I have a question that I can't seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution.
At my work, we process wireless sniffs in wireshark. We have a shell script to merge and filter the files into the forms that we want, but we still have to manually generate a PSK and add it in wireshark preferences to decrypt each file for analysis. I would like to add a line to decrypt the main file before filtering and save it in a decrypted format.
Here is the problem:
I know I can use the -o flag when running tshark to add the psk to the computers decryption keys, but the processing is done on one computer then the files are distributed among many employees for analysis, so I need the files themselves decrypted.
I know I can use aircrack-ng to decrypt pcap files, but we use pcapng files and aircrack does not recognize those.
Is there any solution? It would even help if I could somehow generate a psk from ssid and password and save that as a text file, but there does not even seem to be a clean way to do that.
We use Ubuntu 16.04 as our OS. Wireshark version 2.0.2.
You could possibly just append the psk information directly to the 80211_keys file located in your Wireshark personal configuration folder then distribute that file along with the capture file. If you don't want (or if users don't want) to overwrite the existing 80211_keys file, they could set the WIRESHARK_DATA_DIR environment variable so the distributed file is used instead when they run Wireshark for this type of analysis.
Refer to the Wireshark man page for more information on the various Wireshark environment variables.
If aircrack-ng only supports pcap files, then I suppose another possible solution might be to simply convert the pcapng files to pcap using something like editcap, or just change the default capture file format to pcap if you're not making use of any of pcapng's features anyway, e.g., you're not capturing on multiple interfaces simultaneously, you don't use packet comments, etc.
Related
I get a valid connection with phpseclib but because of the server's requirements I must issue a change remote directory command, $sftp->chdir($dir="//ARTDONE.G9876TT1"), to this directory, (exact format, not the actual name). This change directory command works with Putty's psftp.exe as "CD //ARTDONE.G9876TT1" in windows and with WinSCP's "go to this folder GUI input" but not with PHPSECLIB's sftp object method. Is there something about this directory format that needs to change when using phpseclib? The error message is "permission denied", but I get that same message for any other navigation commands.
Is there a way to issue literal sftp commands with phpseclib sftp?
Or can I use $ssh->exec("CD //ARTDONE.G9876TT1") in some way within the $sftp object that I cannot currently imagine?
The phpseclib appends / to the path in SFTP::chdir call. I believe this is what your server does not like.
Note that SFTP does not even use the concept of a working directory. It's faked locally by phpseclib (and other clients like WinSCP or OpenSSH). So you do not really need to use SFTP::chdir. You might instead use absolute paths in all phpseclib API calls. Alternatively, just setting SFTP::pwd has the same effect as calling SFTP::chdir, except that you will bypass the validation that causes you the troubles.
Accessing z/OS Data Sets via SFTP/FTP
Appending a / surely breaks the access. The OP is accessing an IBM z/OS system running an SFTP server.
IBM z/OS
z/OS is kind a hybrid operating system having a traditional MVS based "kernel" (not really named "kernel" in the doc), and a XPG 4.2 compliant UNIX kernel running in parallel. The UINX side supports file systems with directories and files. The MVS side has a completely different "file system", based on data sets which are named in a non-hierarchal system.
The UNIX file system on z/OS
There is not much to say about the UNIX file system on z/OS. Is it XPG compliant, thus the usage is not different to any other UNIX lik system.
The MVS Data Sets on z/OS
As said above, there is the traditional MVS Data Set based "file system" on z/OS, which is quite different to much you know about files and directories on UNIX system.
Disk Space on z/OS is assigned to MVS data sets. Data sets are named using dot separates names, that can be up to 44 characters long. The parts between two dots can be up to 8 characters long.
Examples:
ARTDONE.G9876TT1
ARTDONE.NEXT.DATA.SET
ARTDONE.NEXT.ANOTHER.ONE
SYS1.LINKLIB
ZUSER.SOURCE.REXX
What seems to be a hierarchy in the first three examples, is not. They are unrelated from the physical point of view, though related in a logical.
Note: Slashed / are not valid in MVS data set names.
SFTP/FTP servers on z/OS
SFTP/FPT servers in z/OS mimic the client side view of directories and files when accessing MVS Data Sets in that the dots in the names are kind of treated like slashes in UNIX. I.e. they support pwd and cd based on the dots.
Example:
cd //ARTDONE.NEXT sets the current working directory to ARTDONE.NEXT. A ls the lists all data sets, of which the name starts with ARTDONE.NEXT, i.e.
ARTDONE.NEXT.DATA.SET
ARTDONE.NEXT.ANOTHER.ONE
but not ARTDONE.G9876TT1.
But how would the server know whether a client side "directory" access is meant to access the UNIX or the MVS data world? The // at the beginning of the parameter passed to the server indicates the server shall switch to the MVS data set world.
Conclusion
client side software should be careful when verifying paths that might be sent to z/OS servers. Accept // as a special indicator. Do not append / in all cases.
More Detailes
There is much more behind this topic than can be described here. Read IBM documentation on z/OS if interested. I would recommend Introduction to the New Mainframe: z/OS Basics as a starter.
I want to download a file from Mainframe server to Linux machine using SFTP command and want to preserve EOL. It seems that the actual file does not have EOL character, where as SFTP process adds EOL character while downloading it to Linux server.
Is there any option to download the file in Binary mode using SFTP command?
I tried to download data from Mainframe server using FTP and SFTP. FTP with Binary mode is preserving actual content of original file without any modification, whereas FTP with ASCII mode and SFTP commands are modifying the content of the file by adding EOL or any other special characters.
I got it worked by enabling binary mode of transfer in SFTP session:
ls /+mode=binary
The default was set to ASCII.
sftp> ls /+ /+/clientcp=ISO8859-1 /+/error.log /+/loglevel=I /+/mode=text /+/servercp=IBM-1047 /+/trim
sftp> bye
I am now able to match the size of file with FTP binary and SFTP binary.
I haven't had issues with binary files and sftp. If you want to download a text file, you should use scp, unless it's in ASCII, in which case I would think sftp should work fine.
Are you trying to download a file from the hierarchical file system or from a dataset? I don't think datasets are supported with sftp (you would use FTP for that or Secure FTP).
On z/OS there are basically three ways to move content based on your question. First is FTP, second is scp and the third is sftp.
Also, its important to identify which fileset you are trying to access; MVS or USS. MVS files are different than traditional *nix file systems. MVS files are generally fixed or variable in nature. As such, they do not rely on line terminators like \n or \r to terminate the line. The record length is available at the time of reading. USS files would have line terminators.
FTP is services are provided by a daemon that is part of the Communication Server product. It provides most modes of transfer as well as extensions to deal with platform specific items as they relate to the MVS name space. You can also access Unix files as well. Conversions like ASCII (IBM-1047 -> UTF-8) are supported or binary (just move the data and don't touch it).
scp is delivered as part of the OpenSSH implementation on z/OS and it always transfers in a character mode and will assume an encoding change to / from EBCDIC to ASCII. Its an unfortunate implementation but it is what it is. This is due to the fact that the native code page on z/OS in EBCDIC in some form. Don't expect transfers with scp to move data without conversion. Only files in the USS file system are accessible. No MVS datasets.
sftp uses the secure services of OpenSSH but acts like ftp. Depending on your client you can set the mode to transfer ascii (conversion) or binary. My client on Mac OS X will not allow ascii. Probably a client limitation. sftp also only allows you to move files that reside or are destined for the USS file domain.
To answer your question about binary in sftp the answer is yes, I use it frequently to move files to and from z/OS using binary to avoid automatic conversion. Make sure you are transferring using binary transfer and not ascii when using sftp.
I have a car navigation system installed in my car and I figured out that it's running vxWorks 6.9.3.
What I'm trying to achieve is to change some hidden settings of the nav-system.
Small introduction: Nav system have ability to connect to internet via Bluetooth. I setup small web-server the only thing it can do is detect IP address of client. I opened that web-site from head unit browser and detected ip address of head unit. Than I'm able to scan for opened network ports of it.
It turned out that it has 23 port open. And I'm able to telnet there.
It didn't required any password or login and it report operation system info: Windriver vxWorks 6.9.3
I can run various commands here, inspect filesystem, etc.
But I don't know how I can change something. I even found the way to transfer files from USB-key from and to device.
I found that all settings which I want to change are stored in .sqlite files. Some of them are gzipped and have .inf file with check-sums. Algorithm of check-sum calculation is proprietary so I can't transfer .sqlite files from device to usb-key, change something, than gzip and calculate new check-sum.
I think OS can somehow interact with .sqlite files in-memory without ungzip them.
So, is there any ways to open sqlite shell on device using vxWorks kernel shell?
If yes, that would be perfect and enough to achieve anything I want.
If this can't be achieved, can somebody give me some advice of what possibilities I have from vxWorks kernel shell?
The commands available on the VxWorks shell depend on the loaded applications and the kernel itself. From the shell you can call all "public functions" loaded by VxWorks. You enter the function call in a C-like syntax and the shell parses the arguments pushes them onto the stack and jumps to the address of the function just like a normal function call in C.
A helpful function to check if a funtion exists is lkup "foo" which will lists all functions containing "foo" in their name (case sensitive!). But it doesn't tell you anything about the requested parameters. If you are not passing all parameters to the function via the shell, the intepreter pushes some zeroes onto the stack before executing the function call. This may lead to very strange results and may even damage your system (depending on the function)...
If you're able to load a program you may want to use the functions of symLib to iterate all symbols of the VxWorks sysSymTbl.
I'm using WireShark to capture network information for a little network analysis project. One of the things I would like to do is look at what files have been accessed on shared drives (that is, using the SMB protocol).
Is it possible to recover the full path name (e.g. \server\path\to\file.txt) from only the captured packet? Based on this resource, the fourth packet should contain the UNC path name, but I'm not finding it anywhere in the captured session.
If it's not possible to recover the full path from the packet alone, is there some other way using hte information in the packet? I know, for example, that the packet contains the source IP and a file ID generated by source. Are those helpful?
Thanks
You dig it in the wrong place.
You should gather and log that information within Samba Server.
If you consist to do that analyze with sniffering software, then you have to reconstruct SMB session.
P.S. To be more specific , you need to recover all previous requests to subdirectory tree. If you need to recover \server\path\to\asdf1\file.txt, then you have to find requests to directory "to" first, also to directory "asdf1" too. Directory is a file itself, with attribite D.
I need to be able to read and write .txt files to a folder that is on a server. if it is possible do you have any advice as to how to get started?
Scanner can work with a number of sources, including a File, Sting, and an InputStream.
If the remote computers filesystem was mounted via SMB ("Windows Shares") or NFS or similar, then it could be transparently accessed "as a normal file".
If the remote file is accessible as the response content of an HTTP GET request then getInputStream of HttpURLConnecction might be appropriate. (Or, just read the entire response into a String and use that...)
Otherwise, find out how the remote file/resource can be accessed and use that: break down the problem and requirements, come up with a set of solutions, pick the least painful approach, and get to work :-)
Happy coding.