Categories
Forensics

Export packet data

One of the recent challenges I completed consisted of identifying specific data exchanged over the network in a Wireshark file. I noticed one ip was sending to another ip small packets of data using the ICMP protocol.

The first package contained the PNG hex headers so I figured the sender was trying to pass an image to the recipient without being detected. Because small packets were being sent, Wireshark did not identify the image as an object sent over the network, so I had to combine the packages in a single file. There were around 2000 packages sent, so this is definitely not manual work.

For this task I used tshark, another network traffic analyzer. After running the command in the terminal:

tshark -r capture.pcap -Y 'icmp and ip.dst == 10.0.0.41' -T fields -e data > output.png

the exported file contained a full PNG built using the data sent over all the ping requests. Indeed, the user sent an encrypted password as a screenshot.

Categories
Shell

Shell wildcards

A wildcard is a character that can replace one or more characters. Linux uses 3 wildcards:

  • star (*) – substitutes zero or more characters
  • questions mark (?) – matches a single character
  • square brackets ([]) – represents any of the characters enclosed in the brackets

These wildcards are mainly used when specifying file names or paths.

One nice trick is you can use wildcards to also run Linux utilities. Let’s take head for example. head is a command-line utility for outputting the first part of files given to it via standard input

head text

is the same as running

/usr/bin/head text

However, using wildcards we can run the following command:

/?s?/b*/h*ad t?xt

and we’d get the beginning of the text file

This is mostly used when you need to run specific commands, but you can only use a limited set of characters or you encounter a validator that rejects certain words (cat, tail, head, bin, usr etc)

Categories
PHP

PHP strcmp() bypass

PHP strcmp() documentation here: https://www.php.net/manual/en/function.strcmp.php

If you pass an array to the strcmp() function instead of a string, PHP will throw a warning, but the compare result returns 0.

if(strcmp([], "text") == 0) {
echo 'This is 0';
} else {
echo 'This is not 0';
}

Running this PHP code we’d get:

Warning: strcmp() expects parameter 1 to be string, array given in <filename> on line <line number>
This is 0

This is useful to know when trying to bypass PHP strcmp() string comparison when doing Capture the Flag challenges.

This is also something you should keep in mind when writing secure PHP code

Categories
Thoughts

We all have dreams

On the 6th of June 2017 I started writing my first blog post about a life reset. I didn’t actually finish it as I didn’t have anything lined up. This is how it all started:

Would you like an adventure? Or shall we have our tea first?

This was one of the most inspiring quotes I read; it’s about leaving your comfort zone. Don’t be a Wendy, be a Peter Pan! Do I want to fly? Yes, I do. So this is the first day I really thought about quitting my life and following my dreams.

Fast-forward to early morning of the 23rd of september: I am in a taxi to the airport. My first destination is Grenoble.

During the last 3 months I thought a lot about the decision to leave a company that was my family for around 7 years. I learned a lot of things, I made a lot of mistakes, but also did my job.

I still don’t have anything lined up for my career, but the next few weeks will be about clearing up my mind, meeting new people in a foreign place and sport (mostly trail running)

 

 

Categories
Sport

Post clavicle surgery recovery updates

Notice: The post should not be used for medical decisions – it just reflects my experience going through ORIF surgery and rehabilitation. Always follow your doctor’s indications and ask him any time you are not sure of the evolution.

This guide might help a lot of people who got injured or went through shoulder surgery. It shows different ways to do stuff single-handed (in the kitchen, personal care, going to the bathroom, dressing, wearing a sling).

Week 1 (updated 07/05)

The first 3 days post op I could feel a dull pain (I figured it was the incision), but ice helped me get over it. I ended up with a numb area around the incision (quite common after surgery as some nerves get cut). I could only sleep on my back and wore shirts. I got surgery on Thursday, so Friday, Saturday and Sunday I slept and watched TV. On Monday I returned to my job, but I could only type with one hand. I followed the doctor’s indications and started basic recovery moves, making sure I do not put any pressure on the shoulder. I could exercise only when I was laying on my back, doing some basic hand rotations and raises from the elbow. I got my X-ray and got the bandage changed. Everything looked great! I got an extension on the allowed movements and can start wearing the arm sling less. Yay!

 

Week 2 (updated 07/13)

I started doing wall walks with my hand and arm rotations while laying on my back and using a stick with both hands. I started typing with both hands. Now I am able to put a t-shirt on and tie my shoe-laces – so much joy! No weights should be lifted. Also, you shouldn’t use your arm to get up from the bed or a chair. You really cannot lift anything because even if you use your good hand, the body tries to balance itself, so you’ll end up feeling your other shoulder protesting in pain. Still sleeping on my back with my arm sling. The numb area feels a little different now. I know I am touching the skin, and feel the touch, but it’s so much different than touching my right shoulder. I read it takes a few months until you get to feel that area again. I cannot run or even walk faster, as any impact or arm rotation comes with some pain. I read a text from someone who got cervical surgery at the same time with me and it’s what I also feel: at the beginning of the year I was thinking about improving my times, taking part in a lot of running contests and getting better at swim to get into triathlons. Now I just want to feel the pleasure of running. (Adrian Mila)

I miss driving, running, cycling and swimming.

2 weeks post-op, I got my Steri-strips removed. The wound is looking good. The doctor said we should meet in around one month for another check.

 

Week 3 (updated 07/15)

It’s been 15 days since the surgery and it seems so far away. I almost regained full mobility. I cannot lift heavy things, nor it’s recommended. I wear the sling while I sleep in order to prevent rolling on my stomach (one of my favorite sleeping positions) but I can finally sleep on my side, with the aid of the arm sling. For the last 3 weeks (from the accident) I could only sleep on my back. In the morning I feel my arm sore, but after some easy movements, everything is ok.

I tried doing an easy run, but the impact would get carried to the shoulder and it doesn’t feel good.

Week 4 (updated 07/25)

OMG!!! 3 and a half weeks post surgery I went out for an easy walk. I started doing this a while ago and also tried running, just to test myself, but I could feel a pain in my shoulder. Til now. This didn’t happen today. I ran 3 km, with easy walking every 1 km. It feels so good to be back. I really missed running and I couldn’t wait to get back in action. I want to go back to swimming, but I think I won’t be able to do so for the next 2 weeks. The doctor told me to take it slow, so I will do as he says.

Last night was the first since the surgery when I slept without the arm sling. I think my body got used to sleeping on my back or on the side and I didn’t roll too much, so I had a good sleep.

I can feel a discomfort in my shoulder when I do a sudden move. I think I can drive, but I like to be cautious. I don’t think I am able to quickly move my arm if I need to avoid an accident, so I prefer to be a passenger. I also don’t think the seatbelt would get along well with my incision. Everything seems ok with it, but I feel like the skin is somehow attached to the bone now. I can’t wait to get to ask the doctor about it. I still have a numb area, but it didn’t get worse. It will probably get better in time.

Secured By miniOrange