======================================# | |
| #======= Disclaimer: ========================================================================================# | |
| #THIS IS NOT PEP3 FORMATTED | |
| #THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR |
yehgdotnet
/ ghdb.user.js
Last active
April 18, 2020 13:52
TamperMonkey: Log lists of domain in Google search results
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // ==UserScript== | |
| // @name Log lists of domain in Google search results | |
| // @namespace http://tampermonkey.net/ | |
| // @version 0.1 | |
| // @description try to take over the world! | |
| // @author You | |
| // @match https://www.google.com/search?q=* | |
| // @grant none | |
| // ==/UserScript== |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ################################################## ############## | |
| # Bash Web Requester | |
| # by Aung Khant, http://yehg.net | |
| # License: GPL v2 | |
| # | |
| # takes 2 arguments: | |
| # one is a file with a list of URLs (url like http://site.com/test.asp) | |
| # second is file with regexp compatible pattern that checks page content for matched keywords |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://twitter.com/brsn76945860/status/1171233054951501824 | |
| pip install mmh3 | |
| ----------------------------- | |
| # python 2 | |
| import mmh3 | |
| import requests | |
| response = requests.get('https://cybersecurity.wtf/favicon.ico') | |
| favicon = response.content.encode('base64') |
yehgdotnet
/ gist:fef2f953170179a6637d4f02348d023f
Created
April 22, 2020 06:01
Android: secure AppStore Launch (aka protocol takover check)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # any apps that registers market:// could be part of user selection list | |
| # only google play ID is allowed | |
| # need to check for such application existence then launch the intent. | |
| public static void secureAppStoreLaunch(Context context) { | |
| // you can also use BuildConfig.APPLICATION_ID | |
| String appId = context.getPackageName(); | |
| Intent rateIntent = new Intent(Intent.ACTION_VIEW, | |
| Uri.parse("market://details?id=" + appId)); | |
| boolean marketFound = false; |
yehgdotnet
/ gist:c7de1cd93cda93edd6814b59fd90b088
Last active
April 22, 2020 06:05
Hide backgrounding in iOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| While analyzing the source code, look for the fields or screens where sensitive data is involved. Identify if the application sanitize the screen before being backgrounded by using UIImageView. | |
| Possible remediation method that will set a default screenshot: | |
| @property (UIImageView *)backgroundImage; | |
| - (void)applicationDidEnterBackground:(UIApplication *)application { | |
| UIImageView *myBanner = [[UIImageView alloc] initWithImage:@"overlayImage.png"]; | |
| self.backgroundImage = myBanner; | |
| [self.window addSubview:myBanner]; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enable ATS support. Include exception in ATS declaration in the application plist file. | |
| <key>NSAppTransportSecurity</key> | |
| <dict> | |
| <key>NSExceptionDomains</key> | |
| <dict> | |
| <key>exceptionsite.com</key> | |
| <dict> |
yehgdotnet
/ gist:40a640178b1c04eaf8492b95fb90d852
Created
April 22, 2020 06:08
java manual code review - source points
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| \.match|\.contains|\@GetMapping|\@PostMapping|\"matches\"|\@RequestMapping|\@PutMapping|\@DeleteMapping|\@PatchMapping|random|org.springframework.validation|javax.validation|SecretKeyFactory|xmlDecoder|xstream|zip|implements Runnable|implements Threads|new Runnable|new Thread|synchronized|newCachedThreadPool|newFixedThreadPool|utf\-8|403|denied|invalid|illegal|catch \(Exception|System\.loadLibrary|Class\.forName|getRuntime\(\)|AccessController.\doPrivileged|implements Serializable|Object deserialize|deserialize|deserialise|ObjectInputStream|KeyGenerator\.getInstance|printStackTrace|X509TrustManager|SSLContext.getInstance\("SSL"\)|\.hostnameVerifier|new TrustManager|System\.out|System\.err|HttpServletRequest|md5|sha1|password|key|pay|credit|createTempFile|class\.newInstance|.loadClass|.newInstance|objectinputstream.readobject|readObject|Pattern.compile|\.compile|DocumentBuilderFactory|SAXReader |