====== CyberSecurity ====== ===== Stenography ===== $ sudo apt-get install libimage-exiftool-perl $ exiftool *.png | *.gif < http://diit.sourceforge.net/download.php > $ java -jar diit*.jar ===== Cryptography ===== < http://rumkin.com/tools/cipher/ > < https://hashcat.net/wiki/doku.php?id=example_hashes > examples: base64: cGVyZm9ybQ== atbash: wiznzgrxzoob hxsloziob wlxgli casesarian: ynxr iveghny morse: - .... . / ... . -.-. .-. . - / --- ..-. / --. . - - .. -. --. / .- .... . .- -.. / .. ... / --. . - - .. -. --. / ... - .- .-. - . -.. ..-. .-.. .- --. / -.. -.- ...- -... / ..--- ....- ----. ....- ophcrack-Windows: 5725A28AC80350B8AAD3B435B51404EE:F3CF3773CD9142BCD130D84106C0AF74 hashcat: $1$mrl$nycc.yKRXbu1pxqh//Ys/. hashcat -a 3 -m 500 hash /usr/share/wordlists/rockyou.txt --force hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt # for cpus /usr/share/hashcat-utils/combinator.bin list1.txt list2.txt > combined.txt hashcat -m 0 -a 1 hash.txt combined.txt ===== Log Analysis ===== example: # Search for requests by google # find google.*mozilla 154.68.51.212 - - [30/Apr/2015:18:15:49 +0200] "GET /fileadmin/lux09/Programme_Lux_09/liste_inscrits_LUX09.pdf HTTP/1.1" 200 222156 "http://www.google.fr/url?sa=t&rct=j&q=Santos%40live.com.mx+%40skynet.mx+%40orange.mx+%40yahoo.mx+&source=web&cd=7&cad=rja&uact=8&ved=0CFMQFjAG&url=http%3A%2F%2Fwww.inees.org%2Ffileadmin%2Flux09%2FProgramme_Lux_09%2Fliste_inscrits_LUX09.pdf&ei=JlVCVcGCFoGzUZfmgAg&usg=AFQjCNG8KtTYgKZg_-m4yUMd0dVCncpmhg" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13" # Search for requests by google # find google.*opera 82.145.208.163 - - [19/Apr/2015:17:35:20 +0200] "GET /fileadmin/inees.org/files/Press/Tageblatt_06_06_2012.pdf HTTP/1.1" 200 47784 "http://www.google.com/xhtml?q=PRIX%20QUO%20VADls&client=ms-opera_mb_no&channel=bh" "Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.24721/36.1649; U; fr) Presto/2.12.423 Version/12.16" # Search for shellshock 213.251.182.107 - - [24/Apr/2015:00:20:48 +0200] "GET /?x=() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @ HTTP/1.0" 303 245 "() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @" "() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @" ===== Network Traffic Analysis ===== capture: filters: - by http method http.request.method==GET radius: filters: - by username: radius.User_Name == hana.harb - by code: // Access-Request radius.code == 1 example: radius.User_Name == hana.harb && radius.code == 1 // status # Packets: 2086 . Displayed: 22 (1.1%) # Access Points Receiving Packets # AVP: t=Called-Station-Id val=xx-xx-xx-xx-xx-xx < https://www.cisco.com/c/en/us/td/docs/net_mgmt/access_registrar/1-7/concepts/guide/radius.html > sip: filters: - calls: sip.Method == INVITE - hangups: sip.Method == BYE # caller Session Initiation Protocol (INVITE) Message-Header: From: SIP from address: sip:xxx@xx.xx.xx.xx < https://tools.ietf.org/html/rfc3842 > # unicode characters < https://en.wikipedia.org/wiki/List_of_Unicode_characters > ===== Exploitation ===== python: < https://github.com/gstarnberger/uncompyle > $ python setup.py install $ which uncompyle6 $ /usr/local/bin/uncompyle6 *.pyc c: boomerang: $ sudo apt-get install git build-essential cmake qt5-default libcapstone-dev flex bison $ git clone https://github.com/BoomerangDecompiler/boomerang.git $ cd boomerang && mkdir build && cd build $ cmake .. && make && sudo make install $ /usr/local/bin/boomerang snowman: ida: < https://www.hex-rays.com/products/ida/support/download.shtml > # ida 7.0 doesn't support plugins anymore