mirror of
https://github.com/cheat/cheat.git
synced 2024-11-23 14:31:36 +01:00
Merge remote-tracking branch 'upstream/master' into case-insensitive-search
This commit is contained in:
commit
b6cd3dae38
@ -1,7 +1,8 @@
|
||||
Contributing
|
||||
============
|
||||
If you would like to contribute cheetsheets or program functionality, please
|
||||
fork this repository, make your changes, and submit a pull request.
|
||||
fork this repository, make your changes, and submit a pull request against the
|
||||
`master` branch.
|
||||
|
||||
|
||||
## Python standards ##
|
||||
@ -22,4 +23,7 @@ tar -cvf /path/to/foo.tar /path/to/foo/
|
||||
tar -xzvf /path/to/foo.tgz
|
||||
```
|
||||
|
||||
If you are submitting a cheatsheet that contains side-by-side columns of text,
|
||||
please align the columns using spaces rather than tabs.
|
||||
|
||||
[PEP 8]: http://legacy.python.org/dev/peps/pep-0008/
|
||||
|
@ -42,7 +42,7 @@ from docopt import docopt
|
||||
|
||||
if __name__ == '__main__':
|
||||
# parse the command-line options
|
||||
options = docopt(__doc__, version='cheat 2.2.0')
|
||||
options = docopt(__doc__, version='cheat 2.2.3')
|
||||
|
||||
# list directories
|
||||
if options['--directories']:
|
||||
|
5
cheat/cheatsheets/alias
Normal file
5
cheat/cheatsheets/alias
Normal file
@ -0,0 +1,5 @@
|
||||
# Show a list of your current shell aliases
|
||||
alias
|
||||
|
||||
# Map `ll` to `ls -l` (Can be used per session or put inside a shell config file)
|
||||
alias ll='ls -l'
|
8
cheat/cheatsheets/cat
Normal file
8
cheat/cheatsheets/cat
Normal file
@ -0,0 +1,8 @@
|
||||
# Display the contents of a file
|
||||
cat /path/to/foo
|
||||
|
||||
# Display contents with line numbers
|
||||
cat -n /path/to/foo
|
||||
|
||||
# Display contents with line numbers (blank lines excluded)
|
||||
cat -b /path/to/foo
|
11
cheat/cheatsheets/cd
Normal file
11
cheat/cheatsheets/cd
Normal file
@ -0,0 +1,11 @@
|
||||
#Go to the given directory
|
||||
cd path/to/directory
|
||||
|
||||
#Go to home directory of current user
|
||||
cd
|
||||
|
||||
#Go up to the parent of the current directory
|
||||
cd ..
|
||||
|
||||
#Go to the previously chosen directory
|
||||
cd -
|
11
cheat/cheatsheets/cp
Normal file
11
cheat/cheatsheets/cp
Normal file
@ -0,0 +1,11 @@
|
||||
# Create a copy of a file
|
||||
cp ~/Desktop/foo.txt ~/Downloads/foo.txt
|
||||
|
||||
# Create a copy of a directory
|
||||
cp -r ~/Desktop/cruise_pics/ ~/Pictures/
|
||||
|
||||
# Create a copy but ask to overwrite if the destination file already exists
|
||||
cp -i ~/Desktop/foo.txt ~/Documents/foo.txt
|
||||
|
||||
# Create a backup file with date
|
||||
cp foo.txt{,."$(date +%Y%m%d-%H%M%S)"}
|
@ -16,7 +16,7 @@ SHELL=/bin/bash
|
||||
*/15 * * * * /home/user/command.sh
|
||||
|
||||
# every midnight
|
||||
* 0 * * * /home/user/command.sh
|
||||
0 0 * * * /home/user/command.sh
|
||||
|
||||
# every Saturday at 8:05 AM
|
||||
5 8 * * 6 /home/user/command.sh
|
||||
|
8
cheat/cheatsheets/cryptsetup
Normal file
8
cheat/cheatsheets/cryptsetup
Normal file
@ -0,0 +1,8 @@
|
||||
# open encrypted partition /dev/sdb1 (reachable at /dev/mapper/backup)
|
||||
cryptsetup open --type luks /dev/sdb1 backup
|
||||
|
||||
# open encrypted partition /dev/sdb1 using a keyfile (reachable at /dev/mapper/hdd)
|
||||
cryptsetup open --type luks --key-file hdd.key /dev/sdb1 hdd
|
||||
|
||||
# close luks container at /dev/mapper/hdd
|
||||
cryptsetup close hdd
|
@ -33,3 +33,9 @@ curl http://ifconfig.me/all/json
|
||||
|
||||
# Limit the rate of a download
|
||||
curl --limit-rate 1000B -O http://path.to.the/file
|
||||
|
||||
# Get your global IP
|
||||
curl httpbin.org/ip
|
||||
|
||||
# Get only the HTTP status code
|
||||
curl -o /dev/null -w '%{http_code}\n' -s -I URL
|
||||
|
@ -1,7 +1,7 @@
|
||||
# Read from {/dev/urandom} 2*512 Bytes and put it into {/tmp/test.txt}
|
||||
# Note: At the first iteration, we read 512 Bytes.
|
||||
# Note: At the second iteration, we read 512 Bytes.
|
||||
dd if=/dev/urandom of=/tmp/test.txt count=512 bs=2
|
||||
dd if=/dev/urandom of=/tmp/test.txt count=2 bs=512
|
||||
|
||||
# Watch the progress of 'dd'
|
||||
dd if=/dev/zero of=/dev/null bs=4KB &; export dd_pid=`pgrep '^dd'`; while [[ -d /proc/$dd_pid ]]; do kill -USR1 $dd_pid && sleep 1 && clear; done
|
||||
|
@ -1,3 +1,7 @@
|
||||
# Extract contents of a .deb file
|
||||
$ ar vx foo.deb # -> data.tar.gz
|
||||
$ tar xf data.tar.gz
|
||||
|
||||
# Install .deb file to a debian like system, e.g. ubuntu
|
||||
$ sudo dpkg -i foo.deb
|
||||
$ sudo apt-get install -f
|
||||
|
@ -1,12 +1,19 @@
|
||||
# Running emacs
|
||||
|
||||
GUI mode $ emacs
|
||||
Terminal mode $ emacs -nw
|
||||
|
||||
# Basic usage
|
||||
|
||||
Indent Select text then press TAB
|
||||
Cut CTRL-w
|
||||
Copy ALT-w
|
||||
Paste ("yank") CTRL-y
|
||||
Begin selection CTRL-SPACE
|
||||
Search/Find CTRL-s
|
||||
Replace ALT-% (ALT-SHIFT-5)
|
||||
Save CTRL-x CTRL-s
|
||||
Save as CTRL-x CTRL-w
|
||||
Load/Open CTRL-x CTRL-f
|
||||
Undo CTRL-x u
|
||||
Highlight all text CTRL-x h
|
||||
@ -15,7 +22,7 @@
|
||||
Font size bigger CTRL-x CTRL-+
|
||||
Font size smaller CTRL-x CTRL--
|
||||
|
||||
# Buffers
|
||||
# Buffers
|
||||
|
||||
Split screen vertically CTRL-x 2
|
||||
Split screen vertically with 5 row height CTRL-u 5 CTRL-x 2
|
||||
@ -23,11 +30,21 @@
|
||||
Split screen horizontally with 24 column width CTRL-u 24 CTRL-x 3
|
||||
Revert to single screen CTRL-x 1
|
||||
Hide the current screen CTRL-x 0
|
||||
Kill the current screen CTRL-x k
|
||||
Move to the next buffer CTRL-x O
|
||||
Move to the next screen CTRL-x o
|
||||
Kill the current buffer CTRL-x k
|
||||
Select a buffer CTRL-x b
|
||||
Run command in the scratch buffer CTRL-x CTRL-e
|
||||
|
||||
# Navigation ( backward / forward )
|
||||
|
||||
Character-wise CTRL-b , CTRL-f
|
||||
Word-wise ALT-b , ALT-f
|
||||
Line-wise CTRL-p , CTRL-n
|
||||
Sentence-wise ALT-a , ALT-e
|
||||
Paragraph-wise ALT-{ , ALT-}
|
||||
Function-wise CTRL-ALT-a , CTRL-ALT-e
|
||||
Line beginning / end CTRL-a , CTRL-e
|
||||
|
||||
# Other stuff
|
||||
|
||||
Open a shell ALT-x eshell
|
||||
|
5
cheat/cheatsheets/export
Normal file
5
cheat/cheatsheets/export
Normal file
@ -0,0 +1,5 @@
|
||||
# Calling export with no arguments will show current shell attributes
|
||||
export
|
||||
|
||||
# Create new environment variable
|
||||
export VARNAME="value"
|
@ -19,11 +19,11 @@ find ./path/ -name '*.txt' -exec rm '{}' \;
|
||||
# To find files with extension '.txt' and look for a string into them:
|
||||
find ./path/ -name '*.txt' | xargs grep 'string'
|
||||
|
||||
# To find files with size bigger than 5 Mb and sort them by size:
|
||||
# To find files with size bigger than 5 Mebibyte and sort them by size:
|
||||
find . -size +5M -type f -print0 | xargs -0 ls -Ssh | sort -z
|
||||
|
||||
# To find files bigger thank 2 MB and list them:
|
||||
find . -type f -size +20000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
|
||||
# To find files bigger than 2 Megabyte and list them:
|
||||
find . -type f -size +200000000c -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'
|
||||
|
||||
# To find files modified more than 7 days ago and list file information
|
||||
find . -type f -mtime +7d -ls
|
||||
|
@ -10,8 +10,26 @@ do
|
||||
echo $var
|
||||
done
|
||||
|
||||
# loop over all the JPG files in the current directory
|
||||
for jpg_file in *.jpg
|
||||
do
|
||||
echo $jpg_file
|
||||
done
|
||||
|
||||
# loop specified number of times
|
||||
for i in `seq 1 10`
|
||||
do
|
||||
echo $i
|
||||
done
|
||||
|
||||
# loop specified number of times: the C/C++ style
|
||||
for ((i=1;i<=10;++i))
|
||||
do
|
||||
echo $i
|
||||
done
|
||||
|
||||
# loop specified number of times: the brace expansion
|
||||
for i in {1..10}
|
||||
do
|
||||
echo $i
|
||||
done
|
||||
|
12
cheat/cheatsheets/gyb
Normal file
12
cheat/cheatsheets/gyb
Normal file
@ -0,0 +1,12 @@
|
||||
# To estimate the number and the size of all mails on youremail@gmail.com
|
||||
gyb --email youremail@gmail.com --action estimate
|
||||
|
||||
# To backup from youremail@gmail.com to your local-folder
|
||||
gyb --email youremail@gmail.com --action backup --local-folder "~/MyLocalFolder/"
|
||||
|
||||
# To backup from youremail@gmail.com only important or starred emails to the
|
||||
# default local folder GYB-GMail-Backup-youremail@gmail.com
|
||||
gyb --email youremail@gmail.com --search "is:important OR is:starred"
|
||||
|
||||
# To restore from your local-folder to youremail@gmail.com
|
||||
gyb --email youremail@gmail.com --action restore --local-folder "~/MyLocalFolder/"
|
3
cheat/cheatsheets/iconv
Normal file
3
cheat/cheatsheets/iconv
Normal file
@ -0,0 +1,3 @@
|
||||
# To convert file (iconv.src) from iso-8859-1 to utf-8 and save to
|
||||
# /tmp/iconv.out
|
||||
iconv -f iso-8859-1 -t utf-8 iconv.src -o /tmp/iconv.out
|
5
cheat/cheatsheets/kill
Normal file
5
cheat/cheatsheets/kill
Normal file
@ -0,0 +1,5 @@
|
||||
# Kill a process gracefully
|
||||
kill -15 <process id>
|
||||
|
||||
# Kill a process forcefully
|
||||
kill -9 <process id>
|
21
cheat/cheatsheets/lsblk
Normal file
21
cheat/cheatsheets/lsblk
Normal file
@ -0,0 +1,21 @@
|
||||
# Show all available block devices along with their partitioning schemes
|
||||
lsblk
|
||||
|
||||
# To show SCSI devices:
|
||||
lsblk --scsi
|
||||
|
||||
# To show a specific device
|
||||
lsblk /dev/sda
|
||||
|
||||
# To verify TRIM support:
|
||||
# Check the values of DISC-GRAN (discard granularity) and DISC-MAX (discard max bytes) columns.
|
||||
# Non-zero values indicate TRIM support
|
||||
lsblk --discard
|
||||
|
||||
# To featch info about filesystems:
|
||||
lsblk --fs
|
||||
|
||||
# For JSON, LIST or TREE output formats use the following flags:
|
||||
lsblk --json
|
||||
lsblk --list
|
||||
lsblk --tree # default view
|
@ -38,7 +38,7 @@ This is [an example](http://example.com "Title") inline link.
|
||||
# image
|
||||
![Alt Text](/path/to/file.png)
|
||||
|
||||
# emphasis
|
||||
# formatting
|
||||
*em* _em_
|
||||
|
||||
**strong** __strong__
|
||||
~~strikethrough~~
|
||||
|
22
cheat/cheatsheets/mutt
Normal file
22
cheat/cheatsheets/mutt
Normal file
@ -0,0 +1,22 @@
|
||||
# Create new mailbox in IMAP
|
||||
+ When located in mailbox list (c)
|
||||
shift + C
|
||||
|
||||
# Move multiple messages to folder (bulk operations)
|
||||
|
||||
1. Select/tag them with alt+'t'
|
||||
2. ;s in mail inbox overview for bulk operation
|
||||
|
||||
# Deleting / Undeleting all messages in mutt
|
||||
|
||||
1. In mutt’s index, hit ‘D’ (UPPERCASE D)
|
||||
2. It will prompt you with “Delete messages matching: “
|
||||
|
||||
+ enter this string:
|
||||
|
||||
~A
|
||||
|
||||
3. It should mark all for deletion!
|
||||
|
||||
|
||||
4. Conversely, you can do the same thing with UPPERCASE U to undelete multiple messages.
|
17
cheat/cheatsheets/mv
Normal file
17
cheat/cheatsheets/mv
Normal file
@ -0,0 +1,17 @@
|
||||
# Move a file from one place to another
|
||||
mv ~/Desktop/foo.txt ~/Documents/foo.txt
|
||||
|
||||
# Move a file from one place to another and automatically overwrite if the destination file exists
|
||||
# (This will override any previous -i or -n args)
|
||||
mv -f ~/Desktop/foo.txt ~/Documents/foo.txt
|
||||
|
||||
# Move a file from one place to another but ask before overwriting an existing file
|
||||
# (This will override any previous -f or -n args)
|
||||
mv -i ~/Desktop/foo.txt ~/Documents/foo.txt
|
||||
|
||||
# Move a file from one place to another but never overwrite anything
|
||||
# (This will override any previous -f or -i args)
|
||||
mv -n ~/Desktop/foo.txt ~/Documents/foo.txt
|
||||
|
||||
# Move listed files to a directory
|
||||
mv -t ~/Desktop/ file1 file2 file3
|
@ -29,3 +29,9 @@ UPDATE tbl_name SET col1 = "example";
|
||||
|
||||
# Basic DELETE Statement
|
||||
DELETE FROM tbl_name WHERE user = 'jcole';
|
||||
|
||||
# To check stored procedure
|
||||
SHOW PROCEDURE STATUS;
|
||||
|
||||
# To check stored function
|
||||
SHOW FUNCTION STATUS;
|
||||
|
@ -34,7 +34,10 @@ nmcli dev status
|
||||
# Add a dynamic ethernet connection - parameters:
|
||||
# <name> -- the name of the connection
|
||||
# <iface_name> -- the name of the interface
|
||||
ncmli con add type ethernet con-name <name> ifname <iface_name>
|
||||
nmcli con add type ethernet con-name <name> ifname <iface_name>
|
||||
|
||||
# Import OpenVPN connection settings from file:
|
||||
nmcli con import type openvpn file <path_to_ovpn_file>
|
||||
|
||||
# Bring up the ethernet connection
|
||||
nmcli con up <name>
|
||||
|
@ -15,6 +15,9 @@ openssl req -text -noout -in server.csr
|
||||
# To show certificate information for generated certificate
|
||||
openssl x509 -text -noout -in server.crt
|
||||
|
||||
# To get the sha256 fingerprint of a certificate
|
||||
openssl x509 -in server.crt -noout -sha256 -fingerprint
|
||||
|
||||
# To view certificate expiration:
|
||||
echo | openssl s_client -connect <hostname>:443 2> /dev/null | \
|
||||
awk '/-----BEGIN/,/END CERTIFICATE-----/' | \
|
||||
|
8
cheat/cheatsheets/perl
Normal file
8
cheat/cheatsheets/perl
Normal file
@ -0,0 +1,8 @@
|
||||
# To view the perl version:
|
||||
perl -v
|
||||
|
||||
# Replace string "\n" to newline
|
||||
echo -e "foo\nbar\nbaz" | perl -pe 's/\n/\\n/g;'
|
||||
|
||||
# Replace newline with multiple line to space
|
||||
cat test.txt | perl -0pe "s/test1\ntest2/test1 test2/m"
|
5
cheat/cheatsheets/pgrep
Normal file
5
cheat/cheatsheets/pgrep
Normal file
@ -0,0 +1,5 @@
|
||||
# Get a list of PIDs matching the pattern
|
||||
pgrep example
|
||||
|
||||
# Kill all PIDs matching the pattern
|
||||
pgrep -f example | xargs kill
|
@ -23,5 +23,8 @@ pip list --outdated
|
||||
# Upgrade all outdated packages, thanks to http://stackoverflow.com/a/3452888
|
||||
pip freeze --local | grep -v '^\-e' | cut -d = -f 1 | xargs -n1 pip install -U
|
||||
|
||||
# Upgrade outdated packages on latest version of pip
|
||||
pip list --outdated --format=freeze | cut -d = -f 1 | xargs -n1 pip install -U
|
||||
|
||||
# Install specific version of a package
|
||||
pip install -I SomePackage1==1.1.0 'SomePackage2>=1.0.4'
|
||||
|
5
cheat/cheatsheets/pkill
Normal file
5
cheat/cheatsheets/pkill
Normal file
@ -0,0 +1,5 @@
|
||||
# To kill a process using it's full process name
|
||||
pkill <processname>
|
||||
|
||||
# To kill a process by it's partial name
|
||||
pkill -f <string>
|
26
cheat/cheatsheets/psql
Normal file
26
cheat/cheatsheets/psql
Normal file
@ -0,0 +1,26 @@
|
||||
# psql is the PostgreSQL terminal interface. The following commands were tested on version 9.5.
|
||||
# Connection options:
|
||||
# -U username (if not specified current OS user is used).
|
||||
# -p port.
|
||||
# -h server hostname/address.
|
||||
|
||||
# Connect to a specific database:
|
||||
psql -U postgres -h serverAddress -d dbName
|
||||
|
||||
# Get databases on a server:
|
||||
psql -U postgres -h serverAddress --list
|
||||
|
||||
# Execute sql query and save output to file:
|
||||
psql -U postgres -d dbName -c 'select * from tableName;' -o fileName
|
||||
|
||||
# Execute query and get tabular html output:
|
||||
psql -U postgres -d dbName -H -c 'select * from tableName;'
|
||||
|
||||
# Execute query and save resulting rows to csv file:
|
||||
psql -U postgres -d dbName -t -A -P fieldsep=',' -c 'select * from tableName;' -o fileName.csv
|
||||
|
||||
# Read commands from file:
|
||||
psql -f fileName
|
||||
|
||||
# Restore databases from file:
|
||||
psql -f fileName.backup postgres
|
2
cheat/cheatsheets/pwd
Normal file
2
cheat/cheatsheets/pwd
Normal file
@ -0,0 +1,2 @@
|
||||
# Show the absolute path of your current working directory on the filesystem
|
||||
pwd
|
936
cheat/cheatsheets/r2
Normal file
936
cheat/cheatsheets/r2
Normal file
@ -0,0 +1,936 @@
|
||||
# Command Line options
|
||||
-L: List of supported IO plugins
|
||||
|
||||
-q: Exit after processing commands
|
||||
|
||||
-w: Write mode enabled
|
||||
|
||||
-i: Interprets a r2 script
|
||||
|
||||
-A: Analize executable at load time (xrefs, etc)
|
||||
|
||||
-n: Bare load. Do not load executable info as the entrypoint
|
||||
|
||||
-c'cmds': Run r2 and execute commands (eg: r2 -wqc'wx 3c @ main')
|
||||
|
||||
-p: Creates a project for the file being analyzed (CC add a comment when opening a file as a project)
|
||||
|
||||
-: Opens r2 with the malloc plugin that gives a 512 bytes memory area to play with (size can be changed); Similar to r2 malloc://512
|
||||
|
||||
-----------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
# Configuration properties
|
||||
e: Returs configuration properties
|
||||
|
||||
e <property>: Checks a specific property:
|
||||
e asm.tabs => false
|
||||
|
||||
e <property>=<value>: Change property value
|
||||
e asm.arch=ppc
|
||||
|
||||
e? help about a configuration property
|
||||
e? cmd.stack
|
||||
|
||||
|
||||
|
||||
# Show comments at right of disassembly if they fit in screen
|
||||
e asm.cmtright=true
|
||||
|
||||
# Shows pseudocode in disassembly. Eg mov eax, str.ok = > eax = str.ok
|
||||
e asm.pseudo = true
|
||||
|
||||
# Display stack and register values on top of disasembly view (visual mode)
|
||||
e cmd.stack = true
|
||||
|
||||
# Solarized theme
|
||||
eco solarized
|
||||
|
||||
# Use UTF-8 to show cool arrows that do not look like crap :)
|
||||
e scr.utf8 = true
|
||||
|
||||
-----------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
# Basic Commands
|
||||
|
||||
; Command chaining: x 3;s+3;pi 3;s+3;pxo 4;
|
||||
|
||||
| Pipe with shell commands: pd | less
|
||||
|
||||
! Run shell commands: !cat /etc/passwd
|
||||
|
||||
!! Escapes to shell, run command and pass output to radare buffer
|
||||
|
||||
Note: The double exclamation mark tells radare to skip the plugin list to find an IO plugin handling this
|
||||
command to launch it directly to the shell. A single one will walk through the io plugin list.
|
||||
|
||||
` Radare commands: wx `!ragg2 -i exec`
|
||||
|
||||
~ grep
|
||||
|
||||
~! grep -v
|
||||
|
||||
~[n] grep by columns afl~[0]
|
||||
|
||||
~:n grep by rows afl~:0
|
||||
|
||||
<command>~.. less/more mode
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
pi~mov,eax ; lines with mov or eax
|
||||
pi~mov&eax ; lines with mov and eax
|
||||
pi~mov,eax:6 ; 6 first lines with mov or eax
|
||||
pd 20~call[0]:0 ; grep first column of the first row matching 'call'
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
.cmd Interprets command output
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
is* prints symbolos
|
||||
.is* interprets output and define the symbols in radare (normally they are already loaded if r2 was not invoked with -n)
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
.. repeats last commands (same as enter \n)
|
||||
|
||||
( Used to define and run macros
|
||||
|
||||
$ Used to define alias
|
||||
|
||||
$$: Resolves to current address
|
||||
|
||||
Offsets (@) are absolute, we can use $$ for relative ones @ $$+4
|
||||
|
||||
? Evaluate expression
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
[0x00000000]> ? 33 +2
|
||||
35 0x23 043 0000:0023 35 00100011 35.0 0.000000
|
||||
Note: | and & need to be escaped
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
?$? Help for variables used in expressions
|
||||
|
||||
$$: Here
|
||||
|
||||
$s: File size
|
||||
|
||||
$b: Block size
|
||||
|
||||
$l: Opcode length
|
||||
|
||||
$j: When $$ is at a jmp, $j is the address where we are going to jump to
|
||||
|
||||
$f: Same for jmp fail address
|
||||
|
||||
$m: Opcode memory reference (e.g. mov eax,[0x10] => 0x10)
|
||||
|
||||
??? Help for ? command
|
||||
|
||||
?i Takes input from stdin. Eg ?i username
|
||||
|
||||
?? Result from previous operations
|
||||
|
||||
?s from to [step]: Generates sequence from to every
|
||||
|
||||
?p: Get physical address for given virtual address
|
||||
|
||||
?P: Get virtual address for given physical one
|
||||
|
||||
?v Show hex value of math expr
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
?v 0x1625d4ca ^ 0x72ca4247 = 0x64ef968d
|
||||
?v 0x4141414a - 0x41414140 = 0xa
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
?l str: Returns the length of string
|
||||
|
||||
@@: Used for iteractions
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
wx ff @@10 20 30 Writes ff at offsets 10, 20 and 30
|
||||
wx ff @@`?s 1 10 2` Writes ff at offsets 1, 2 and 3
|
||||
wx 90 @@ sym.* Writes a nop on every symbol
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
# Positioning
|
||||
|
||||
s address: Move cursor to address or symbol
|
||||
|
||||
s-5 (5 bytes backwards)
|
||||
|
||||
s- undo seek
|
||||
|
||||
s+ redo seek
|
||||
|
||||
# Block Size
|
||||
|
||||
b size: Change block size
|
||||
|
||||
# Analyze
|
||||
|
||||
aa: Analyze all (fcns + bbs) same that running r2 with -A
|
||||
|
||||
ahl <length> <range>: fake opcode length for a range of bytes
|
||||
|
||||
ad: Analyze data
|
||||
|
||||
ad@rsp (analize the stack)
|
||||
|
||||
+ Normal mode
|
||||
|
||||
af: Analyze functions
|
||||
|
||||
afl: List all functions
|
||||
number of functions: afl~?
|
||||
|
||||
afi: Returns information about the functions we are currently at
|
||||
|
||||
afr: Rename function: structure and flag
|
||||
|
||||
afr off: Restore function name set by r2
|
||||
|
||||
afn: Rename function
|
||||
|
||||
afn strlen 0x080483f0
|
||||
|
||||
af-: Removes metadata generated by the function analysis
|
||||
|
||||
af+: Define a function manually given the start address and length
|
||||
af+ 0xd6f 403 checker_loop
|
||||
|
||||
axt: Returns cross references to (xref to)
|
||||
|
||||
axf: Returns cross references from (xref from)
|
||||
|
||||
+ Visual mode
|
||||
|
||||
d, f: Function analysis
|
||||
|
||||
d, u: Remove metadata generated by function analysis
|
||||
|
||||
+ Opcode analysis
|
||||
|
||||
ao x: Analize x opcodes from current offset
|
||||
|
||||
a8 bytes: Analize the instruction represented by specified bytes
|
||||
|
||||
# Information
|
||||
|
||||
iI: File info
|
||||
|
||||
iz: Strings in data section
|
||||
|
||||
izz: Strings in the whole binary
|
||||
|
||||
iS: Sections
|
||||
iS~w returns writable sections
|
||||
|
||||
is: Symbols
|
||||
is~FUNC exports
|
||||
|
||||
il: Linked libraries
|
||||
|
||||
ii: Imports
|
||||
|
||||
ie: Entrypoint
|
||||
|
||||
+ Mitigations
|
||||
|
||||
i~pic : check if the binary has position-independent-code
|
||||
|
||||
i~nx : check if the binary has non-executable stack
|
||||
|
||||
i~canary : check if the binary has canaries
|
||||
|
||||
# Print
|
||||
|
||||
psz n @ offset: Print n zero terminated String
|
||||
|
||||
px n @ offset: Print hexdump (or just x) of n bytes
|
||||
|
||||
pxw n @ offset: Print hexdump of n words
|
||||
pxw size@offset prints hexadecimal words at address
|
||||
|
||||
pd n @ offset: Print n opcodes disassambled
|
||||
|
||||
pD n @ offset: Print n bytes disassembled
|
||||
|
||||
pi n @ offset: Print n instructions disassambeled (no address, XREFs, etc. just instrunctions)
|
||||
|
||||
pdf @ offset: Print disassembled function
|
||||
pdf~XREF (grep: XREFs)
|
||||
pdf~call (grep: calls)
|
||||
|
||||
pcp n @ offset: Print n bytes in python string output.
|
||||
pcp 0x20@0x8048550
|
||||
import struct
|
||||
buf = struct.pack ("32B",
|
||||
0x55,0x89,0xe5,0x83,0xzz,0xzz,0xzz,0xzz,0xf0,0x00,0x00,
|
||||
0x00,0x00,0xc7,0x45,0xf4,0x00,0x00,0x00,0x00,0xeb,0x20,
|
||||
0xc7,0x44,0x24,0x04,0x01,0x00,0x00,0x00,0xzz,0xzz)
|
||||
|
||||
p8 n @ offset: Print n bytes (8bits) (no hexdump)
|
||||
|
||||
pv: Print file contents as IDA bar and shows metadata for each byte (flags , ...)
|
||||
|
||||
pt: Interpret data as dates
|
||||
|
||||
pf: Print with format
|
||||
|
||||
pf.: list all formats
|
||||
|
||||
p=: Print entropy ascii graph
|
||||
|
||||
# Write
|
||||
|
||||
wx: Write hex values in current offset
|
||||
wx 123456
|
||||
wx ff @ 4
|
||||
|
||||
wa: Write assembly
|
||||
wa jnz 0x400d24
|
||||
|
||||
wc: Write cache commit
|
||||
|
||||
wv: Writes value doing endian conversion and padding to byte
|
||||
|
||||
wo[x]: Write result of operation
|
||||
wow 11223344 @102!10
|
||||
write looped value from 102 to 102+10
|
||||
0x00000066 1122 3344 1122 3344 1122 0000 0000 0000
|
||||
|
||||
wox 0x90
|
||||
XOR the current block with 0x90. Equivalent to wox 0x90 $$!$b (write from current position, a whole block)
|
||||
|
||||
wox 67 @4!10
|
||||
XOR from offset 4 to 10 with value 67
|
||||
|
||||
wf file: Writes the content of the file at the current address or specified offset (ASCII characters only)
|
||||
|
||||
wF file: Writes the content of the file at the current address or specified offset
|
||||
|
||||
wt file [sz]: Write to file (from current seek, blocksize or sz bytes)
|
||||
Eg: Dump ELF files with wt @@ hit0* (after searching for ELF headers: \x7fELF)
|
||||
|
||||
woO 41424344 : get the index in the De Bruijn Pattern of the given word
|
||||
|
||||
# Flags
|
||||
|
||||
f: List flags
|
||||
|
||||
f label @ offset: Define a flag `label` at offset
|
||||
f str.pass_len @ 0x804999c
|
||||
|
||||
f -label: Removes flag
|
||||
|
||||
fr: Rename flag
|
||||
|
||||
fd: Returns position from nearest flag (looking backwards). Eg => entry+21
|
||||
|
||||
fs: Show all flag spaces
|
||||
|
||||
fs flagspace: Change to the specified flag space
|
||||
|
||||
fe loop and create numbered flags:
|
||||
|
||||
1. fs demo_flagspace
|
||||
2. fe demo_flagspace @@=`pdf~jne[1]`
|
||||
|
||||
# Yank & Paste
|
||||
|
||||
y n: Copies n bytes from current position
|
||||
|
||||
y: Shows yank buffer contentent with address and length where each entry was copied from
|
||||
|
||||
yp: Prints yank buffer
|
||||
|
||||
yy offset: Paste the contents of the yank buffer at the specified offset
|
||||
|
||||
yt n target @ source: Yank to. Copy n bytes fromsource to target address
|
||||
|
||||
# Visual Mode
|
||||
|
||||
q: Exits visual mode
|
||||
|
||||
hjkl: move around (or HJKL) (left-down-up-right)
|
||||
|
||||
o: go/seek to given offset
|
||||
|
||||
?: Help
|
||||
|
||||
.: Seek EIP
|
||||
|
||||
<enter>: Follow address of the current jump/call
|
||||
|
||||
:cmd: Enter radare commands. Eg: x @ esi
|
||||
|
||||
d[f?]: Define cursor as a string, data, code, a function, or simply to undefine it.
|
||||
dr: Rename a function
|
||||
df: Define a function
|
||||
|
||||
v: Get into the visual code analysis menu to edit/look closely at the current function.
|
||||
|
||||
p/P: Rotate print (visualization) modes
|
||||
hex, the hexadecimal view
|
||||
disasm, the disassembly listing
|
||||
Use numbers in [] to follow jump
|
||||
Use "u" to go back
|
||||
|
||||
debug, the debugger
|
||||
words, the word-hexidecimal view
|
||||
buf, the C-formatted buffer
|
||||
annotated, the annotated hexdump.
|
||||
|
||||
c: Changes to cursor mode or exits the cursor mode
|
||||
select: Shift+[hjkl]
|
||||
i: Insert mode
|
||||
a: assembly inline
|
||||
A: Assembly in visual mode
|
||||
y: Copy
|
||||
Y: Paste
|
||||
f: Creates a flag where cursor points to
|
||||
<tab> in the hexdump view to toggle between hex and strings columns
|
||||
|
||||
V: View ascii-art basic block graph of current function
|
||||
|
||||
W: WebUI
|
||||
|
||||
x, X: XREFs to current function. ("u" to go back)
|
||||
|
||||
t: track flags (browse symbols, functions..)
|
||||
|
||||
gG: Begging or end of file
|
||||
|
||||
HUD
|
||||
_ Show HUD
|
||||
backspace: Exits HUD
|
||||
We can add new commands to HUD in: radare2/shlr/hud/main
|
||||
|
||||
;[-]cmt: Add/remove comment
|
||||
|
||||
m<char>: Define a bookmark
|
||||
|
||||
'<char>: Go to previously defined bookmark
|
||||
|
||||
# ROP
|
||||
|
||||
/R opcodes: Search opcodes
|
||||
|
||||
/R pop,pop,ret
|
||||
|
||||
/Rl opcodes: Search opcodes and print them in linear way
|
||||
|
||||
/Rl jmp eax,call ebx
|
||||
|
||||
/a: Search assembly
|
||||
|
||||
/a jmp eax
|
||||
|
||||
pda: Returns a library of gadgets that can be use. These gadgets are obtained by disassmbling byte per byte instead of obeying to opcode leng
|
||||
|
||||
e search.roplen = 4 (change the depth of the search, to speed-up the hunt)
|
||||
|
||||
# Searching
|
||||
|
||||
/ bytes: Search bytes
|
||||
\x7fELF
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
push ebp
|
||||
mov ebp, esp
|
||||
|
||||
Opcodes: 5589e5
|
||||
|
||||
/x 5589e5
|
||||
[# ]hits: 54c0f4 < 0x0804c600 hits = 1
|
||||
0x08049f70 hit0_0 5589e557565383e4f081ec
|
||||
0x0804c31a hit0_1 5589e583ec18c704246031
|
||||
0x0804c353 hit0_2 5589e583ec1889442404c7
|
||||
0x0804c379 hit0_3 5589e583ec08e87cffffff
|
||||
0x0804c3a2 hit0_4 5589e583ec18c70424302d
|
||||
|
||||
pi 5 @@hit* (Print 5 first instructions of every hit)
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
Its possible to run a command for each hit. Use the cmd.hit property:
|
||||
|
||||
e cmd.hit=px
|
||||
|
||||
# Comments and defines
|
||||
|
||||
Cd [size]: Define as data
|
||||
|
||||
C- [size]: Define as code
|
||||
|
||||
Cs [size]: Define as String
|
||||
|
||||
Cf [size]: Define as struct
|
||||
We can define structures to be shown in the disassmbly
|
||||
|
||||
CC: List all comments or add a new comment in console mode
|
||||
C* Show all comments/metadata
|
||||
CC <comment> add new comment
|
||||
CC- remove comment
|
||||
|
||||
# Magic files
|
||||
|
||||
pm: Print Magic files analysis
|
||||
[0x00000000]> pm
|
||||
0x00000000 1 ELF 32-bit LSB executable, Intel 80386, version 1
|
||||
|
||||
/m [magicfile]: Search magic number headers with libmagic
|
||||
|
||||
search.align
|
||||
search.from (0 = beginning)
|
||||
search.to (0 = end)
|
||||
search.asmstr
|
||||
search.in
|
||||
|
||||
# Yara
|
||||
|
||||
:yara scan
|
||||
|
||||
# Zignatures
|
||||
|
||||
zg <language> <output file>: Generate signatures
|
||||
eg: zg go go.z
|
||||
|
||||
Run the generated script to load signatures
|
||||
eg: . go.z
|
||||
|
||||
z: To show signatures loaded:
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
r2-(pid2)> pd 35 @ 0x08049adb-10
|
||||
| 0x08049adb call fcn.0805b030
|
||||
| fcn.0805b030(unk, unk, unk, unk) ; sign.sign.b.sym.fmt.Println
|
||||
| 0x08049ae0 add esp, 0xc
|
||||
| 0x08049ae3 call fcn.08095580
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
# Compare Files
|
||||
|
||||
r2 -m 0xf0000 /etc/fstab ; Open source file
|
||||
|
||||
o /etc/issue ; Open file2 at offset 0
|
||||
|
||||
o ; List both files
|
||||
|
||||
cc offset: Diff by columns between current offset address and "offset"
|
||||
|
||||
# Graphs
|
||||
|
||||
+ Basic block graphs
|
||||
|
||||
af: Load function metadata
|
||||
|
||||
ag $$ > a.dot: Dump basic block graph to file
|
||||
|
||||
ag $$ | xdot: Show current function basic block graph
|
||||
|
||||
+ Call graphs
|
||||
|
||||
af: Load function metadata
|
||||
|
||||
agc $$ > b.dot: Dump basic block graph to file
|
||||
|
||||
+ Convert .dot in .png
|
||||
|
||||
dot -Tpng -o /tmp/b.png b.dot
|
||||
|
||||
+ Generate graph for file
|
||||
|
||||
radiff2 -g main crackme.bin crackme.bin > /tmp/a
|
||||
xdot /tmp/a
|
||||
|
||||
# Debugger
|
||||
|
||||
+ Start r2 in debugger mode. r2 will fork and attach
|
||||
|
||||
r2 -d [pid|cmd|ptrace] (if command contains spaces use quotes: r2 -d "ls /")
|
||||
|
||||
ptrace://pid (debug backend does not notice, only access to mapped memory)
|
||||
|
||||
+ Pass arguments
|
||||
|
||||
r2 -d rarun2 program=pwn1 arg1=$(python exploit.py)
|
||||
|
||||
+ Pass stdin
|
||||
|
||||
r2 -d rarun2 program=/bin/ls stdin=$(python exploit.py)
|
||||
|
||||
+ Commands
|
||||
|
||||
do: Reopen program
|
||||
|
||||
dp: Shows debugged process, child processes and threads
|
||||
|
||||
dc: Continue
|
||||
|
||||
dcu <address or symbol>: Continue until symbol (sets bp in address, continua until bp and remove bp)
|
||||
|
||||
dc[sfcp]: Continue until syscall(eg: write), fork, call, program address (To exit a library)
|
||||
|
||||
ds: Step in
|
||||
|
||||
dso: Step out
|
||||
|
||||
dss: Skip instruction
|
||||
|
||||
dr register=value: Change register value
|
||||
|
||||
dr(=)?: Show register values
|
||||
|
||||
db address: Sets a breakpoint at address
|
||||
db sym.main add breakpoint into sym.main
|
||||
db 0x804800 add breakpoint
|
||||
db -0x804800 remove breakpoint
|
||||
|
||||
dsi (conditional step): Eg: "dsi eax==3,ecx>0"
|
||||
|
||||
dbt: Shows backtrace
|
||||
|
||||
drr: Display in colors and words all the refs from registers or memory
|
||||
|
||||
dm: Shows memory map (* indicates current section)
|
||||
[0xb776c110]> dm
|
||||
sys 0x08048000 - 0x08062000 s r-x /usr/bin/ls
|
||||
sys 0x08062000 - 0x08064000 s rw- /usr/bin/ls
|
||||
sys 0xb776a000 - 0xb776b000 s r-x [vdso]
|
||||
sys 0xb776b000 * 0xb778b000 s r-x /usr/lib/ld-2.17.so
|
||||
sys 0xb778b000 - 0xb778d000 s rw- /usr/lib/ld-2.17.so
|
||||
sys 0xbfe5d000 - 0xbfe7e000 s rw- [stack]
|
||||
|
||||
+ To follow child processes in forks (set-follow-fork-mode in gdb)
|
||||
|
||||
dcf until a fork happen then use dp to select what process you want to debug.
|
||||
|
||||
+ PEDA like details
|
||||
|
||||
drr;pd 10@-10;pxr 40@esp
|
||||
|
||||
+ Debug in visual mode
|
||||
|
||||
toggl breakpoints with F2
|
||||
single-step with F7 (s)
|
||||
step-over with F8 (S)
|
||||
continue with F9
|
||||
|
||||
# WebGUI
|
||||
|
||||
=h: Start the server
|
||||
=H: Start server and browser
|
||||
|
||||
# rax2 - Base Conversion
|
||||
|
||||
-e: Change endian
|
||||
|
||||
-k: random ASCII art to represent a number/hash. Similar to how SSH represents keys
|
||||
|
||||
-s: ASCII to hex
|
||||
rax2 -S hola (from string to hex)
|
||||
rax2 -s 686f6c61 (from hex to string)
|
||||
|
||||
-S: binary to hex (for files)
|
||||
|
||||
-N: pack an integer
|
||||
rax2 -N 0x1234 # \x34\x12\x00\x00
|
||||
|
||||
# rahash2 - Entropy, hashes and checksums
|
||||
|
||||
-a: Specify the algorithm
|
||||
|
||||
-b XXX: Block size
|
||||
|
||||
-B: Print all blocks
|
||||
|
||||
-a entropy: Show file entropy or entropy per block (-B -b 512 -a entropy)
|
||||
|
||||
+ Rot13 with rahash2
|
||||
rahash2 -E rot -S s:13 -s ‘Hello\n’
|
||||
|
||||
# radiff2 - File diffing
|
||||
|
||||
-s: Calculate text distance from two files.
|
||||
|
||||
-d: Delta diffing (For files with different sizes. Its not byte per byte)
|
||||
|
||||
-C: Code diffing (instead of data)
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
Diff original and patched on x86_32, using graphdiff algorithm
|
||||
radiff2 -a x86 -b32 -C original patched
|
||||
|
||||
Show differences between original and patched on x86_32
|
||||
radiff2 -a x86 -b32 original patched :
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
# rasm2 - Assembly/Disasembly
|
||||
|
||||
-L: Supported architectures
|
||||
|
||||
-a arch instruction: Sets architecture
|
||||
rasm2 -a x86 'mov eax,30' => b81e000000
|
||||
|
||||
-b tam: Sets block size
|
||||
|
||||
-d: Disassembly
|
||||
rasm2 -d b81e000000 => mov eax, 0x1e
|
||||
|
||||
-C: Assembly in C output
|
||||
rasm2 -C 'mov eax,30' => "\xb8\x1e\x00\x00\x00"
|
||||
|
||||
-D: Disassemble showing hexpair and opcode
|
||||
rasm2 -D b81e0000 => 0x00000000 5 b81e000000 mov eax, 0x1e
|
||||
|
||||
-f: Read data from file instead of ARG.
|
||||
|
||||
-t: Write data to file
|
||||
|
||||
+ Disassemble shellcode from hex stdin
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
echo -n "31c048bbd19d9691d08c97ff48f7db53545f995257545eb03b0f05" | rasm2 -a x86 -b 64 -d -
|
||||
xor eax, eax
|
||||
movabs rbx, 0xff978cd091969dd1
|
||||
neg rbx
|
||||
push rbx
|
||||
push rsp
|
||||
pop rdi
|
||||
cdq
|
||||
push rdx
|
||||
push rdi
|
||||
push rsp
|
||||
pop rsi
|
||||
mov al, 0x3b
|
||||
syscall
|
||||
|
||||
+-------------------------------------------------------------------
|
||||
|
||||
# rafind2 - Search
|
||||
|
||||
-Z: Look for Zero terminated strings
|
||||
|
||||
-s str: Look for specifc string
|
||||
|
||||
-X: Hex dump around output
|
||||
|
||||
+ Search "/bin/sh" in libc
|
||||
|
||||
rafind2 -X -s "/bin/sh" /usr/lib/libc.so.6
|
||||
|
||||
# ragg2 - Shellcode generator, C/opcode compiler
|
||||
|
||||
P: Generate De Bruijn patterns
|
||||
ragg2 -P 300 -r
|
||||
|
||||
-a arch: Configure architecture
|
||||
|
||||
-b bits: Specify architecture bits (32/64)
|
||||
|
||||
-i shellcode: Specify shellcode to generate
|
||||
|
||||
-e encoder: Specify encoder
|
||||
|
||||
+ ragg2-cc: Generate shellcode from c
|
||||
|
||||
+ Generate a x86, 32 bits exec shellcode
|
||||
ragg2 -a x86 -b 32 -i exec
|
||||
|
||||
# rabin2 - Executable analysis: symbols, imports, strings
|
||||
|
||||
-I: Executable information
|
||||
|
||||
-C: Returns classes. Useful to list Java Classes
|
||||
|
||||
-l: Dynamic linked libraries
|
||||
|
||||
-s: Symbols
|
||||
|
||||
-z: Strings
|
||||
|
||||
# rarun2 - Launcher to run programs with different environments, args, stdin, permissions, fds
|
||||
|
||||
r2 -b 32 -d rarun2 program=pwn1 arg1=$(ragg2 -P 300 -r) : runs pwn1 with a De Bruijn Pattern as first argument, inside radare2's debugger, and force 32 bits
|
||||
r2 -d rarun2 program=/bin/ls stdin=$(python exploit.py) : runs /bin/ls with the output of exploit.py directed to stdin
|
||||
|
||||
# ESIL emulation
|
||||
|
||||
1) aei: Initialize ESIL VM
|
||||
|
||||
2) aeim: Assign ESIL stack
|
||||
aeim 0xffffd000 0x1000 stack
|
||||
|
||||
3) aeip: Program counter to current seek
|
||||
|
||||
4) e io.cache=true: Enable caching read/write of virtual memory (Important if self modifying code)
|
||||
|
||||
5) aes: Single stepping in emulation mode
|
||||
|
||||
+ Toggle IL representation via O in Visual Mode
|
||||
|
||||
# ESIL Linear emulation
|
||||
|
||||
Find all references to curr. address using linear esil emulation on all imports.
|
||||
|
||||
/re$$@@ sym.imp.*
|
||||
|
||||
# ESIL IL Representation
|
||||
|
||||
op esil
|
||||
------------
|
||||
mov =
|
||||
mul *
|
||||
div /
|
||||
and &
|
||||
neg !
|
||||
read []
|
||||
if ?{
|
||||
add +
|
||||
sub -
|
||||
xor ^
|
||||
or |
|
||||
cmp ==
|
||||
write =[]
|
||||
|
||||
+ prefix is %
|
||||
+ carry from bit x -> %cx
|
||||
+ borrow from bit x -> %bx
|
||||
+ zero-flag -> %z
|
||||
+ parity of dst -> %p
|
||||
+ sign-flag -> %s
|
||||
+ overflow-flag -> %o
|
||||
|
||||
+ BREAK - Stop parsing and emulate next instruction
|
||||
+ LOOP - restart emulation of instruction
|
||||
+ GOTO n - jump to n
|
||||
+ TODO - stop emulation and eprintf("TDOD %s", ins)
|
||||
|
||||
x86 ESIL
|
||||
------------------------------------------------------
|
||||
mov eax, ebx ebx,eax,=
|
||||
jz 0xaabbccdd zf,?{,0xaabbccdd,eip,=,}
|
||||
cmp ecx,edx edx,ecx,==,%z,zf,=,%b32,cf,=,%p,pf,=,%s,sf,=
|
||||
push ebp 4,esp,-=ebp,esp,=[4]
|
||||
|
||||
+ ESIL Doc
|
||||
https://github.com/radare/radare2book/blob/master/esil.md
|
||||
|
||||
# r2pipe commands
|
||||
|
||||
+ Invoke r2pipe script via r2 cmdline
|
||||
|
||||
[0x00000000]> #!pipe node script.js
|
||||
[0x00000000]> #!pipe python script.py
|
||||
|
||||
+ Good collection:
|
||||
https://radare.org/get/r2pipe-nn2015.pdf
|
||||
https://github.com/jpenalbae/r2-scripts
|
||||
# Parsing ELF
|
||||
|
||||
!!! open with r2 -nn
|
||||
|
||||
+ Parse 9 program headers (elf_phdr) from curr. seek plus offset 0x40 with temporary block size 0x200 in less mode (~..)
|
||||
|
||||
[0x00000000]> pf 9? (elf_phdr)phdr @ $$+0x40!0x200~..
|
||||
|
||||
# pf Templates
|
||||
|
||||
+ Generate templates for structs/enums with td command
|
||||
|
||||
"td enum elf_class {ELFCLASSNONE=0, ELFCLASS32=1, ELFCLASS64=2};"
|
||||
|
||||
https://github.com/Maijin/r2-pf-templates/
|
||||
|
||||
+ Cast data @ <addr> to <type> and print it
|
||||
|
||||
tp <type> = <address>
|
||||
|
||||
# r2scapy
|
||||
|
||||
r2 -i r2scapy.py dump.bin
|
||||
[0x00000000]> scapy DNS 0x81de3c 48
|
||||
DNS(aa=1L, qr=1L, an=DNSRR(rclass=32769, ttl=120, rrname='flashair.local.', rdata='192.168.0.1', type=1), ad=0L, nscount=0, qdcount=1, ns=None, tc=0L, rd=1L, arcount=0, ar=None, opcode=0L, ra=0L, cd=0L, z=0L, rcode=0L, id=0, ancount=1, qd=DNSQR(qclass=32769, qtype=255, qname='flashair.local.'))
|
||||
|
||||
+ generate packets with scapy
|
||||
>>> from scapy.all import *
|
||||
>>> sr1(IP(dst="8.8.8.8")/UDP(dport=53)/DNS(rd=1,qd=DNSQR(qname="www.thepacketgeek.com")),verbose=0)
|
||||
|
||||
# r2m2 -Miasm Intermediate Representation Plugin
|
||||
|
||||
+ Assemble and disassemble MIPS32 using rasm2
|
||||
|
||||
r2m2$ export R2M2_ARCH=mips32l; rasm2 -a r2m2 'addiu a0, a1, 2' |rasm2 -a r2m2 -d -
|
||||
ADDIU A0, A1, 0x2
|
||||
|
||||
+ Disassemble random MSP430 instructions in r2
|
||||
|
||||
r2m2$ R2M2_ARCH=msp430 r2 -a r2m2 -qc 'woR; pd 5' -
|
||||
0x00000000 07fa and.w R10, R7
|
||||
0x00000002 47ad dadd.b R13, R7
|
||||
0x00000004 f05e0778 add.b @R14+, 0x7807(PC)
|
||||
0x00000008 f46d81ed addc.b @R13+, 0xED81(R4)
|
||||
0x0000000c 3fdc bis.w @R12+, R15
|
||||
+ Assemble MIPS32 using rasm2 and display the call graph using r2
|
||||
|
||||
r2m2$ R2M2_ARCH=mips32b rasm2 -a r2m2 'j 0x4; nop' -B > j_nop.bin
|
||||
|
||||
r2m2$ R2M2_ARCH=mips32b r2 -a r2m2 -qc 'pd 2' j_nop.bin
|
||||
,=< 0x00000000 0c000001 JAL 0x4
|
||||
`-> 0x00000004 00000000 NOP
|
||||
|
||||
# bin carving with r2
|
||||
|
||||
+ Open raw dump
|
||||
|
||||
r2 -n dump.bin
|
||||
|
||||
+ Searching for magic
|
||||
|
||||
[0x00000000]> / \x7fELF
|
||||
Searching 4 bytes from 0x00000000 to 0x0000002d: 7f 45 4c 46
|
||||
0x00001340 hit0_0
|
||||
0x00001744 hit0_1
|
||||
...
|
||||
|
||||
+ Dump 1M with at several hits
|
||||
|
||||
[0x00000000]> b 1M
|
||||
[0x00000000]> wt @@ hit0*
|
||||
|
||||
+ Automate it
|
||||
|
||||
$ for a in dump.* ; do
|
||||
sz=`rabin2 -Z $a` # get RBin.filesize
|
||||
r2 -wnqc"r $sz" $a # resize file
|
||||
done
|
||||
|
||||
http://radare.today/posts/carving-bins/
|
||||
|
||||
# r4ge - symbolic execution
|
||||
+ https://github.com/gast04/r4ge
|
||||
|
||||
Usage: https://asciinema.org/a/155856
|
||||
|
||||
# r2wiki -Macro for using wiki in commandline
|
||||
|
||||
+ https://github.com/securisec/r2wiki
|
||||
|
||||
$wiki "query string"
|
||||
|
26
cheat/cheatsheets/rcs
Normal file
26
cheat/cheatsheets/rcs
Normal file
@ -0,0 +1,26 @@
|
||||
# Initial check-in of file (leaving file active in filesystem)
|
||||
ci -u <filename>
|
||||
|
||||
# Check out with lock
|
||||
co -l <filename>
|
||||
|
||||
# Check in and unlock (leaving file active in filesystem)
|
||||
ci -u <filename>
|
||||
|
||||
# Display version x.y of a file
|
||||
co -px.y <filename>
|
||||
|
||||
# Undo to version x.y (overwrites file active in filesystem with the specified revision)
|
||||
co -rx.y <filename>
|
||||
|
||||
# Diff file active in filesystem and last revision
|
||||
rcsdiff <filename>
|
||||
|
||||
# Diff versions x.y and x.z
|
||||
rcsdiff -rx.y -rx.z <filename>
|
||||
|
||||
# View log of check-ins
|
||||
rlog <filename>
|
||||
|
||||
# Break an RCS lock held by another person on a file
|
||||
rcs -u <filename>
|
@ -12,3 +12,6 @@ rsync -auv /src/foo /dest
|
||||
|
||||
# Explicitly copy /src/foo to /dest/foo
|
||||
rsync -auv /src/foo/ /dest/foo
|
||||
|
||||
# Copy file from local to remote over ssh with non standard port 1234 to destination folder in remoteuser's home directory
|
||||
rsync -avz -e "ssh -p1234" /source/file1 remoteuser@X.X.X.X:~/destination/
|
||||
|
@ -15,3 +15,9 @@ sed '/^$/d' file.txt
|
||||
|
||||
# To replace newlines in multiple lines
|
||||
sed ':a;N;$!ba;s/\n//g' file.txt
|
||||
|
||||
# Insert a line before a matching pattern:
|
||||
sed '/Once upon a time/i\Chapter 1'
|
||||
|
||||
# Add a line after a matching pattern:
|
||||
sed '/happily ever after/a\The end.'
|
||||
|
15
cheat/cheatsheets/slurm
Normal file
15
cheat/cheatsheets/slurm
Normal file
@ -0,0 +1,15 @@
|
||||
# Submit a new job:
|
||||
sbatch job.sh
|
||||
|
||||
# List all jobs for a user:
|
||||
squeue -u user_name
|
||||
|
||||
# Cancel a job by id or name:
|
||||
scancel job_id
|
||||
scancel --name job_name
|
||||
|
||||
# List all information for a job:
|
||||
scontrol show jobid -dd job_id
|
||||
|
||||
# Status info for currently running job:
|
||||
sstat --format=AveCPU,AvePages,AveRSS,AveVMSize,JobID -j job_id --allsteps
|
@ -19,6 +19,9 @@ tar -xjvf /path/to/foo.tgz
|
||||
# To create a .bz2 archive:
|
||||
tar -cjvf /path/to/foo.tgz /path/to/foo/
|
||||
|
||||
# To extract a .tar in specified Directory:
|
||||
tar -xvf /path/to/foo.tar -C /path/to/destination/
|
||||
|
||||
# To list the content of an .bz2 archive:
|
||||
tar -jtvf /path/to/foo.tgz
|
||||
|
||||
|
18
cheat/cheatsheets/wc
Normal file
18
cheat/cheatsheets/wc
Normal file
@ -0,0 +1,18 @@
|
||||
# Count the number of words (file or STDIN)
|
||||
wc -w /path/to/foo.txt
|
||||
cat /path/to/foo.txt | wc -w
|
||||
|
||||
# Count the number of lines (file or STDIN)
|
||||
wc -l /path/to/foo.txt
|
||||
cat /path/to/foo.txt | wc -l
|
||||
|
||||
# Count the number of bytes (file or STDIN)
|
||||
wc -c /path/to/foo.txt
|
||||
cat /path/to/foo.txt | wc -c
|
||||
|
||||
# Count files and directories at a given location
|
||||
ls -l | wc -l
|
||||
|
||||
# If you ever use `wc` in a shell script and need to compare the output with an int you can
|
||||
# clean the output (wc returns extra characters around the integer) by using xargs:
|
||||
ls -l | wc -l | xargs
|
@ -10,3 +10,7 @@ find -name *.pdf | xargs -I{} rm -rf '{}'
|
||||
# -n1 => One file by one file. ( -n2 => 2 files by 2 files )
|
||||
|
||||
find -name *.pdf | xargs -I{} -n1 echo '&{}='
|
||||
|
||||
# If find returns no result, do not run rm
|
||||
# This option is a GNU extension.
|
||||
find -name "*.pdf" | xargs --no-run-if-empty rm
|
||||
|
@ -16,5 +16,8 @@ youtube-dl --playlist-start 5 example.com/watch?v=id&list=listid
|
||||
# To simulate a download with youtube-dl:
|
||||
youtube-dl -s example.com/watch?v=id
|
||||
|
||||
# To download audio in mp3 format with best quality available
|
||||
youtube-dl --extract-audio --audio-format mp3 --audio-quality 0 example.com/watch?v=id
|
||||
|
||||
# For all video formats see
|
||||
# http://en.wikipedia.org/wiki/YouTube#Quality_and_codecs
|
||||
|
126
cheat/cheatsheets/zfs
Normal file
126
cheat/cheatsheets/zfs
Normal file
@ -0,0 +1,126 @@
|
||||
# WARNING:
|
||||
# In order to avoid headaches when moving ZFS physical devices around,
|
||||
# one will be much better served to reference devices by their *immutable*
|
||||
# ID - as in /dev/disk/by-id/* - rather than their block device name -
|
||||
# as in /dev/{sd,nvme}* - which is bound to change as per PCI enumeration
|
||||
# order.
|
||||
# For the sake of briefness, we'll use the following variables:
|
||||
# ${device} device (/dev/disk/by-id/${device})
|
||||
# ${part} partition (/dev/disk/by-id/${part=${device}-part${N}})
|
||||
# ${pool} ZFS pool (name)
|
||||
# ${fs_vol} ZFS file system or volume (name)
|
||||
# ${snapshot} ZFS snapshot (name)
|
||||
|
||||
|
||||
## Pools
|
||||
|
||||
# Create a new "RAID-5" (raidz1) pool
|
||||
# Recommended: use entire devices rather than partitions
|
||||
zpool create ${pool} raidz1 ${device} ${device} ${device} [...]
|
||||
|
||||
# Add 2nd-level "RAID-1" (mirror) ZFS Intent Log (ZIL; synchronous write cache)
|
||||
# Recommended: use separate, fast, low-latency devices (e.g. NVMe)
|
||||
zpool add ${pool} log mirror ${part} ${part}
|
||||
|
||||
# Add 2nd-level "RAID-0" Adaptive Replacement Cache (ARC; read cache)
|
||||
# Recommended: use separate, fast, low-latency devices (e.g. NVMe)
|
||||
zpool add ${pool} cache ${part} ${part} [...]
|
||||
|
||||
# Remove log or cache components
|
||||
zpool remove zfs ${part} [...]
|
||||
|
||||
# Import (enable) existing pool from newly connected devices
|
||||
# Note: this will create the /etc/zfs/zpool.cache devices cache
|
||||
zpool import -d /dev/disk/by-id -aN
|
||||
|
||||
# Import (enable) existing pool using the devices cache
|
||||
zpool import -c /etc/zfs/zpool.cache -aN
|
||||
|
||||
# Export (disable) pool (e.g. before shutdown)
|
||||
zpool export -a
|
||||
|
||||
# List all (imported) pools
|
||||
zpool list
|
||||
|
||||
# See pool status
|
||||
zpool status ${pool}
|
||||
|
||||
# See detailed pool I/O statistics
|
||||
zpool iostat ${pool} -v
|
||||
|
||||
# Verify pool integrity (data checksums)
|
||||
# (watch progress with 'zpool status')
|
||||
zpool scrub ${pool}
|
||||
|
||||
# Remove a failing device from a pool
|
||||
# Note: redundant pools (mirror, raidz) will continue working in degraded state
|
||||
zpool detach ${pool} ${device}
|
||||
|
||||
# Replace a failed device in a pool
|
||||
# Note: new device will be "resilvered" automatically (parity reconstruction)
|
||||
# (watch progress with 'zpool status')
|
||||
zpool replace ${pool} ${failed-device} ${new-device}
|
||||
|
||||
# Erase zpool labels ("superblock") from a device/partition
|
||||
# WARNING: MUST do before reusing a device/partition for other purposes
|
||||
zpool labelclear ${device}
|
||||
|
||||
# Query pool configuration (properties)
|
||||
zpool get all ${pool}
|
||||
|
||||
# Change pool configuration (property)
|
||||
zpool set <property>=<value> ${pool}
|
||||
|
||||
# Dump the entire pool (commands) history
|
||||
zpool history ${pool}
|
||||
|
||||
# More...
|
||||
man zpool
|
||||
|
||||
|
||||
## File systems / Volumes
|
||||
|
||||
# Create a new file system
|
||||
zfs create ${pool}/${fs_vol}
|
||||
|
||||
# Create a new volume ("block device")
|
||||
# Note: look for it in /dev/zvol/${pool}/${fs_vol}
|
||||
zfs create -V <size> ${pool}/${fs_vol}
|
||||
|
||||
# List all file systems / volumes
|
||||
zfs list
|
||||
|
||||
# Mount all file systems
|
||||
# Note: see 'zfs get mountpoint ${pool}' for mountpoint root path
|
||||
zfs mount -a
|
||||
|
||||
# Create a snapshot
|
||||
zfs snapshot ${pool}/${fs_vol}@${snapshot}
|
||||
|
||||
# Delete a snapshot
|
||||
zfs destroy ${pool}/${fs_vol}@${snapshot}
|
||||
|
||||
# Full backup
|
||||
# Note: pipe (|) source to destination through netcat, SSH, etc.
|
||||
# ... on source:
|
||||
zfs send -p -R ${pool}/${fs_vol}@${snapshot}
|
||||
# ... on destination:
|
||||
zfs receive -F ${pool}/${fs_vol}
|
||||
|
||||
# Incremental backup
|
||||
# Note: pipe (|) source to destination through netcat, SSH, etc.
|
||||
# ... on source:
|
||||
zfs send -p -R -i ${pool}/${fs_vol}@${snapshot-previous} ${pool}/${fs_vol}@${snapshot}
|
||||
# ... on destination:
|
||||
zfs receive -F ${pool}/${fs_vol}
|
||||
|
||||
# Query file system / volume configuration (properties)
|
||||
zfs get all ${pool}
|
||||
zfs get all ${pool}/${fs_vol}
|
||||
|
||||
# Change file system / volume configuration (property)
|
||||
zfs set <property>=<value> ${pool}/${fs_vol}
|
||||
|
||||
# More...
|
||||
man zfs
|
||||
|
@ -1,5 +1,8 @@
|
||||
# Create zip file
|
||||
zip archive.zip file1 directory/
|
||||
|
||||
# Create zip file with password
|
||||
zip -P password archive.zip file1
|
||||
|
||||
# To list, test and extract zip archives, see unzip
|
||||
cheat unzip
|
||||
|
82
cheat/cheatsheets/zsh
Normal file
82
cheat/cheatsheets/zsh
Normal file
@ -0,0 +1,82 @@
|
||||
# A plain old glob
|
||||
print -l *.txt
|
||||
print -l **/*.txt
|
||||
|
||||
# Show text files that end in a number from 1 to 10
|
||||
print -l **/*<1-10>.txt
|
||||
|
||||
# Show text files that start with the letter a
|
||||
print -l **/[a]*.txt
|
||||
|
||||
# Show text files that start with either ab or bc
|
||||
print -l **/(ab|bc)*.txt
|
||||
|
||||
# Show text files that don't start with a lower or uppercase c
|
||||
print -l **/[^cC]*.txt
|
||||
|
||||
# Show only directories
|
||||
print -l **/*(/)
|
||||
|
||||
# Show only regular files
|
||||
print -l **/*(.)
|
||||
|
||||
# Show empty files
|
||||
print -l **/*(L0)
|
||||
|
||||
# Show files greater than 3 KB
|
||||
print -l **/*(Lk+3)
|
||||
|
||||
# Show files modified in the last hour
|
||||
print -l **/*(mh-1)
|
||||
|
||||
# Sort files from most to least recently modified and show the last 3
|
||||
print -l **/*(om[1,3])
|
||||
|
||||
# `.` show files, `Lm-2` smaller than 2MB, `mh-1` modified in last hour,
|
||||
# `om` sort by modification date, `[1,3]` only first 3 files
|
||||
print -l **/*(.Lm-2mh-1om[1,3])
|
||||
|
||||
# Show every directory that contain directory `.git`
|
||||
print -l **/*(e:'[[ -d $REPLY/.git ]]':)
|
||||
|
||||
# Return the file name (t stands for tail)
|
||||
print -l *.txt(:t)
|
||||
|
||||
# Return the file name without the extension (r stands for remove_extension)
|
||||
print -l *.txt(:t:r)
|
||||
|
||||
# Return the extension
|
||||
print -l *.txt(:e)
|
||||
|
||||
# Return the parent folder of the file (h stands for head)
|
||||
print -l *.txt(:h)
|
||||
|
||||
# Return the parent folder of the parent
|
||||
print -l *.txt(:h:h)
|
||||
|
||||
# Return the parent folder of the first file
|
||||
print -l *.txt([1]:h)
|
||||
|
||||
# Parameter expansion
|
||||
files=(*.txt) # store a glob in a variable
|
||||
print -l $files
|
||||
print -l $files(:h) # this is the syntax we saw before
|
||||
print -l ${files:h}
|
||||
print -l ${files(:h)} # don't mix the two, or you'll get an error
|
||||
print -l ${files:u} # the :u modifier makes the text uppercase
|
||||
|
||||
# :s modifier
|
||||
variable="path/aaabcd"
|
||||
echo ${variable:s/bc/BC/} # path/aaaBCd
|
||||
echo ${variable:s_bc_BC_} # path/aaaBCd
|
||||
echo ${variable:s/\//./} # path.aaabcd (escaping the slash \/)
|
||||
echo ${variable:s_/_._} # path.aaabcd (slightly more readable)
|
||||
echo ${variable:s/a/A/} # pAth/aaabcd (only first A is replaced)
|
||||
echo ${variable:gs/a/A/} # pAth/AAAbcd (all A is replaced)
|
||||
|
||||
# Split the file name at each underscore
|
||||
echo ${(s._.)file}
|
||||
|
||||
# Join expansion flag, opposite of the split flag.
|
||||
array=(a b c d)
|
||||
echo ${(j.-.)array} # a-b-c-d
|
Loading…
Reference in New Issue
Block a user