CyberSecurity
Stenography
$ sudo apt-get install libimage-exiftool-perl
$ exiftool *.png | *.gif
< http://diit.sourceforge.net/download.php >
$ java -jar diit*.jar
Cryptography
< http://rumkin.com/tools/cipher/ >
< https://hashcat.net/wiki/doku.php?id=example_hashes >
examples:
base64:
cGVyZm9ybQ==
atbash:
wiznzgrxzoob hxsloziob wlxgli
casesarian:
ynxr iveghny
morse:
- .... . / ... . -.-. .-. . - / --- ..-. / --. . - - .. -. --. / .- .... . .- -.. / .. ... / --. . - - .. -. --. / ... - .- .-. - . -.. ..-. .-.. .- --. / -.. -.- ...- -... / ..--- ....- ----. ....-
ophcrack-Windows:
5725A28AC80350B8AAD3B435B51404EE:F3CF3773CD9142BCD130D84106C0AF74
hashcat:
<hash>
$1$mrl$nycc.yKRXbu1pxqh//Ys/.
hashcat -a 3 -m 500 hash /usr/share/wordlists/rockyou.txt --force
hashcat -m 0 -a 1 hash.txt dict1.txt dict2.txt
# for cpus
/usr/share/hashcat-utils/combinator.bin list1.txt list2.txt > combined.txt
hashcat -m 0 -a 1 hash.txt combined.txt
Log Analysis
example:
# Search for requests by google
# find google.*mozilla
154.68.51.212 - - [30/Apr/2015:18:15:49 +0200] "GET /fileadmin/lux09/Programme_Lux_09/liste_inscrits_LUX09.pdf HTTP/1.1" 200 222156 "http://www.google.fr/url?sa=t&rct=j&q=Santos%40live.com.mx+%40skynet.mx+%40orange.mx+%40yahoo.mx+&source=web&cd=7&cad=rja&uact=8&ved=0CFMQFjAG&url=http%3A%2F%2Fwww.inees.org%2Ffileadmin%2Flux09%2FProgramme_Lux_09%2Fliste_inscrits_LUX09.pdf&ei=JlVCVcGCFoGzUZfmgAg&usg=AFQjCNG8KtTYgKZg_-m4yUMd0dVCncpmhg" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13"
# Search for requests by google
# find google.*opera
82.145.208.163 - - [19/Apr/2015:17:35:20 +0200] "GET /fileadmin/inees.org/files/Press/Tageblatt_06_06_2012.pdf HTTP/1.1" 200 47784 "http://www.google.com/xhtml?q=PRIX%20QUO%20VADls&client=ms-opera_mb_no&channel=bh" "Opera/9.80 (J2ME/MIDP; Opera Mini/4.2.24721/36.1649; U; fr) Presto/2.12.423 Version/12.16"
# Search for shellshock
213.251.182.107 - - [24/Apr/2015:00:20:48 +0200] "GET /?x=() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @ HTTP/1.0" 303 245 "() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @" "() { :; }; echo Content-type:text/plain;echo;echo;echo M`expr 1330 + 7`H;/bin/uname -a;echo @"
Network Traffic Analysis
capture:
filters:
- by http method
http.request.method==GET
radius:
filters:
- by username:
radius.User_Name == hana.harb
- by code:
// Access-Request
radius.code == 1
example:
radius.User_Name == hana.harb && radius.code == 1
// status
# Packets: 2086 . Displayed: 22 (1.1%)
# Access Points Receiving Packets
# AVP: t=Called-Station-Id val=xx-xx-xx-xx-xx-xx
< https://www.cisco.com/c/en/us/td/docs/net_mgmt/access_registrar/1-7/concepts/guide/radius.html >
sip:
filters:
- calls:
sip.Method == INVITE
- hangups:
sip.Method == BYE
# caller
Session Initiation Protocol (INVITE)
Message-Header:
From:
SIP from address: sip:xxx@xx.xx.xx.xx
< https://tools.ietf.org/html/rfc3842 >
# unicode characters
< https://en.wikipedia.org/wiki/List_of_Unicode_characters >
Exploitation
python:
< https://github.com/gstarnberger/uncompyle >
$ python setup.py install
$ which uncompyle6
$ /usr/local/bin/uncompyle6 *.pyc
c:
boomerang:
$ sudo apt-get install git build-essential cmake qt5-default libcapstone-dev flex bison
$ git clone https://github.com/BoomerangDecompiler/boomerang.git
$ cd boomerang && mkdir build && cd build
$ cmake .. && make && sudo make install
$ /usr/local/bin/boomerang
snowman:
ida:
< https://www.hex-rays.com/products/ida/support/download.shtml >
# ida 7.0 doesn't support plugins anymore