Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import os
- def prima():
- #a=os.system('tshark -r evidence.pcap -R "ip.src == 192.168.1.158" -T fields -e ip.dst | sort | uniq -c')
- #b=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && ip.addr == 64.12.24.50" -d tcp.port==443,aim')
- print "\n1. What is the name of Ann's IM buddy?"
- c=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && ip.addr == 64.12.24.50" -d tcp.port==443,aim -T fields -e "aim.buddyname" | sort | uniq -c')
- def seconda():
- #a=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && ip.addr == 64.12.24.50" -d tcp.port==443,aim -T fields -e frame.number -e "ip.src" -e "aim.messageblock.message"')
- print '\n2. What was the first comment in the captured IM conversation?'
- b=os.system('tshark -r evidence.pcap -R "frame.number==25" -d tcp.port==443,aim -T fields -e "aim.messageblock.message"')
- def terza():
- print '\n3. What is the name of the file Ann transferred?'
- #a=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && ip.addr == 64.12.24.50" -d tcp.port==443,aim -V | grep -i send')
- #b=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && ip.addr == 64.12.24.50 && (tcp contains 09:46:13:43)" -d tcp.port==443,aim -T fields -e frame.number')
- #c=os.system('tshark -r evidence.pcap -R "frame.number==92" -d tcp.port==443,aim -V')
- #d=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && tcp.port == 5190 && tcp.len>80" -d tcp.port==443,aim')
- e=os.system('tshark -r evidence.pcap -R "frame.number==112" -d tcp.port==443,aim -V')
- def quarta():
- print '\n4. What is the magic number of the file you want to extract (first four bytes)?'
- #a=d=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && tcp.port == 5190" -d tcp.port==443,aim -T fields -e frame.number -e data.data')
- b=os.system('tshark -r evidence.pcap -R "frame.number==119" -d tcp.port==443,aim -V')
- def quinta():
- print '\n5. What was the MD5sum of the file?'
- a=os.system('tshark -r evidence.pcap -R "ip.addr == 192.168.1.158 && tcp.port == 5190" -d tcp.port==443,aim -w new.pcap')
- b=os.system('tcpflow -r new.pcap')
- c=os.system('dd if=192.168.001.158.05190-192.168.001.159.01272 of=new skip=256 bs=1')
- d=os.system('md5sum new')
- def sesta():
- print '\n6. What is the secret recipe?'
- a=os.system('unzip new')
- b=os.system('cat word/document.xml')
- prima()
- seconda()
- terza()
- quarta()
- quinta()
- sesta()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement