Base64 Code | Mnemonic Aid | Decoded* | Description |
---|---|---|---|
JAB |
🗣 Jabber | $. |
Variable declaration (UTF-16), e.g. JABlAG4AdgA for $env: |
TVq |
📺 Television | MZ |
MZ header |
SUVY |
🚙 SUV | IEX |
PowerShell Invoke Expression |
SQBFAF |
🐣 Squab favorite | I.E. |
PowerShell Invoke Expression (UTF-16) |
SQBuAH |
🐣 Squab uahhh | I.n. |
PowerShell Invoke string (UTF-16) e.g. Invoke-Mimikatz |
PAA |
💪 "Pah!" | <. |
Often used by Emotet (UTF-16) |
#!/usr/bin/env bash | |
SLEEP_DURATION=${SLEEP_DURATION:=1} # default to 1 second, use to speed up tests | |
progress-bar() { | |
local duration | |
local columns | |
local space_available | |
local fit_to_screen | |
local space_reserved |
This brief tutorial will show you how to go about analyzing a raw binary firmware image in Ghidra.
I was recently interested in reversing some older Cisco IOS images. Those images come in the form of a single binary blob, without any sort of ELF, Mach-o, or PE header to describe the binary.
While I am using Cisco IOS Images in this example, the same process should apply to other Raw Binary Firmware Images.
This is a technique for extracting all imported modules from a packaged Python application as .pyc
files, then decompiling them. The target program needs to be run from scratch, but no debugging symbols are necessary (assuming an unmodified build of Python is being used).
This was originally performed on 64-bit Linux with a Python 3.6 target. The Python scripts have since been updated to handle pyc files for Python 2.7 - 3.9.
In Python we can leverage the fact that any module import involving a .py*
file will eventually arrive as ready-to-execute Python code object at this function:
PyObject* PyEval_EvalCode(PyObject *co, PyObject *globals, PyObject *locals);
#!/usr/bin/env python | |
# -*- coding: utf-8 -*- | |
""" | |
File name: download_apk.py | |
Author: Dawand Sulaiman | |
Download APK files from Google Play Store with Python | |
This script scraps https://apkpure.com to get the apk download link | |
Make sure you have BeautifulSoup and urllib libraries | |
""" |
We did it! We broke gist.github.com ;) So head over to the new home! Thank you all!
2021.10.20: https://github.com/AveYo/MediaCreationTool.bat now open for interaction
Not just an Universal MediaCreationTool wrapper script with ingenious support for business editions,
A powerful yet simple windows 10 / 11 deployment automation tool as well!
import socket | |
import random | |
import argparse | |
import sys | |
from io import BytesIO | |
# Referrer: https://github.com/wuyunfeng/Python-FastCGI-Client | |
PY2 = True if sys.version_info.major == 2 else False |
import requests | |
import base64 | |
from tqdm import tqdm | |
import sys | |
import subprocess as sp | |
FFMPEG_BIN = 'ffmpeg.exe' | |
master_json_url = sys.argv[1] | |
base_url = master_json_url[:master_json_url.rfind('/', 0, -26) - 5] |
000000 Officially Xerox | |
000001 SuperLAN-2U | |
000002 BBN (was internal usage only, no longer used) | |
000003 XEROX CORPORATION | |
000004 XEROX CORPORATION | |
000005 XEROX CORPORATION | |
000006 XEROX CORPORATION | |
000007 XEROX CORPORATION | |
000008 XEROX CORPORATION | |
000009 powerpipes? |