From 8635ad80bba536896e409cf49938d131766af40e Mon Sep 17 00:00:00 2001 From: whackx Date: Sun, 28 May 2023 14:22:59 +0200 Subject: [PATCH] bump --- Cryptography/Hashes/Wordlists.md | 6 +++++ Enumeration/GRPC.md | 36 ++++++++++++++++++++++++++++ Reverse Engineering/Deobfuscation.md | 17 +++++++++++++ 3 files changed, 59 insertions(+) create mode 100644 Enumeration/GRPC.md diff --git a/Cryptography/Hashes/Wordlists.md b/Cryptography/Hashes/Wordlists.md index 40899ab..33aa0db 100644 --- a/Cryptography/Hashes/Wordlists.md +++ b/Cryptography/Hashes/Wordlists.md @@ -33,6 +33,7 @@ crunch 8 8 -t passw%%rd * [ttpassgen](https://github.com/tp7309/TTPassGen.git) * Generate lists from the ground up * `pip install ttpassgen` + ```sh ttpassgen --rule '[?d]{6:6:*}' 6digitpins.txt ``` @@ -43,6 +44,11 @@ ttpassgen --rule '[?l]{1:5:*}' all_letter_combinations.txt ttpassgen --dictlist "in.txt,in2.txt" --rule '$0[_]?$1' -s " " out.txt ``` +An example for the policy of the following parameters. A given passwordlist as a base + 1 or 2 numbers + 1 or 2 a special characters +```sh +ttpassgen --dictlist "password_base_list.txt" --rule '$0[?d]{1:2:*}[!@#$%^]{1:2:*}' tt_password.list +``` + # exrex * Generate all possible outcomes from regex string diff --git a/Enumeration/GRPC.md b/Enumeration/GRPC.md new file mode 100644 index 0000000..bbfd667 --- /dev/null +++ b/Enumeration/GRPC.md @@ -0,0 +1,36 @@ +# GRPC + +## Gain intel on the available sources on a server + +List the available sources on the grpc server +```sh +grpcurl -plaintext $TARGET_IP list +``` + +Pick one of the listed services and connect to it +```sh +grpcurl -plaintext $TARGET_IP list $FOUND_SERVICE +``` + +Get a description for the selected service and their functions +```sh +grpcurl -plaintext $TARGET_IP describe $FOUND_SERVICE +``` + +## User Services on the Server + +Request the found functions of the service +```sh +grpcurl -plaintext $TARGET_IP describe $FOUND_SERVICE.FUNCTION +``` + +### Use the WebUI + +Open a WebUI on localhost to do the requests on the selected `$TARGET_IP` +```sh +grpcui -plaintext $TARGET_IP +``` + + + + diff --git a/Reverse Engineering/Deobfuscation.md b/Reverse Engineering/Deobfuscation.md index f173bba..7f1e652 100644 --- a/Reverse Engineering/Deobfuscation.md +++ b/Reverse Engineering/Deobfuscation.md @@ -101,3 +101,20 @@ nm ```sh floss --no-static-strings $BINARY_FILE ``` + +## Tools + +### Packers + +* UPX is a common packer, take a look at the binary if it is possibly packed via upx. Use the upx cli command to deobfuscate the binary +```sh +upx -d +``` + +### Demangler + +The binary may be mangled and needs to be demangled again for better readability. In case of C++ demangling, use `c++filt` to demangle the data types +```sh +c++filt _ZNSt7__cxx1114collate_bynameIcEC2ERKNS_12basic_stringIcSt11char_traitsIcESaIcEEEm +std::__cxx11::collate_byname::collate_byname(std::__cxx11::basic_string, std::allocator > const&, unsigned long) +```