Can I view the format history of a usb key?

Is there a way to view when changes were made to a USB key, such as when the USB key was formatted and/or when some files were transferred?

I have seen this previous stackexchange question File system history on USB drives, but it wasnt clear if anywhere on the USB key a log will be available.

NB. I only have the USB key at hand.

Does anyone know what this encoding format for passwords is? I think it is a decimal array but I can’t seem to convert it

During a penetration test, I ran across a server that was storing passwords in its database in what seems to be a binary array of sorts:

password_table  1,10,11,21,21,11,21,13,00,00,00,000 11,61,19,11,46,108,09,100 110,118,100,107,108,117,123,62,108,108,62,62 

(slightly edited for confidentiality)

The server in question is a Tomcat server and the application is running a Java program. I considered that this might be a array of sorts but I can’t seem to convert these arrays into anything readable or usable. Does anyone have any ideas?

Format for data & symmetric key exchange/storeage

Is there a standard format for storing/exchanging encrypted data along with the key needed to decrypt it (data is encrypted with a single use symmetric key and the symmetric key itself is encrypted with asymmetric key for the receiver)?

We are trying to build an interoperable protocol to exchange large messages between two parties that may not agree on much else besides using asymmetric keys. The best way seems to be using a symmetric single use key to encrypt the data and then encrypt it with the asymmetric key and pass along the whole thing as a package (e.g. RSA wrapped AES). So is there any widely used standard for sharing the encrypted text along with its key, preferably along with some information about the symmetric algorithm used.

The only work that I found in that direction is OpenPGP which is somewhat too implementation specific. I was wondering if there is anything else that has more metadata along with it to describe the alogs and the keys.

Difficultly importing GeoTiff format

I downloaded Earth data from here. It is a GeoTiff file, which is a map of solar radiation falling on earth.

enter image description here

Mathematica claims to import GeoTiff files. However, when I import,

SetDirectory[NotebookDirectory[]] files = FileNames["*", "./diffuse/"][[1]] diffuse = Import[files, {"GeoTIFF", "Image"}] 

The output is an error:

LinkObject::linkd: Unable to communicate with closed link LinkObject['/Applications/Mathematica.app/Contents/SystemFiles/Converters/Binaries/MacOSX-x86-64/GDAL.exe',6300,8]. Import::fmterr: Cannot import data as GeoTIFF format. 

I can get the file to open using other GeoTiff programs such as QCIS. So it does seem to be a Mathematica issue. Any ideas? It is an error which I have not encountered before.

“john –format=md5” caused “Unknown ciphertext format name requested” error

  • This is known md5 hash for Kioptrix: Level 1.1 (#2)

Linux unshadow file

wolf@linux:~$   cat md5hash.txt  root:$  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc.:0:0:root:/root:/bin/bash john:$  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1:500:500::/home/john:/bin/bash harold:$  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1:501:501::/home/harold:/bin/bash wolf@linux:~$    

md5hash only

wolf@linux:~$   cat md5hash_only.txt  $  1$  FTpMLT88$  VdzDQTTcksukSKMLRSVlc. $  1$  wk7kHI5I$  2kNTw6ncQQCecJ.5b8xTL1 $  1$  7d.sVxgm$  3MYWsHDv0F/LP.mjL9lp/1 wolf@linux:~$    

Since I know that these are md5 format, I used --format=md5 option in john.

Unfortunately, I’m getting Unknown ciphertext format name requested error.

wolf@linux:~$   john --format=md5 md5hash.txt  Unknown ciphertext format name requested wolf@linux:~$     wolf@linux:~$   john --format=md5 md5hash_only.txt  Unknown ciphertext format name requested wolf@linux:~$    

I’ve verified that the format is similar with pentestmonkey cheat-sheet

Any idea what’s wrong here?

How to send a string format exploit through socket

I’m doing a CTF exercise here:

https://c-wars.acnr.se/download/level2.tgz

There is a docker with the vulnerable service, which I need to found the value of a variable. I was able to do it by the following input:

== Login Service 1.0 == Username: %7$  s Password: a Welcome: ACNR{_SERVICE_FLAG_} 

My issue now is that the submission needs to call a function that is going to send this string by a socket, so I guess I need to escape it. I have tried %7$ s, but didnt worked.

Submission format can be found at https://c-wars.acnr.se/download/MANUAL.pdf

#include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <string.h> #include <stdint.h> #include "gamelib.h" uint32_t main(uint32_t argc, uint8_t ** argv) { svc_init(); svc_set(10000); svc_writeln("gimme flag"); svc_readuntil('}'); return 0; } 

Industry secure file format like .OFX Open Financial Exchange File [closed]

The .OFX Open Financial Exchange File is a file format created for financial data exchanges between financial institutions.

I was wondering if in the IT security realm, such a file format exists.

My goal would be to use and customize it so that my backend API entry points (that is another story, don’t worry about that)