Dumpcap - Its the way you DUMP pcap!

Why dumpcap? Because it is light and more importantly its CLI (Command Line Interface). With that we can leverage on and write some automated python, bash or related scripts to automated our work.

In my case, I wanted to capture all the packets and dump it into separate file with size of 50MB and continuously capture for a certain time period e.g 9:00 till 17:00 (wherever you wanted to)

$ dumpcap -i 1 -b filesize:10 -w demo.pcapng

//Command above will dump all packets separately into 10kb size into filename of demo.pcapng

P/S:
-i = interface you wish to capture from (you might wanna run tshark with -D options first)

Anyhow if you stuck, don't forget to read user manual. Cheers!

Comments

Create a session & restore abort/interrupted session in John The Ripper!

Been busy with report writing. Just wanna put some of these command and technique on how to restore interrupted session or aborted session in John The Ripper. 1. First step crack the hash with these commands : john --session=test --format=raw-sha --incremental=rockyou test.txt 2. To restore the abort /interrupted session that you wanted to resume just run these commands : john --restore=test Check the "test.log" Note: Make sure that these file are not delete " .rec " and " .log " files if the file is deleted or missing it wont work. That's all happy cracking!

MSF ::EXITFUNC::

Quick note about MSF EXITFUNC. So what is EXITFUNC? EXITFUNC option is set to 'thread' by default, and it works fine in most cases, so we don't usually look into it much. But in some situations specifying a different EXITFUNC is necessary so that you can have a clean exit from the exploited box. There are 3 different values for EXITFUNC: THREAD: This method is used in most exploitation scenarios where the exploited process (e.g. IE) runs the shellcode in a sub-thread and exiting this thread results in a working application/system (clean exit) PROCESS: This method should be used with multi/handler. This method should also be used with any exploit where a master process restarts it on exit. SEH: This method should be used when there is a structured exception handler (SEH) that will restart the thread or process automatically when an error occurs. Might be useful when we wanted to generate a payload with MSFVENOM.

iOS - Convert .app to .ipa

While doing a iOS Security Testing, I wondered how do we convert .app into .ipa. So basically here are the structure of .ipa files. 1. First, SSH in your iPhone (Jailbroken). 2. Download the .app folder via scp 3. Copy the .app folder into a folder called Payload. 4. Compress it with .zip extension using any compression software. 5. Change the extension from file.zip to file.ipa. That’s it. Now you can use these .ipa files to install the app into your iPhone.

Rip 'em Out!

Search This Blog