Commit 95447d67 by Craig Heffner

Updated Unix path signatures to prevent common false positives

parent 6258eaf4
......@@ -41,8 +41,18 @@
# CodeGate 2011 http://nopsrus.blogspot.com/2013/05/codegate-ctf-2011-binary-100-points.html
0 string \x23\x40\x7e\x5e Windows Script Encoded Data (screnc.exe)
0 regex /[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_/].* Unix path:
>0 string x %s
0 regex /[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_]{1,25}/[a-zA-Z0-9\.\-_/].* Unix path:
>0 string x %s
>0 string !/home/
>>0 string !/bin/
>>>0 string !/sbin/
>>>>0 string !/usr/
>>>>>0 string !/sys/
>>>>>>0 string !/var/
>>>>>>>0 string !/opt/
>>>>>>>>0 string !/etc/
>>>>>>>>>0 string !/lib/
>>>>>>>>>>0 string !/dev/ {invalid}(likely false positive)
0 string neighbor Neighborly text,
>0 string x "%s
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment