There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
leesh3288
/ vm2_3.9.16_sandbox_escape.md
Last active
March 18, 2025 19:33
Sandbox Escape in vm2@3.9.16
转自——使用root跳过小米USB安装应用确认(续) | LeadroyaL's website
最近又抓来一台小米手机当测试机,部署环境时候发现了新的 usb 相关功能的修改方式。
众所周知,小米手机开启 USB 安装功能,需要插入 SIM 卡登陆、需要登小米账号。我这台手机已root,懒得登陆了,就准备通过修改文件的方式来开启相关功能,还真做到了。 关键词:root,无需 xposed,无需 frida。 测试环境:miui9、miui10、miui11、miui12。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <stdio.h> | |
| #include <pthread/pthread.h> | |
| #include <mach/mach.h> | |
| struct ool_msg { | |
| mach_msg_header_t hdr; | |
| mach_msg_body_t body; | |
| mach_msg_ool_ports_descriptor_t ool_ports[]; | |
| }; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Java.perform(function () { | |
| var act = Java.use("android.app.Activity"); | |
| act.getIntent.overload().implementation = function () { | |
| var intent = this.getIntent() | |
| var cp = intent.getComponent() | |
| console.log("Starting " + cp.getPackageName() + "/" + cp.getClassName()) | |
| var ext = intent.getExtras(); | |
| if (ext) { | |
| var keys = ext.keySet() | |
| var iterator = keys.iterator() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| app.alert("XSS") |
williballenthin
/ TxR.bt
Created
November 22, 2019 20:49
010 Editor template for parsing Windows Registry TxR (.regtrans-ms) files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //------------------------------------------------ | |
| //--- 010 Editor v8.0.1 Binary Template | |
| // | |
| // File: Transactional Registry Transaction Logs (.TxR) | |
| // Authors: Willi Ballenthin <william.ballenthin@fireeye.com> | |
| // Version: 0.1 | |
| // Reference: https://www.fireeye.com/blog/threat-research/2019/01/digging-up-the-past-windows-registry-forensics-revisited.html | |
| //------------------------------------------------ | |
| LittleEndian(); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/sbin/sh | |
| # | |
| # Copyright (C) 2018 Unlegacy Android Project | |
| # Copyright (C) 2018 Svyatoslav Ryhel | |
| # Copyright (C) 2019 Nick80835 | |
| # Copyright (C) 2019 z3dd3r | |
| # | |
| # Made for Hammerhead | |
| # |
pe3zx
/ disable_windows_defender.bat
Last active
December 25, 2023 10:27
Disable Windows Defender on Windows 10 1903
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| rem USE AT OWN RISK AS IS WITHOUT WARRANTY OF ANY KIND !!!!! | |
| rem https://technet.microsoft.com/en-us/itpro/powershell/windows/defender/set-mppreference | |
| rem To also disable Windows Defender Security Center include this | |
| rem reg add "HKLM\System\CurrentControlSet\Services\SecurityHealthService" /v "Start" /t REG_DWORD /d "4" /f | |
| rem 1 - Disable Real-time protection | |
| reg delete "HKLM\Software\Policies\Microsoft\Windows Defender" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v "DisableAntiVirus" /t REG_DWORD /d "1" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine" /v "MpEnablePus" /t REG_DWORD /d "0" /f | |
| reg add "HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableBehaviorMonitoring" /t REG_DWORD /d "1" /f |
burinov
/ 1commands.sh
Last active
July 24, 2025 14:18
— forked from ckurtm/AndroidManifest.xml
Example on how to use adb to start an Activity,BroadcastReceiver or Service from adb and include intent extras too.for Activity: adb shell am start -n "com.peirr.test/com.peirr.test.MyActivity" --es name "John" --ei age 30for BroadcastReceiver adb shell am broadcast -n "com.peirr.test/com.peirr.test.MyReceiver" --es name "John" --ei age 30for Se…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Example on how to use adb to start an Activity, | |
| #BroadcastReceiver or Service from adb and include intent extras too. | |
| #for Activity: | |
| adb shell am start -n "com.peirr.test/com.peirr.test.MyActivity" --es name "John" --ei age 30 | |
| #for BroadcastReceiver | |
| adb shell am broadcast -n "com.peirr.test/com.peirr.test.MyReceiver" --es name "John" --ei age 30 |
NewerOlder