Skip to content

Instantly share code, notes, and snippets.

View gist:939024
import md5, sys
h = '\x8b\x07Y\x98!\n\x1a\xc8\x86\xe8G\x0f\x9a\x8b[\xc0'.encode('hex')
def chk(s):
print s
if ( == h):
# Leading Tabs, align with tabs
print "Hello" # Comment
print "Hello, world" # Comment
# Leading tabs, align with space
print "Hello" # Comment
print "Hello, world" # Comment
zachriggle / portscan.txt
Last active Dec 17, 2015
unalloctf portscan
View portscan.txt
~ ⮀ sudo nmap -sT -T Insane -P0 -A -v -v --privileged
Starting Nmap 6.25 ( ) at 2013-05-27 14:58 EDT
NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating Parallel DNS resolution of 8 hosts. at 14:58
Completed Parallel DNS resolution of 8 hosts. at 14:58, 0.74s elapsed
Initiating Connect Scan at 14:58
zachriggle / gist:5659055
Created May 27, 2013
View gist:5659055
msf auxiliary(mysql_schemadump) > run
[*] Schema stored in: /Users/zachriggle/.msf4/loot/20130527165753_default_192.168.1.79_mysql_schema_235782.txt
[+] MySQL Server Schema
Port: 3306
- DBName: BadApple
zachriggle /
Last active Jan 4, 2016
import scapy, struct, socket, binascii, logging
from scapy.all import *
from collections import defaultdict
# Entry
def USBIP(PacketData):
if PacketData[:2] == '\x01\x11':
RARVM reversible/patchme
Modified 'unrar' source to dump context and disassembly.
Wrote two separate solvers since the challenge was broken.
To build the disassembler/debugger:
- unzip -d unrar
- cd unrar
View gist:11301543
### Keybase proof
I hereby claim:
* I am zachriggle on github.
* I am zachriggle ( on keybase.
* I have a public key whose fingerprint is C5BE 5AF8 DD76 E311 630E 5E26 683A C112 1586 0611
To claim this, I am signing this object:
View map
gdb-peda$ set disable-randomization off
gdb-peda$ break main
gdb-peda$ run
gdb-peda$ vmmap
0x00007fe6e01d7000 0x00007fe6e01d8000 r-xp /home/user/a.out
0xffffffffff600000 0xffffffffff601000 r-xp [vsyscall]
gdb-peda$ run
gdb-peda$ vmmap
0x00007f7acee88000 0x00007f7acee89000 r-xp /home/user/a.out
0xffffffffff600000 0xffffffffff601000 r-xp [vsyscall]
zachriggle / gist:87ebeb71e3cffc4f15da
Created May 7, 2014
View gist:87ebeb71e3cffc4f15da
[ ] anal: ldr code analysis
[ ] anal: endian
[ ] anal: af java multiple classes loaded via malloc and ib
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.Snxmol malloc://1023 > /tmp/r2-regressions//anal-out.pyjpEd 2> /tmp/r2-regressions//anal-err.xuWjRM
e asm.comments=false
zachriggle /
Created Jun 25, 2014
Applies IDA Patches to Binaries
import argparse
import fileinput
import re
import binascii
import struct
unhex = binascii.unhexlify
u32 = lambda x: struct.unpack('>L', x)[0]
hexa = r'[0-9A-F]'
pattern = r'(%s{8}): (%s{2}) (%s{2})' % (hexa, hexa, hexa)