This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import binascii | |
| import struct | |
| class REC(): | |
| def __init__(self): | |
| self.signature = b'\xfe\xff\xee\xff\x11\x22\x00\x00\x03\x00\x00\x00\x01\x00\x00\x00' | |
| self.data = open("RecentFileCache.bcf","rb").read() | |
| self.data_size = len(self.data) | |
| self.offset = 20 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import r2pipe | |
| class test: | |
| def __init__(self): | |
| self.r2 = r2pipe.open("7410597531f22a3f89bb8d133488252360c5dc701862f86c4f60fd79722f7e37") | |
| self.r2.cmd("aaa") | |
| self.decode_addr = 0x40159d | |
| self.xrefs = self.r2.cmdj("axtj {}".format(self.decode_addr)) | |
| def decode(self, string): |
hyuunnn
/ tor_connect.py
Created
October 1, 2018 05:20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # root$ tor | |
| # Oct 01 13:57:48.308 [notice] Opening Socks listener on 127.0.0.1:9050 | |
| import requests | |
| proxies = { | |
| 'http': 'socks5h://localhost:9050', | |
| 'https': 'socks5h://localhost:9050' | |
| } |
hyuunnn
/ rich_header.py
Last active
September 17, 2018 16:55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import struct | |
| import sys | |
| import hexdump | |
| import csv | |
| import os | |
| import argparse | |
| # https://gist.github.com/skochinsky/07c8e95e33d9429d81a75622b5d24c8b | |
| PRODID_MAP = { | |
| 0: "Unknown", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| RAW = ํ์ผ์์์ ์ฃผ์ | |
| RVA = ๋ฉ๋ชจ๋ฆฌ์์์ ์ฃผ์ | |
| VirtualAddress = ๋ฉ๋ชจ๋ฆฌ์์์ ์น์ ์์ ์์น (idaapi Segments()๋ก ๊ฐ๋ฅ) SegStart | |
| PointerToRawData = ํ์ผ์์์ ์น์ ์์ ์์น (offset = idaapi.get_fileregion_offset(ea)) | |
| 0x1c094 = 0x41E494 - 0x41c000 + 0x19c00 | |
| RAW = RVA - VirtualAddress + PointerToRawData | |
| VirtualAddress = RVA + ImageBase |
hyuunnn
/ VT_AV_detect_searcher.py
Last active
May 29, 2018 13:59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import xlsxwriter | |
| import os | |
| import sys | |
| import argparse | |
| import requests | |
| import hashlib | |
| class retrohunt_searcher(): | |
| def __init__(self): | |
| self.API_KEY = "" |
hyuunnn
/ icon_rule_maker.py
Created
May 25, 2018 02:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import pefile | |
| import sys | |
| import binascii | |
| import argparse | |
| class icon_rule_maker(): | |
| def __init__(self): | |
| self.pe = pefile.PE(args.path) | |
| self.EntryPoint = self.pe.OPTIONAL_HEADER.AddressOfEntryPoint | |
| self.ImageBase = self.pe.OPTIONAL_HEADER.ImageBase |
hyuunnn
/ pwntools.py
Created
February 16, 2017 07:42
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| from struct import * | |
| elf = ELF('./ropasaurusrex-85a84f36f81e11f720b1cf5ea0d1fb0d5a603c0d') | |
| libc = ELF("/lib/i386-linux-gnu/libc.so.6") | |
| rop = ROP(elf) | |
| up = lambda x:unpack("<L",x)[0] | |
| binsh = "/bin/sh" | |
| dynamic = 0x08049530 |
hyuunnn
/ ropasaurusrex.py
Created
February 15, 2017 18:06
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from struct import * | |
| from socket import * | |
| from time import * | |
| s = socket(AF_INET, SOCK_STREAM) | |
| s.connect(("192.168.93.141",9909)) | |
| p = lambda x:pack("<L",x) | |
| up = lambda x:unpack("<L",x)[0] |
hyuunnn
/ angrybird.py
Created
February 14, 2017 11:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import angr | |
| p = angr.Project("./angrybird") | |
| init = p.factory.blank_state(addr=0x4007da) | |
| path_group = p.factory.path_group(init,threads=8) | |
| aa = path_group.explore(find=0x404fda, avoid=0x404f97) | |
| print path_group.found[0].state.posix.dumps(1) |
NewerOlder