I hereby claim:
- I am hasherezade on github.
- I am hasherezade (https://keybase.io/hasherezade) on keybase.
- I have a public key whose fingerprint is 4664 DAE5 DBAA D9CE 9769 0442 E415 3E8F 9A4C 195F
To claim this, I am signing this object:
hasherezade hasherezade
hasherezade
/ main.cpp
Last active
December 3, 2017 23:10
Magniber - checksum to function name with libPeConv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include "peconv.h" | |
| #include <iostream> | |
| HMODULE (*load_by_checksum)(DWORD checksum) = NULL; | |
| bool print_func_by_checksum(DWORD checksum) | |
| { | |
| HMODULE func_from_checksum = load_by_checksum(checksum); |
hasherezade
/ main.cpp
Last active
January 7, 2018 16:27
FlareOn4 Chall6 - solution using #libpeconv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <windows.h> | |
| #include "peconv.h" | |
| const size_t g_flagLen = 26; | |
| char g_flag[g_flagLen + 1] = { 0 }; | |
| int my_index() | |
| { | |
| static int index = 0; |
hasherezade
/ kaybase.md
Created
November 22, 2017 18:11
hasherezade
/ 64bitasm_gcc.cpp
Created
October 11, 2017 18:25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| void set_regs() | |
| { | |
| void* address = (void*) 0x00000000; | |
| char *val = (char*) "mmmmmm"; | |
| __asm__ volatile ( | |
| "mov %1, %%rdi \n" | |
| "mov %0, %%rsp \n" | |
| : /* no output operand*/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <mcconf> | |
| <ver>1000028</ver> | |
| <gtag>mac1</gtag> | |
| <servs> | |
| <srv>186.103.161.204:443</srv> | |
| <srv>163.53.206.187:443</srv> | |
| <srv>191.7.30.30:443</srv> | |
| <srv>46.160.165.31:443</srv> | |
| <srv>93.99.68.140:443</srv> | |
| <srv>190.34.158.250:443</srv> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python2.7 | |
| import sys | |
| import os | |
| import argparse | |
| # Base58 charset | |
| alphabet = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz' | |
hasherezade
/ private_key.txt
Created
July 5, 2017 19:57
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| enter aes-256-cbc decryption password: | |
| Congratulations! | |
| Here is our secp192k1 privkey: | |
| 38dd46801ce61883433048d6d8c6ab8be18654a2695b4723 | |
| We used ECIES (with AES-256-ECB) Scheme to encrypt the decryption password into the "Personal Code" which is BASE58 encoded. |
hasherezade
/ latent_dec.py
Last active
August 4, 2017 01:06
Script for IDA Pro decoding Latent Bot's strings
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """latent_dec.py: Script for IDA Pro decoding Latent Bot's strings""" | |
| __author__ = "hasherezade" | |
| import idautils | |
| lookup_table = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x3E\x00\x00\x00\x3F\x34\x35\x36\x37\x38\x39\x3A\x3B\x3C\x3D\x00\x00\x00\x00\x00\x00\x00\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x00\x00\x00\x00\x00\x00\x1A\x1B\x1C\x1D\x1E\x1F\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2A\x2B\x2C\x2D\x2E\x2F\x30\x31\x32\x33\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * Decoder for the strings of LatentBot | |
| * CC-BY: hasherezade | |
| */ | |
| #include <stdio.h> | |
| #include <string.h> | |
| #include <ctype.h> | |
| #ifdef _MSC_VER |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <Windows.h> | |
| #include <psapi.h> | |
| #include <string> | |
| HANDLE create_new_process(IN const char* path, IN const char* cmd) | |
| { | |
| STARTUPINFOA si; | |
| memset(&si, 0, sizeof(STARTUPINFO)); |