Skip to content

Instantly share code, notes, and snippets.

View gist:11301543
### Keybase proof
I hereby claim:
* I am zachriggle on github.
* I am zachriggle ( on keybase.
* I have a public key whose fingerprint is C5BE 5AF8 DD76 E311 630E 5E26 683A C112 1586 0611
To claim this, I am signing this object:
View map
gdb-peda$ set disable-randomization off
gdb-peda$ break main
gdb-peda$ run
gdb-peda$ vmmap
0x00007fe6e01d7000 0x00007fe6e01d8000 r-xp /home/user/a.out
0xffffffffff600000 0xffffffffff601000 r-xp [vsyscall]
gdb-peda$ run
gdb-peda$ vmmap
0x00007f7acee88000 0x00007f7acee89000 r-xp /home/user/a.out
0xffffffffff600000 0xffffffffff601000 r-xp [vsyscall]
zachriggle / gist:87ebeb71e3cffc4f15da
Created May 7, 2014
View gist:87ebeb71e3cffc4f15da
[ ] anal: ldr code analysis
[ ] anal: endian
[ ] anal: af java multiple classes loaded via malloc and ib
Command: /usr/local/bin/radare2 -e scr.color=0 -N -q -i /tmp/r2-regressions//anal-rad.Snxmol malloc://1023 > /tmp/r2-regressions//anal-out.pyjpEd 2> /tmp/r2-regressions//anal-err.xuWjRM
e asm.comments=false
zachriggle /
Created Jun 25, 2014
Applies IDA Patches to Binaries
import argparse
import fileinput
import re
import binascii
import struct
unhex = binascii.unhexlify
u32 = lambda x: struct.unpack('>L', x)[0]
hexa = r'[0-9A-F]'
pattern = r'(%s{8}): (%s{2}) (%s{2})' % (hexa, hexa, hexa)
View gist:a363d271b29ab5943f64
>>> class A(object): pass
>>> a = A()
>>> a.__len__ = lambda: 3
>>> a.__len__()
>>> len(a)
Traceback (most recent call last):
TypeError: object of type 'A' has no len()

gdb-peda$ x/i $pc => 0xf763d100 <__libc_system>: push ebx gdb-peda$ telescope $sp 2 00:0000| esp 0x188340de --> 0x8048c0d (add esp,0x10) 01:0004| 0x188340e2 --> 0x188340f2 ("/tmp/note||bash") gdb-peda$ continue ... Stopped reason: SIGSEGV 0xf763ce3c in do_system (line=0x188340f2 "/tmp/note||bash") at ../sysdeps/posix/system.c:153

View gist:939024
import md5, sys
h = '\x8b\x07Y\x98!\n\x1a\xc8\x86\xe8G\x0f\x9a\x8b[\xc0'.encode('hex')
def chk(s):
print s
if ( == h):
# Leading Tabs, align with tabs
print "Hello" # Comment
print "Hello, world" # Comment
# Leading tabs, align with space
print "Hello" # Comment
print "Hello, world" # Comment
zachriggle / portscan.txt
Last active Dec 17, 2015
unalloctf portscan
View portscan.txt
~ ⮀ sudo nmap -sT -T Insane -P0 -A -v -v --privileged
Starting Nmap 6.25 ( ) at 2013-05-27 14:58 EDT
NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 2) scan.
NSE: Starting runlevel 2 (of 2) scan.
Initiating Parallel DNS resolution of 8 hosts. at 14:58
Completed Parallel DNS resolution of 8 hosts. at 14:58, 0.74s elapsed
Initiating Connect Scan at 14:58
zachriggle / gist:5659055
Created May 27, 2013
View gist:5659055
msf auxiliary(mysql_schemadump) > run
[*] Schema stored in: /Users/zachriggle/.msf4/loot/20130527165753_default_192.168.1.79_mysql_schema_235782.txt
[+] MySQL Server Schema
Port: 3306
- DBName: BadApple