argus latest source printer option
CS Lee
geek00l at gmail.com
Wed Jan 25 00:31:36 EST 2012
hi Carter,
I have done a quick test on the printer option, ascii, hex, encode32 and
encode64 seem to work as expected but the obfuscate option doesn't work for
me here, I will compare the result from 3.0.5.24 to 3.0.5.30 -
*argusc-3.0.5.24*/bin/ra -nr argus-user-data.arg3 -s suser:64 duser:64
srcUdata,dstUdata
s[64]=.m.."v...e.*...Oc.K;= ...Jm.2{.....xq..b<E.~......+....q...{.mo.,
s[64]=..b!.,.h.nf....Z.._.J....>b..m~....P...a.A0.l.....%.............,d[64]=.E...-QVd.[.....F.L;R.....&9}.....]..t.nd{Py...M..ml............
s[33]=.V...........ftp.ics.uci.edu.....,d[64]=.V...........ftp.ics.uci.edu..................one-ring-vip......
s[33]=(............ftp.ics.uci.edu.....,d[64]=(............ftp.ics.uci.edu..................one-ring-vip...-..
s[64]=USER anonymous..PASS xxxxxx..SYST..PWD..TYPE I..CWD
/incoming..S,d[64]=220-..220-. Information and Computer Science..220-
,d[64]='S#...].....&..A..t?k..Y*...T)M..... at f?..$....3......lw.h...fj..
Over here we can see the PASS is obfuscated, so on 3.0.5.30 it should do
the same but it doesn't
*argusc-3.0.5.30*/bin/ra -M printer=obfuscate -nr argus-user-data.arg3 -s
suser:64 duser:64
srcUdata,dstUdata
s[64]=.m.."v...e.*...Oc.K;= ...Jm.2{.....xq..b<E.~......+....q...{.mo.,
s[64]=..b!.,.h.nf....Z.._.J....>b..m~....P...a.A0.l.....%.............,d[64]=.E...-QVd.[.....F.L;R.....&9}.....]..t.nd{Py...M..ml............
s[33]=.V...........ftp.ics.uci.edu.....,d[64]=.V...........ftp.ics.uci.edu..................one-ring-vip......
s[33]=(............ftp.ics.uci.edu.....,d[64]=(............ftp.ics.uci.edu..................one-ring-vip...-..
s[64]=USER anonymous..PASS -wget at ..SYST..PWD..TYPE I..CWD
/incoming..S,d[64]=220-..220-. Information and Computer Science..220-
,d[64]='S#...].....&..A..t?k..Y*...T)M..... at f?..$....3......lw.h...fj..
By the way there's typo in ra.c, when we run ra -h
printer='printer' specify user data printing format
ascii print user data using ascii encoding
obfuscate print user data using ascii` encoding,
obfuscate passwords
encode32 print user data using encode32 encoding
encode64 print user data using encode64 encoding
just remove ` in obfuscate line will do
--
Best Regards,
CS Lee<geek00L[at]gmail.com>
http://geek00l.blogspot.com
http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120125/0a313517/attachment.html>
More information about the argus
mailing list