sharpicx

Breakpoints

 → break <address> : Sets a new breakpoint
→ delete <breakpoint#> : Deletes a breakpoint
→ enable < breakpoint#> : Enable a disabled breakpoint

Variables and memory display

→ print <query> : Prints content of variable or register.
→ display : Prints the information after stepping each instruction

Command line options

-L: List of supported IO plugins
-q: Exit after processing commands
-w: Write mode enabled
-i [file]: Interprets a r2 script
-A: Analyze executable at load time (xrefs, etc)
-n: Bare load. Do not load executable info as the entrypoint
-c 'cmds': Run r2 and execute commands (eg: r2 -wqc'wx 3c @ main')
-p [prj]: Creates a project for the file being analyzed (CC add a comment when opening a file as a project)

Crackmes.One https://crackmes.one/
Reverse Engineering challenges https://challenges.re/
Embedded Security CTF https://microcorruption.com/
Beginner Malware Reversing Challenges https://www.malwaretech.com/beginner-malware-reversing-challenges
RingZer0 https://ringzer0ctf.com/challenges

Assembly Language / Reversing / Malware Analysis / Game Hacking -resources

⭐Assembly Language

Modern x64 Assembly

https://www.youtube.com/playlist?list=PLKK11Ligqitg9MOX3-0tFT1Rmh3uJp7kA

XML GET

curl -H "Accept: application/xml" -H "Content-Type: application/xml" -X GET "http://hostname/resource"

JSON GET

curl -i -H "Accept: application/json" -H "Content-Type: application/json" -X GET "http://hostname/resource"

JSON PUT

Reminders

Remember to log all the things!

Metasploit - spool /home//.msf3/logs/console.log
Save contents from each terminal!
Linux - script myoutput.txt # Type exit to stop

Setup

First, get more info on system.

systeminfo, whoami /priv*, set or echo %username%
- check for Hotfixes, OS name, version, arch, environment variables & system (vm). Then look for vulns respective of system.
reg query HKLM /f password /t REG_SZ /s, wmic or sc query
- check for PS version, see if we can run reg query, wmic or sc commands for further info on system.

*Privilege escalation by abusing token privilege (foxglovesecurity blog). Required permission to escalate:

SeImpersonatePrivilege

	site:*/sign-in
	site:*/account/login
	site:*/forum/ucp.php?mode=login
	inurl:memberlist.php?mode=viewprofile
	intitle:"EdgeOS" intext:"Please login"
	inurl:user_login.php
	intitle:"Web Management Login"
	site:*/users/login_form
	site:*/access/unauthenticated
	site:account../login


	FILE SPACING:

	# double space a file
	sed G

	# double space a file which already has blank lines in it. Output file
	# should contain no more than one blank line between lines of text.
	sed '/^$/d;G'

	docker build -t friendlyname . # Create image using this directory's Dockerfile
	docker run -p 4000:80 friendlyname # Run "friendlyname" mapping port 4000 to 80
	docker run -d -p 4000:80 friendlyname # Same thing, but in detached mode
	docker exec -it [container-id] bash # Enter a running container
	docker ps # See a list of all running containers
	docker stop <hash> # Gracefully stop the specified container
	docker ps -a # See a list of all containers, even the ones not running
	docker kill <hash> # Force shutdown of the specified container
	docker rm <hash> # Remove the specified container from this machine
	docker rm $(docker ps -a -q) # Remove all containers from this machine