This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NetAcademia - Petya Zsiros - p1.py | |
import immlib | |
def main(args): | |
imm = immlib.Debugger() | |
addr = imm.getAddress("kernel32.IsDebuggerPresent") | |
if (addr <= 0): | |
imm.log("kernel32.IsDebuggerPresent CAN NOT BE FOUND") | |
return "ERROR" | |
imm.log("Patching in progress...") | |
imm.log("addr: 0x%08x" % addr) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NetAcademia - Petya Zsiros - p2.txt | |
GPA "IsDebuggerPresent", "Kernel32.dll" | |
mov addr, $RESULT | |
log addr | |
asm addr,"XOR EAX,EAX" | |
add addr, $RESULT | |
asm addr,"RETN" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NetAcademia - Petya Zsiros - p1.txt | |
GMA "patching", MODULEBASE | |
mov addr, $RESULT | |
log addr | |
add addr, 102E | |
log addr | |
mov [addr], #74# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# OllyDbg Keyboard Shortcuts | |
############################ | |
F2 Toggle Breakpoint | |
F7 Step Into | |
F8 Step Over | |
F9 Run | |
* View current location | |
numpad Navigate back | |
Enter Navigate forward |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Python XOR solver script for Tyler Hudak's pass-cli.exe challenge | |
# https://drive.google.com/drive/folders/0B7JYzWHYPlEzbWxNSEpLRDREV2c | |
encoded_pw = 'MhQfgWskms+' | |
tmp = '' | |
pw = '' | |
print('Python XOR solver script for Tyler Hudak\'s pass-cli.exe challenge:') | |
print('==================================================================', end='\n') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# RegEx Cheatsheet: | |
################### | |
MD5 [a-fA-F0-9]{32} | |
SHA1 [a-fA-F0-9]{40} | |
SHA256 [a-fA-F0-9]{64} | |
SHA512 [a-fA-F0-9]{128} | |
Base64 ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ | |
IPv4 (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?) | |
IPv6 (?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import re | |
r = re.compile('(?=\w{5})(?P<grp>\w{5})', re.IGNORECASE) | |
x = "There is more to him than meets the eye" | |
r.search(x) | |
r.match(x) | |
r.search(x).group('grp') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
int __cdecl function_cdecl(int a, int b, int c) | |
{ | |
return (a + b + c) | |
} | |
int __stdcall function_stdcall(int a, int b, int c) | |
{ | |
return (a + b + c) | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
A collection of Ghidra resources found throughout Twitter, Google and others.. | |
############################################################################## | |
Official site: https://ghidra-sre.org/ | |
Latest package: https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip | |
Installation guide: https://ghidra-sre.org/InstallationGuide.html | |
Github repository: https://github.com/NationalSecurityAgency/ghidra | |
RSA Conference pdf: https://www.rsaconference.com/writable/presentations/file_upload/png-t09-come-get-your-free-nsa-reverse-engineering-tool_.pdf | |
GHIDRA mirror: https://flfy.org/ghidra_9.0_PUBLIC_20190228.zip | |
GHIDRA cheatsheet: https://flfy.org/ghidra/cheatsheet/CheatSheet.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import pefile, os | |
for filename in os.listdir(os.getcwd()): | |
try: | |
pe = pefile.PE(filename) | |
print('Analyzing: ',filename) | |
for sect in pe.sections: | |
print(str(sect.Name),' ',str(sect.get_hash_md5())) | |
print('----------------------------------------------------------------') |
OlderNewer