| <# | |
| ____ ______ ______ ____ __ __ | |
| /\ _`\ /\ _ \ /\__ _\/\ _`\ /\ \/\ \ | |
| \ \ \L\ \\ \ \L\ \\/_/\ \/\ \ \/\_\\ \ \_\ \ | |
| \ \ ,__/ \ \ __ \ \ \ \ \ \ \/_/_\ \ _ \ | |
| \ \ \/ \ \ \/\ \ \ \ \ \ \ \L\ \\ \ \ \ \ | |
| \ \_\ \ \_\ \_\ \ \_\ \ \____/ \ \_\ \_\ | |
| \/_/ \/_/\/_/ \/_/ \/___/ \/_/\/_/ | |
| from ctypes import (windll, wintypes, c_uint64, cast, POINTER, Union, c_ubyte, | |
| LittleEndianStructure, byref, c_size_t) | |
| import zlib | |
| # types and flags | |
| DELTA_FLAG_TYPE = c_uint64 | |
| DELTA_FLAG_NONE = 0x00000000 | |
| DELTA_APPLY_FLAG_ALLOW_PA19 = 0x00000001 |
| # DON'T USE THIS VERSION! | |
| # Try https://gist.github.com/wdormann/89ed779933fe205fb52ecf3eacf5ff40 instead | |
| import os | |
| import subprocess | |
| # See: https://blogs.msmvps.com/erikr/2007/09/26/set-permissions-on-a-specific-service-windows/ | |
| svcinfo = {} | |
| FNULL = open(os.devnull, 'w') |
| """ | |
| Author: Matteo 'uf0' Malvica @matteomalvica | |
| Tested with IDA 7.5 and Py3 | |
| Original plugin: https://github.com/FSecureLABS/win_driver_plugin | |
| """ | |
| def getopvalue(addr): | |
| """Returns the value of the second operand to the instruction at `addr` masked to be a 32 bit value""" | |
| return idc.get_operand_value(addr, 1) & 0xffffffff |
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <!-- | |
| File: Inveigh.xml | |
| Author: Kevin Robertson | |
| Description | |
| This file can be used to execute InveighZero through MSBuild. | |
| Original Repository: https://github.com/Kevin-Robertson/InveighZero | |
| Using msbuild.exe to execute .net code through inline tasks is a technique that | |
| was developed by Casey Smith. You can explicitly |
| #! /usr/bin/env python3 | |
| # | |
| # Requires Python 3.7+ & aiohttp (speedups recommended) | |
| # pip3 install aiohttp[speedups] | |
| # | |
| import sys | |
| import asyncio | |
| import aiohttp |
| #include <Windows.h> | |
| #include <intrin.h> | |
| #include <string> | |
| #include <TlHelp32.h> | |
| #include <psapi.h> | |
| DWORD WINAPI Thread(LPVOID lpParam) { | |
| // Insert evil stuff | |
| ExitProcess(0); |
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
| // Launch WinAFL with current function as hook location | |
| //@author richinseattle | |
| //@category _NEW_ | |
| //@keybinding | |
| //@menupath | |
| //@toolbar | |
| // Usage: | |
| // Install DynamoRIO and WinAFL | |
| // Add LaunchWinAFL to Ghidra scripts |
With kerbrute.py:
python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>With Rubeus version with brute module: