Skip to content

Instantly share code, notes, and snippets.

Avatar

william packetchef

  • 01060
View GitHub Profile
View sed_tips.sed
# For the string "abc:123", append "def" to "abc"
$ echo "abc:123" | sed 's/abc/&def/'
# Add a space after every alphanumeric character
$ echo "abc:123" | sed 's/[A-Za-z0-9]/& /g'
# Use stdin instead of passing a file
$ sed 's/abc/def/' <&1
abcdefghi
defdefghi
View dos_for_loops.bat
# echo the element in the first column
> for /f "tokens=1" %1 in (INPUT.TXT) do echo %i
# Concatenate all CSVs into one file
> for %f in (*.CSV) do type %f >> TOTALS.TXT
View tcpdump_and_tcp_flags.txt
"Unskilled attackers pester real security folk"
URG ACK PSH RST SYN FIN
[32] [16] [8] [4] [2] [1 ]
tcpdump bitmasking:
To find packets with the PSH flag set: tcpdump -nni eth0 'tcp[13] & 8!=0'
To find packets with the SYN and ACK flags set: tcpdump -nni eth0 'tcp[13] & 16!=0 && tcp[13] & 2!=0'
View hex_stuff.txt
Convert with Python, individually:
>>> '\x3d'
'='
>>> '\x22'
'"'
>>> '\x2e'
'.'
>>> '\x5c'
'\\'
View ascii_middle_finger.sh
curl -s https://ascii-middle-finger.com/ | grep -A 10 '<pre>' | grep -v 'pre'
View forensics_references.txt
Forensics Wiki
https://forensicswiki.xyz/wiki/index.php?title=Apple_Safari
Chad Tilbury
https://www.forensicmethods.com/
Forensic Artifacts
https://github.com/ForensicArtifacts/artifacts
View ioc_sites.txt
malwr.com
totalhash.com
iocbucket.com
blog.dynamoo.com
http://zeltser.com/combating-malicious-software/malware-sample-sources.html
@packetchef
packetchef / reverse_string.ps1
Created Jul 22, 2020
Reverse a string in Powershell
View reverse_string.ps1
$forward="alphabetadeltagamma"
write-output $forward
$reverse=""
for($i=$forward.length; $i -ge 0; $i--)
{
$reverse += $forward[$i]
}
write-output $reverse
# Output: ammagatledatebahpla
@packetchef
packetchef / urldecode.ps1
Created Jul 22, 2020
Sample URL decode with Powershell
View urldecode.ps1
$qURL="xresbez+%3D+%0D%0A++Partition%5BReadList%5BStringJoin%5Brootdir%2C+%22LMbezier.dat%22%5D%2C+Number%5D%2C+%0D%0A+++121%5D%3B%0D%0Axreslib+%3D+%0D%0A++Partition%5BReadList%5BStringJoin%5Brootdir%2C+%22LMCurves.dat%22%5D%2C+Number%5D%2C+%0D%0A+++122%5D%3B%0D%0Axerrs+%3D+Partition%5B%0D%0A+++ReadList%5BStringJoin%5Brootdir%2C+%22LMErrors.dat%22%5D%2C+Number%5D%2C+4%5D%3B%0D%0Ax+%3D+%7B%7D%3B+y+%3D+ReadList%5BStringJoin%5Brootdir%2C+%22LMdropped.dat%22%5D%2C+Number%5D%3B%0D%0AFor%5Bi+%3D+1%2C+i+%3C%3D+Length%5By%5D%2C+i%2B%2B%2C+If%5By%5B%5Bi%5D%5D+%3E%3D+500%2C+x+%3D+Append%5Bx%2C+i%5D%5D%5D%3B%0D%0Axsdropped+%3D+%0D%0A++Append%5BTable%5BTake%5By%2C+%7Bx%5B%5Bi+-+1%5D%5D%2C+x%5B%5Bi%5D%5D+-+1%7D%5D%2C+%7Bi%2C+2%2C+Length%5Bx%5D%7D%5D%2C+%0D%0A+++Take%5By%2C+%7Bx%5B%5B-1%5D%5D%2C+Length%5By%5D%7D%5D%5D%3B%0D%0APrint%5B%22Precalculated+already+%22%2C+qd%5Bxreslib%5B%5B-1%2C+1%5D%5D%5D%2C+%22+-+%22%2C+%0D%0A++qd%5Bxreslib%5B%5B1%2C+1%5D%5D%5D%5D%3B%0D%0A%0D%0APrecalculated+already+3.4.1991+-+5.13.2014&sourcei
View read_line.bash
# Where $1 is a file, this reads and prints each line
# The idea is, replace the echo with something else that processes each line
while read line
do
echo "Line is: $line"
done < $1
You can’t perform that action at this time.