zoukankan      html  css  js  c++  java

  • 高校战“疫”网络安全分享赛 Misc ez_mem&usb

    打开之后是一个流量包

    用wireshark导出HTTP文件,有个upload,用一下binwalk,出来了一个镜像文件

     用volatility搜一下,命令里有一个密码,看见了但是后来给忘了。。。

    文件里有一个flag.img,导出

    里面有一个压缩包,导出

    或者用取证大师直接打开data.vmem就能看到压缩包

    用cmd里的密码解压压缩包

    一串字符,可以看出是usb键盘与电脑通信的流量

    用一下网上搜到的脚本

    import sys
import os
 
 
usb_codes = {
   0x04:"aA", 0x05:"bB", 0x06:"cC", 0x07:"dD", 0x08:"eE", 0x09:"fF",
   0x0A:"gG", 0x0B:"hH", 0x0C:"iI", 0x0D:"jJ", 0x0E:"kK", 0x0F:"lL",
   0x10:"mM", 0x11:"nN", 0x12:"oO", 0x13:"pP", 0x14:"qQ", 0x15:"rR",
   0x16:"sS", 0x17:"tT", 0x18:"uU", 0x19:"vV", 0x1A:"wW", 0x1B:"xX",
   0x1C:"yY", 0x1D:"zZ", 0x1E:"1!", 0x1F:"2@", 0x20:"3#", 0x21:"4$",
   0x22:"5%", 0x23:"6^", 0x24:"7&", 0x25:"8*", 0x26:"9(", 0x27:"0)",
   0x2C:"  ", 0x2D:"-_", 0x2E:"=+", 0x2F:"[{", 0x30:"]}",  0x32:"#~",
   0x33:";:", 0x34:"'"",  0x36:",<",  0x37:".>", 0x4f:">", 0x50:"<"
   }
 
def code2chr(filepath):
    lines = []
    pos = 0
    for x in open(filepath,"r").readlines():
        code = int(x[6:8],16)   # 即第三个字节
        if code == 0:
            continue
        # newline or down arrow - move down
        if code == 0x51 or code == 0x28:
            pos += 1
            continue
        # up arrow - move up
        if code == 0x52:
            pos -= 1
            continue
 
        # select the character based on the Shift key
        while len(lines) <= pos:
            lines.append("")
        if code in range(4,81):
            if int(x[0:2],16) == 2:
                lines[pos] += usb_codes[code][1]
            else:
                lines[pos] += usb_codes[code][0]
        
    for x in lines:
        print(x)
 
 
if __name__ == "__main__":
    # check argv
    filepath = 'usbdata.txt'
    code2chr(filepath)
    '''
    if len(sys.argv) != 2:
        print("Usage:
	python keyboardScanCode.py datafile.txt
how to get datafile:	 tshark -r file.usb.pcapng -T fields -e usb.capdata > datafile.txt")
        exit(1)
    else:
        filepath = sys.argv[1]
        code2chr(filepath)
    '''
  • 相关阅读:
    Python正课38 —— 有参装饰器
    Python正课37 —— 无参装饰器
    Python正课36 —— 闭包函数
    Python正课35 —— 函数对象与函数嵌套
    Python正课34 —— Global与Nonlocal
    Python正课33 —— 名称空间 与 作用域 介绍
    vue中wowjs的使用
    js得到时间戳(10位数)
    腾讯地图使用中,出现了“鉴权失败,请传入正确的key”
    js数组操作大全
  • 原文地址:https://www.cnblogs.com/p201821440039/p/12455527.html
Copyright © 2011-2022 走看看