当前位置:网站首页>misc ez_usb
misc ez_usb
2022-07-07 04:13:00 【[mzq]】
ez_usb
wireshark 打开文件
发现是usb流量,长度为8是键盘流量,usbhack提取数据,发现失败,回到wireshark发现有两个版本的流量。
wireshark usb.src == “2.8.1” and usb.src == “2.10.1” 导出特定分组
两种流量分别导出为各种pcapng文件
使用UsbKeyboardDataHacker直接分析内容
UsbKeyboardDataHacker
#!/usr/bin/env python
import sys
import os
DataFileName = "usb.dat"
presses = []
normalKeys = {
"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {
"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
def main():
# check argv
if len(sys.argv) != 2:
print("Usage : ")
print(" python UsbKeyboardHacker.py data.pcap")
print("Tips : ")
print(" To use this python script , you must install the tshark first.")
print(" You can use `sudo apt-get install tshark` to install it")
print("Author : ")
print(" WangYihang <[email protected]>")
print(" If you have any questions , please contact me by email.")
print(" Thank you for using.")
exit(1)
# get argv
pcapFilePath = sys.argv[1]
# get data of pcap
os.system("tshark -r %s -T fields -e usb.capdata 'usb.data_len == 8' > %s" % (pcapFilePath, DataFileName))
# read data
with open(DataFileName, "r") as f:
for line in f:
presses.append(line[0:-1])
# handle
result = ""
for press in presses:
if press == '':
continue
if ':' in press:
Bytes = press.split(":")
else:
Bytes = [press[i:i+2] for i in range(0, len(press), 2)]
if Bytes[0] == "00":
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += normalKeys[Bytes[2]]
elif int(Bytes[0],16) & 0b10 or int(Bytes[0],16) & 0b100000: # shift key is pressed.
if Bytes[2] != "00" and normalKeys.get(Bytes[2]):
result += shiftKeys[Bytes[2]]
else:
print("[-] Unknow Key : %s" % (Bytes[0]))
print("[+] Found : %s" % (result))
# clean the temp data
os.system("rm ./%s" % (DataFileName))
if __name__ == "__main__":
main()
发现
5261722
是rar文件头, 删除<CAP>
c<DEL>
还有文件末尾的c
,然后另存为rar文件
解压 rar文件发现需要密码 ,提取另一个版本的usb流量发现密码
35c535765e50074a
flag{
20de17cc-d2c1-4b61-bebd-41159ed7172d}
边栏推荐
- About some details of final, I have something to say - learn about final CSDN creation clock out from the memory model
- Summary of customer value model (RFM) technology for data analysis
- Dynamics CRM server deployment - restore database prompt: the database is in use
- Interviewer: what development models do you know?
- Wechat applet full stack development practice Chapter 3 Introduction and use of APIs commonly used in wechat applet development -- 3.9 introduction to network interface (IX) extending the request3 met
- IO流 file
- After 95, the CV engineer posted the payroll and made up this. It's really fragrant
- 基于Flask搭建个人网站
- 1089: highest order of factorial
- Route jump in wechat applet
猜你喜欢
随机推荐
JS small exercise ---- time sharing reminder and greeting, form password display hidden effect, text box focus event, closing advertisement
面试官:你都了解哪些开发模型?
聊聊异步编程的 7 种实现方式
【Unity】物体做圆周运动的几个思路
Kuboard can't send email and nail alarm problem is solved
The annual salary of general test is 15W, and the annual salary of test and development is 30w+. What is the difference between the two?
PostgreSQL source code (59) analysis of transaction ID allocation and overflow judgment methods
JS get all date or time stamps between two time stamps
Jenkins远程构建项目超时的问题
URP - shaders and materials - light shader lit
Docker compose start redis cluster
Modify the jupyter notebook file path
Calculus key and difficult points record part integral + trigonometric function integral
Mutual conversion between InputStream, int, shot, long and byte arrays
1142_ SiCp learning notes_ Functions and processes created by functions_ Linear recursion and iteration
【数学笔记】弧度
基于Flask搭建个人网站
按键精灵脚本学习-关于天猫抢红包
Flutter riverpod is comprehensively and deeply analyzed. Why is it officially recommended?
考研失败,卷不进大厂,感觉没戏了