Tony36 Tony3-sec
Tony3-sec
/ urldecode_utf-8.py
Last active
January 25, 2018 12:24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import urllib | |
| import sys | |
| import argparse | |
| import os | |
| ''' | |
| This script may (not) decode URL encodings with Unicode chars. | |
| Ensure to set your editor / terminal's char encoding setting to UTF-8 |
Tony3-sec
/ parentheses_stripper.py
Created
April 6, 2017 15:41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| ## Remove parentheses and space from filename in current directory | |
| import os | |
| import re | |
| print('Removing parentheses and space from filename.....') | |
| files = os.listdir('.') |
Tony3-sec
/ Manually insert RIGHT-TO-LEFT OVERRIDE character into the filename
Last active
July 10, 2021 09:42
Manually insert RIGHT-TO-LEFT OVERRIDE character into the filename
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://www.charbase.com/202e-unicode-right-to-left-override | |
| When a RIGHT-TO-LEFT OVERRIDE character is inserted into the filename, the characters that follow are displayed in reverse order. | |
| When named properly, an .exe file can appear to be a .pdf file (e.g. evil[RTL Unicode]fdp.exe will appear as evilexe.pdf). | |
| This does not affect the file's execution. | |
| ## By Python | |
| >>> f = open('evil\xE2\x80\xAEfdp.exe', 'w') | |
| >>> f.close() |
Tony3-sec
/ Hex format
Created
March 15, 2017 16:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ echo $((0x22c)) | |
| 556 | |
| $ sh hexToDecimal.sh 022c | |
| 556 | |
| 0x22c == 022c | |
| $ echo $((0x128)) | |
| 296 | |
| $ sh hexToDecimal.sh 0128 |
Tony3-sec
/ How to XOR hexadcimals
Last active
July 27, 2017 15:36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> ord('c') ^ 0x52 | |
| 49 | |
| >>> 99 ^ 0x52 | |
| 49 | |
| >>> 99 ^ int('0x' + '52', 16) | |
| 49 | |
| >>> ord('\x14') ^ 0x52 | |
| 70 | |
| >>> hex(0x12 ^ 0x50) | |
| '0x42' |
Tony3-sec
/ bulk_curl.sh
Created
March 1, 2017 14:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## Script to bulk download the file from URL. | |
| ## If filename duplicates, append a counter to the filename. | |
| if [ $# -ne 1 ]; then | |
| echo "Usage: $0 [Needs file as arg]" | |
| exit 1 | |
| fi |
Tony3-sec
/ Manually extract files from SMB pcap
Last active
December 20, 2019 19:01
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## If the wireshark "Export Objects" does not work well, you can still extract the files manually. | |
| ## If the file data is present in SMB "Write" packet... | |
| 1. Choose the "Write Request" packet which contains the file data you're interested | |
| 2. Open the "Data" section and highlight "Data:" and right click on it | |
| 3. You can either... | |
| A. Choose "Copy" > "as a Hex Stream" and paste the data in note pad. | |
| B. Choose "Export Packet Bytes" and save each data as file. | |
| NOTE: Order of the packet is very important! Pay attention to the data offset value. Make sure to get the data in right order! |
Tony3-sec
/ change_ext.py
Created
January 18, 2017 14:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import glob | |
| org_ext = '.flow' | |
| new_ext = '.pcap' | |
| print('changing file extension ' + str(org_ext) + ' to ' + str(new_ext) + '...') | |
| ## list the file with certain extension in current directory |
Tony3-sec
/ swap values between two variables without using temporary variable
Last active
January 16, 2017 10:52
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| >>> a = 10 | |
| >>> b = 100 | |
| >>> a = a + b | |
| >>> b = a - b | |
| >>> a = a - b | |
| >>> a | |
| 100 | |
| >>> b | |
| 10 |
Tony3-sec
/ Steps for hex encoding
Created
January 9, 2017 16:57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Hex encode for 'Hello' is 48656c6c6f. How does this work? | |
| >>> binascii.hexlify(b'Hello') | |
| b'48656c6c6f' (48 65 6c 6c 6f) | |
| ## Let's encode the letter 'H' | |
| ## First, convert 'H' to ascii code | |
| >>> ord('H') | |
| 72 |