xct's notes
Search…
Misc

Windows Packet Capture

Localhost

To File:
1
RawCap.exe 127.0.0.1 localhost_capture.pcap
Copied!
To Wireshark:
1
RawCap.exe -q 127.0.0.1 - | "C:\Program Files\Wireshark\Wireshark.exe" -i - -k
Copied!

Extract useful stuff from PCAP

Remove Obfuscation from .NET Binaries

    de4dot
    confuserexstringdecryptor
    confuserexswitchkiller

Esoteric Language / Other Decodings

Update all pip installed python packages

1
pip freeze --user | cut -d'=' -f1 | xargs -n1 pip install -U
Copied!

Find what program listens on a port on linux

1
sudo lsof -i -P -n | grep LISTEN
Copied!

Delete all docker container & images

1
docker rm -vf $(docker ps -a -q)
2
docker rmi -f $(docker images -a -q)
Copied!

Json to NDJson

1
cat file.json | jq -c '.[]' > converted.json
Copied!

Domain Fronting

Connect to a benign domain where you know it will be served by a big CDN (SNI is set to this domain). Change the host header to your malicious site which is hosted on the same CDN.

Screenshot from PowerShell

1
[Reflection.Assembly]::LoadWithPartialName("System.Drawing")
2
function screenshot([Drawing.Rectangle]$bounds, $path) {
3
$bmp = New-Object Drawing.Bitmap $bounds.width, $bounds.height
4
$graphics = [Drawing.Graphics]::FromImage($bmp)
5
6
$graphics.CopyFromScreen($bounds.Location, [Drawing.Point]::Empty, $bounds.size)
7
8
$bmp.Save($path)
9
10
$graphics.Dispose()
11
$bmp.Dispose()
12
}
13
14
$bounds = [Drawing.Rectangle]::FromLTRB(0, 0, 1920, 1080)
15
screenshot $bounds "C:\programdata\screenshot.png"
Copied!

Simple HTTP Server

This short snippet will print the request headers & allow graceful shutdown.
1
#!/usr/bin/env python3
2
3
import http.server as SimpleHTTPServer
4
import socketserver as SocketServer
5
6
class StoppableHTTPServer(SimpleHTTPServer.HTTPServer):
7
def run(self):
8
try:
9
self.serve_forever()
10
except KeyboardInterrupt:
11
pass
12
finally:
13
self.server_close()
14
15
class GetHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
16
17
def do_GET(self):
18
print(self.headers)
19
SimpleHTTPServer.SimpleHTTPRequestHandler.do_GET(self)
20
21
server = StoppableHTTPServer(("", 80), GetHandler)
22
server.run()
Copied!

NetBSD useful commands

List ports

1
netstat -na -f inet
Copied!

Setup p4wnp1_aloa

Last modified 1mo ago