Skip to content

Instantly share code, notes, and snippets.

View albertzsigovits's full-sized avatar
🕹️
[_]/\XO

Albert Zsigovits albertzsigovits

🕹️
[_]/\XO
112 followers · 31 following
View GitHub Profile
@albertzsigovits
albertzsigovits / p1.py
Created January 29, 2019 16:46
Sample Immunity Debugger Python Plug-in Script
# NetAcademia - Petya Zsiros - p1.py
import immlib
def main(args):
imm = immlib.Debugger()
addr = imm.getAddress("kernel32.IsDebuggerPresent")
if (addr <= 0):
imm.log("kernel32.IsDebuggerPresent CAN NOT BE FOUND")
return "ERROR"
imm.log("Patching in progress...")
imm.log("addr: 0x%08x" % addr)
@albertzsigovits
albertzsigovits / p2.txt
Created January 29, 2019 16:48
Sample OllyDbg Script File
# NetAcademia - Petya Zsiros - p2.txt
GPA "IsDebuggerPresent", "Kernel32.dll"
mov addr, $RESULT
log addr
asm addr,"XOR EAX,EAX"
add addr, $RESULT
asm addr,"RETN"
@albertzsigovits
albertzsigovits / p1.txt
Created January 29, 2019 16:49
Sample OllyDbg Script File #2
# NetAcademia - Petya Zsiros - p1.txt
GMA "patching", MODULEBASE
mov addr, $RESULT
log addr
add addr, 102E
log addr
mov [addr], #74#
@albertzsigovits
albertzsigovits / olly.txt
Created January 31, 2019 13:06
OllyDbg Keyboard Shortcuts
# OllyDbg Keyboard Shortcuts
############################
F2 Toggle Breakpoint
F7 Step Into
F8 Step Over
F9 Run
* View current location
numpad Navigate back
Enter Navigate forward
@albertzsigovits
albertzsigovits / pass-cli.py
Created February 4, 2019 14:20
Python XOR solver script for pass-cli.exe
# Python XOR solver script for Tyler Hudak's pass-cli.exe challenge
# https://drive.google.com/drive/folders/0B7JYzWHYPlEzbWxNSEpLRDREV2c
encoded_pw = 'MhQfgWskms+'
tmp = ''
pw = ''
print('Python XOR solver script for Tyler Hudak\'s pass-cli.exe challenge:')
print('==================================================================', end='\n')
@albertzsigovits
albertzsigovits / regex.txt
Created February 4, 2019 14:37
My RegEx Cheatsheet
# RegEx Cheatsheet:
###################
MD5 [a-fA-F0-9]{32}
SHA1 [a-fA-F0-9]{40}
SHA256 [a-fA-F0-9]{64}
SHA512 [a-fA-F0-9]{128}
Base64 ^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$
IPv4 (?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)
IPv6 (?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4}
@albertzsigovits
albertzsigovits / regex.py
Created February 18, 2019 13:08
Python RegExp script
import re
r = re.compile('(?=\w{5})(?P<grp>\w{5})', re.IGNORECASE)
x = "There is more to him than meets the eye"
r.search(x)
r.match(x)
r.search(x).group('grp')
@albertzsigovits
albertzsigovits / calls.c
Created February 18, 2019 20:52
Calling conventions
int __cdecl function_cdecl(int a, int b, int c)
{
return (a + b + c)
}
int __stdcall function_stdcall(int a, int b, int c)
{
return (a + b + c)
}
@albertzsigovits
albertzsigovits / ghidra.txt
Created March 7, 2019 09:07
Collection of Ghidra resources
A collection of Ghidra resources found throughout Twitter, Google and others..
##############################################################################
Official site: https://ghidra-sre.org/
Latest package: https://ghidra-sre.org/ghidra_9.0_PUBLIC_20190228.zip
Installation guide: https://ghidra-sre.org/InstallationGuide.html
Github repository: https://github.com/NationalSecurityAgency/ghidra
RSA Conference pdf: https://www.rsaconference.com/writable/presentations/file_upload/png-t09-come-get-your-free-nsa-reverse-engineering-tool_.pdf
GHIDRA mirror: https://flfy.org/ghidra_9.0_PUBLIC_20190228.zip
GHIDRA cheatsheet: https://flfy.org/ghidra/cheatsheet/CheatSheet.html
@albertzsigovits
albertzsigovits / pe_hash.py
Created April 1, 2019 07:56
PE section hash generator
import pefile, os
for filename in os.listdir(os.getcwd()):
try:
pe = pefile.PE(filename)
print('Analyzing: ',filename)
for sect in pe.sections:
print(str(sect.Name),' ',str(sect.get_hash_md5()))
print('----------------------------------------------------------------')