From b6708156ab396fec0eee5db295f6f1b9aac3148a Mon Sep 17 00:00:00 2001 From: whx Date: Tue, 28 Dec 2021 00:59:54 +0100 Subject: [PATCH] java reversing --- .gitmodules | 6 +++ exploit/sqli/sqli.md | 1 + forensics/oletools.md | 28 +++++++++++++ .../active_directory}/powerview.ps1 | 0 misc/yara.md | 40 +++++++++++++++++++ reverse_engineering/SCDBG | 1 + reverse_engineering/java/krakatau.md | 17 ++++++++ 7 files changed, 93 insertions(+) create mode 100644 forensics/oletools.md rename {active_directory => misc/active_directory}/powerview.ps1 (100%) create mode 100644 misc/yara.md create mode 160000 reverse_engineering/SCDBG create mode 100644 reverse_engineering/java/krakatau.md diff --git a/.gitmodules b/.gitmodules index f9bfd06..6abf8eb 100644 --- a/.gitmodules +++ b/.gitmodules @@ -94,3 +94,9 @@ [submodule "exploit/web/xxe/xxeserv"] path = exploit/web/xxe/xxeserv url = https://github.com/staaldraad/xxeserv.git +[submodule "reverse_engineering/SCDBG"] + path = reverse_engineering/SCDBG + url = https://github.com/dzzie/SCDBG.git +[submodule "reverse_engineering/java/deobfuscator"] + path = reverse_engineering/java/deobfuscator + url = https://github.com/java-deobfuscator/deobfuscator.git diff --git a/exploit/sqli/sqli.md b/exploit/sqli/sqli.md index dc6e326..d0931f8 100644 --- a/exploit/sqli/sqli.md +++ b/exploit/sqli/sqli.md @@ -149,6 +149,7 @@ sqlmap -r request.txt --batch ```sh sqlmap -u http:///site.php --forms --dump-all ``` +* [Get reverse shell via sqlmap](https://www.hackingarticles.in/shell-uploading-in-web-server-using-sqlmap/) |Parameter|Details| diff --git a/forensics/oletools.md b/forensics/oletools.md new file mode 100644 index 0000000..251843e --- /dev/null +++ b/forensics/oletools.md @@ -0,0 +1,28 @@ +# oletools & Vmonkey + +* Analyze ooxml and ole2 files + +* [oletools repo](https://github.com/decalage2/oletools.git) + +## Usage + +* Check content of a stream +```sh +oledump.py file.doc -Ss +oledump.py file.doc -Ss -v +``` +```sh +oledump.py -i file.doc +``` +```sh +olevba file.doc +``` + +## Vipermonkey +* For the lazy ones +```sh +vmonkey file.doc +``` + +## scdbg +* [scdbg repo](https://github.com/dzzie/SCDBG.git) diff --git a/active_directory/powerview.ps1 b/misc/active_directory/powerview.ps1 similarity index 100% rename from active_directory/powerview.ps1 rename to misc/active_directory/powerview.ps1 diff --git a/misc/yara.md b/misc/yara.md new file mode 100644 index 0000000..ed22891 --- /dev/null +++ b/misc/yara.md @@ -0,0 +1,40 @@ +# Yara + +## Structure +A rule consists of + * Name + * Metadata + * String definitions + * Conditions on these strings + +## Example + +```sh +rule eicar { + meta: + author="foo" + description="eicar test virus" + strings: + $a="X5O" + $b="EICAR" + $c="ANTIVIRUS" + $d="TEST" + condition: + $a and $b and $c and $d + } +``` + +## Usage + +* Information about a rule, metadata or strings +```sh +yara -m +yara -s +``` + +* Run Yara via +```sh +yara +``` +* If the name of the rule and the target is returned, the rule matched. Otherwise it did not match. + diff --git a/reverse_engineering/SCDBG b/reverse_engineering/SCDBG new file mode 160000 index 0000000..95dcf1d --- /dev/null +++ b/reverse_engineering/SCDBG @@ -0,0 +1 @@ +Subproject commit 95dcf1d6a6072c6110dd99311b49d7734d17ce5e diff --git a/reverse_engineering/java/krakatau.md b/reverse_engineering/java/krakatau.md new file mode 100644 index 0000000..c998327 --- /dev/null +++ b/reverse_engineering/java/krakatau.md @@ -0,0 +1,17 @@ +# Krakatau + +## Usage +* Get bytecode from `jar` file +```sh +krakatau-disassemble -r file.jar -out dissassemble.zip +``` +* Generate bytecode +```sh +krakatau-assemble -out result.jar -r dissassembled/ +``` +* Do changes to the bytecode +* Compile jar file +```sh +java -cp result.jar +``` +