MENU

流量分析

November 29, 2020 • Read: 573 • CTF阅读设置

Wireshark常用过滤指令

过滤IP:ip.src eq x.x.x.x or ip.dst eq x.x.x.x

•过滤端口:tcp.port eq 80 or udp.port eq 80

•过滤协议:tcp/udp/http/tls/ssl/icmp/ftp/dns/ip

•http过滤模式:

​ •http.request.method == “GET”

​ •http.request.method == “POST”

​ •http.request.uri == “[路由地址]”

​ • [协议] contains “[关键字]”

Crunch

Crunch是一种创建密码字典工具,按照指定的规则生成密码字典,可以灵活的制定自己的字典文件。

Usage: crunch [options]

crunch <min-len> <max-len> [<charset string>] [options]

 min-len  设定最小字符串长度
 max-len  设定最大字符串长度
 
 options
 -o password.txt 指定输出文件的名称,例如password.txt

-t 命令

-t @,%^ 指定模式,

@ 插入小写字母
, 插入大写字母
% 插入数字
^ 插入特殊符号

Crunch命令详解 以及使用方法

https://blog.csdn.net/qq_42025840/article/details/81125584

鼠标流量

在kali下提取得到 usbdata.txt

tshark   -r usb2.pcap  -T fields -e usb.capdata  >  usbdata.txt

然后将16进制的usbdata.txt转化为坐标

python  usb.py  >  xy.txt
#usb.py
nums = []
keys = open('usbdata.txt','r')
posx = 0
posy = 0
for line in keys:
    if len(line) != 12 :
         continue
    x = int(line[3:5],16)
    y = int(line[6:8],16)
    if x > 127 :
        x -= 256
    if y > 127 :
        y -= 256
    posx += x
    posy += y
    btn_flag = int(line[0:2],16) 
    if btn_flag == 2 :                     # 1 for left , 2 for right , 0 for nothing
        print posx , posy
keys.close()

进入gnuplot工具,将xy.txt中的坐标转图片

gnuplot                   //进入gunplot工具
plot  "xy.txt"            //把xy.txt文本里的坐标转化为图片

键盘流量

方法一

在kali下提取得到usbdata.txt

tshark -r usb.pcap -T fields -e usb.capdata > usbdata.txt

对生成flag.txt去空行后执行下面脚本

normalKeys = {"04":"a", "05":"b", "06":"c", "07":"d", "08":"e", "09":"f", "0a":"g", "0b":"h", "0c":"i", "0d":"j", "0e":"k", "0f":"l", "10":"m", "11":"n", "12":"o", "13":"p", "14":"q", "15":"r", "16":"s", "17":"t", "18":"u", "19":"v", "1a":"w", "1b":"x", "1c":"y", "1d":"z","1e":"1", "1f":"2", "20":"3", "21":"4", "22":"5", "23":"6","24":"7","25":"8","26":"9","27":"0","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"-","2e":"=","2f":"[","30":"]","31":"\\","32":"<NON>","33":";","34":"'","35":"<GA>","36":",","37":".","38":"/","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
shiftKeys = {"04":"A", "05":"B", "06":"C", "07":"D", "08":"E", "09":"F", "0a":"G", "0b":"H", "0c":"I", "0d":"J", "0e":"K", "0f":"L", "10":"M", "11":"N", "12":"O", "13":"P", "14":"Q", "15":"R", "16":"S", "17":"T", "18":"U", "19":"V", "1a":"W", "1b":"X", "1c":"Y", "1d":"Z","1e":"!", "1f":"@", "20":"#", "21":"$", "22":"%", "23":"^","24":"&","25":"*","26":"(","27":")","28":"<RET>","29":"<ESC>","2a":"<DEL>", "2b":"\t","2c":"<SPACE>","2d":"_","2e":"+","2f":"{","30":"}","31":"|","32":"<NON>","33":"\"","34":":","35":"<GA>","36":"<","37":">","38":"?","39":"<CAP>","3a":"<F1>","3b":"<F2>", "3c":"<F3>","3d":"<F4>","3e":"<F5>","3f":"<F6>","40":"<F7>","41":"<F8>","42":"<F9>","43":"<F10>","44":"<F11>","45":"<F12>"}
output = []
keys = open('usbdata.txt')
for line in keys:
    try:
        if line[0]!='0' or (line[1]!='0' and line[1]!='2') or line[3]!='0' or line[4]!='0' or line[9]!='0' or line[10]!='0' or line[12]!='0' or line[13]!='0' or line[15]!='0' or line[16]!='0' or line[18]!='0' or line[19]!='0' or line[21]!='0' or line[22]!='0' or line[6:8]=="00":
             continue
        if line[6:8] in normalKeys.keys():
            output += [[normalKeys[line[6:8]]],[shiftKeys[line[6:8]]]][line[1]=='2']
        else:
            output += ['[unknown]']
    except:
        pass
keys.close()

flag=0
print("".join(output))
for i in range(len(output)):
    try:
        a=output.index('<DEL>')
        del output[a]
        del output[a-1]
    except:
        pass
for i in range(len(output)):
    try:
        if output[i]=="<CAP>":
            flag+=1
            output.pop(i)
            if flag==2:
                flag=0
        if flag!=0:
            output[i]=output[i].upper()
    except:
        pass
print ('output :' + "".join(output))
方法二

在kali下运行UsbKeyboardDataHacker一步到位

下载地址:https://github.com/WangYihang/UsbKeyboardDataHacker

Bugku[想蹭网先解开密码]

Wireshark过滤eapol协议的包,发现通过握手包可以对密码实现暴力破解

在kali中使用Crunch工具生成密码字典

crunch 11 11 -t 1391040%%%% -o password.txt

使用aircrack -ng工具进行破解

aircrack-ng wifi.cap -w password.txt

-w后面接的是字典

得到flag

参考链接

https://blog.csdn.net/qq_45555226/article/details/102810474

https://blog.csdn.net/qq_44108455/article/details/108179086

https://blog.csdn.net/qq_42025840/article/details/81125584

Last Modified: November 9, 2021