- Working Eclipse installation
- Installed GhidraDev extension in Eclipse
yxcv |
# -*- coding: utf-8 -*- | |
from burp import IBurpExtender | |
from burp import IHttpListener | |
import json | |
# ZDI-CAN-22101 / ZDI-23-1581 - Exchange SSRF PoC exploit with response retrieval for Burp Suite | |
# by buherator, original research by Piotr Bazydło (@chudypb) | |
# |
import csv | |
import sys | |
import tabulate # https://pypi.org/project/tabulate/ | |
with open(sys.argv[1], newline='') as csvfile: | |
reader = csv.DictReader(csvfile) | |
print(tabulate.tabulate(reader, tablefmt="textile", headers="keys")) |
# This function recurively traverses a KaitaiStruct objects and dumps the offsets of the substructures encountered. | |
# | |
# This is similar to how the WebIDE points you to specific substructers in the parsed tree when you click on some | |
# byte in the hex editor. | |
# Unfortunately I couldn't use any IDE tools for this capability, because [JavaScript sucks](https://github.com/kaitai-io/kaitai_struct/issues/183) | |
# You should generate the Kaitai parser with the `--read-pos` command line option | |
# The behavior is documented with this issue: https://github.com/kaitai-io/kaitai_struct/issues/331 | |
import string |
Randall Munroe - Mi lenne, ha? | |
ISBN: 978-963-293-368-9 | |
Athenaeum Kiadó, 2014. | |
Változatlan utánnyomás, 2 | |
Felelős szerkesztő: Kónya Orsolya | |
Felelős vezető: Tóth Béláné | |
Fordította: Varga Krisztina | |
16. oldal: "A rejtélyes [csen]d bizonyára megzavarná őket" | |
Typo |
aW1wb3J0IHJlcXVlc3RzCmZyb20gdXJsbGliMy5leGNlcHRpb25zIGltcG9ydCBJbnNlY3VyZVJl | |
cXVlc3RXYXJuaW5nCmltcG9ydCByYW5kb20KaW1wb3J0IHN0cmluZwppbXBvcnQgc3lzCgoKZGVm | |
IGlkX2dlbmVyYXRvcihzaXplPTYsIGNoYXJzPXN0cmluZy5hc2NpaV9sb3dlcmNhc2UgKyBzdHJp | |
bmcuZGlnaXRzKToKICAgIHJldHVybiAnJy5qb2luKHJhbmRvbS5jaG9pY2UoY2hhcnMpIGZvciBf | |
IGluIHJhbmdlKHNpemUpKQoKaWYgbGVuKHN5cy5hcmd2KSA8IDI6CglwcmludCgiVXNhZ2U6IHB5 | |
dGhvbiBQb0MucHkgPHRhcmdldD4gPGVtYWlsPiIpCglwcmludCgiRXhhbXBsZTogcHl0aG9uIFBv | |
Qy5weSBtYWlsLmV2aWwuY29ycCBoYXhvckBldmlsLmNvcnAiKQoJZXhpdCgpCnJlcXVlc3RzLnBh | |
Y2thZ2VzLnVybGxpYjMuZGlzYWJsZV93YXJuaW5ncyhjYXRlZ29yeT1JbnNlY3VyZVJlcXVlc3RX | |
YXJuaW5nKQp0YXJnZXQgPSBzeXMuYXJndlsxXQplbWFpbCA9IHN5cy5hcmd2WzJdCnJhbmRvbV9u | |
YW1lID0gaWRfZ2VuZXJhdG9yKDMpICsgIi5qcyIKdXNlcl9hZ2VudCA9ICJNb3ppbGxhLzUuMCAo |
#Stupid little script to find identifiable strings referenced from a function or its descendants | |
#@author buherator | |
#@category Test | |
#@keybinding | |
#@menupath | |
#@toolbar | |
from ghidra.util.task import TaskMonitor | |
from docking.widgets import OptionDialog | |
from ghidra.program.model.symbol import RefType |
Install the CodeQL extension and configure the CLI!
This is not strictly mandatory, but you probably want something like this:
My current target uses a deterministic pattern when calling C++ constructors, so I can use the CFG to identify object instantiation. Here are my notes about how to use Ghidra's decompiler to get the sizes of objects to be created:
We can use the parameter of operator_new()
to find the size of the objects. Instead of parsing the instructions of the relevant basic blocks (and hoping that we don't run into some unexpected instruction sequences generated by the compiler) we can use the decompiler to get the association between the call to operator_new()
and its parameter.
Ghidra/Features/Decompiler/ghidra_scripts/ShowCCallsScript.java
contains a nice example of how to use the Decompiler API. First, an instance of DecompInterface
must be created, as shown in setUpDecompiler()
. Note that this method doesn't call openProgram()
on the returned DecomInterface
object, that is necessary to run decompilation! The decompileFunction()
method works as expected - the returned DecompileResults
object con