安全的十六进制

我主要是提高我的祖母作为朋克孩子成长在田纳西州的山。她当然有很多吸引人的语录,可能会使她保险杠贴纸或冰箱磁铁的百万富翁。比如之一是:“知识是不行的,除非它是共享“我有想过我的生活尽可能的接近。我教一个网络安全类父母帮助让他们不要害怕互联网为孩子和他们的使用。一个哥们走到我跟前,问是否有可能看到想象员工实际上是看网上。可以确定,但是你有享受十六进制。他认为我是一个恋物癖,并且跑出更快然后废话虽然鹅。在法医上我们总是回到十六进制。没有我不会做任何的十六进制——性的双关语像花生新闻播音员,我保证!十六进制的关键是数据重新组装就像软件断续器。 The trick is getting in the middle of that transmission to intercept the stream without breaking the flow from source to destination. So this gives me a few options: - ARP spoof MiTM (good for old school and on paper) - SPAN port/TAP - Install WinPCap, a Netcat listener and a lightweight sniffer like WinDump (on a Windows target, TCPDump on a Linux target) on the target machine. Each of these options depends on my autonomous control of each sector of the network. Certainly the most complicated of the three options is the third one since it requires either physical access or skulduggery to trick a client to download a trojan which is very rare to hold up in Federal Court. Trust me on that one, I am still looking for a piece of my tail in one such case... I am positive there are as many ways to recover a graphic out of a hex stream as there is to making good chili. This is how I normally do it. Lets use a jpg for reference but this could easily apply to gifs, bmps, etc... - Activate my preferred intercept method. For me, I use a passive TAP connected to a modified wireless travel router velco'ed to the bottom a desk. A hub also would work IF it is a TRUE hub and lightweight-small. Most are not. - I fire up Wireshark to look at the traffic from the target. Now typically, I do not want all of the other stuff on the Ether, so I write a http capture filter:tcp [0:2] = = 80这告诉Wireshark看着位置0开始和结束位置2任何TCP包等于80。——通常我可以看到一个HTTP GET请求获取一个jpg文件但实际上取决于scrolling-n-rolling是快流。——我捕获所需的数据后,我使用一个在Wireshark最酷的功能;按照流。为了使它简单,我寻找一个HTTP GET获取图形。它应该显示类似:HTTP GET / somegraphic.jpg HTTP / 1.1现在我右键单击这个框架和选择:按照TCP流——这将打开另一个窗口与实际流本身。现在我只选择单选按钮底部的状态:生嘿,有点像WWE生周一晚上!任何摔跤球迷在房子里!现在选择:另存为并给一个容易记住文件名。——我需要去十六进制编辑器,去掉所有的HTTP header和混乱,连同它的好东西。就我个人而言,我喜欢编辑新职业人的大桶软件:http://www.hhdsoftware.com/Family/hex-editor.html也有一个伟大的免费版本和可以做此操作。我也给一些高道具XVI32这是另外一个很酷的十六进制编辑http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm我使用专业版为其他法医Neo十六进制的东西我需要做什么,但我会保存为另一个博客。我在寻找的十六进制字符串值:FFD8FFE000104A464946或者是ASCII字符串值:yØya . .就是大部分的时间,首先你会看到ASCII字符串。这表明jpg文件的开始,如果这是一个大捕获十六进制FFD9……表明jpg的结束。现在我只强调所有的废话之前jpg的开始,我删除它。现在我只剩下实际生jpg解码本身。现在我只保存这个文件与另一个名字。——我和我的web浏览器打开这个新保存的文件,你看一下!图形!重要的是要了解如何重新组装和操作代码在十六进制编辑器。线通信必须发挥一定的规则。我们可以使用这些规则有利于揭示隐藏的网络在我们周围。我将讨论更多关于即将到来的博客。吉米雷管事琐事文件传输协议如果你想进入电影; think twice if you get offered a part in the movie: "The Incomparable Atuk" All the leading Dudes offered the role have died. Sam Kinison, John Belushi, Chris Farley and John Candy where offered the role. Heck Farley just showed the script to Phil Hartman and he was murdered that same year.