argus latest source printer option

Carter Bullard carter at qosient.com
Wed Jan 25 07:53:07 EST 2012 

Hey CS Lee,
Thanks for the bug reports.  I'll take a look tonight.
Did you test whenthe option is set in the .rarc ?

Carter


On Jan 25, 2012, at 12:31 AM, CS Lee <geek00l at gmail.com> wrote:

> hi Carter,
> 
> I have done a quick test on the printer option, ascii, hex, encode32 and encode64 seem to work as expected but the obfuscate option doesn't work for me here, I will compare the result from 3.0.5.24 to 3.0.5.30 -
> 
> argusc-3.0.5.24/bin/ra -nr argus-user-data.arg3 -s suser:64 duser:64
> srcUdata,dstUdata
> s[64]=.m.."v...e.*...Oc.K;= ...Jm.2{.....xq..b<E.~......+....q...{.mo.,
> s[64]=..b!.,.h.nf....Z.._.J....>b..m~....P...a.A0.l.....%.............,d[64]=.E...-QVd.[.....F.L;R.....&9}.....]..t.nd{Py...M..ml............
> s[33]=.V...........ftp.ics.uci.edu.....,d[64]=.V...........ftp.ics.uci.edu..................one-ring-vip......
> s[33]=(............ftp.ics.uci.edu.....,d[64]=(............ftp.ics.uci.edu..................one-ring-vip...-..
> s[64]=USER anonymous..PASS xxxxxx..SYST..PWD..TYPE I..CWD /incoming..S,d[64]=220-..220-.        Information and Computer Science..220-
> ,d[64]='S#...].....&..A..t?k..Y*...T)M..... at f?..$....3......lw.h...fj..
> 
> Over here we can see the PASS is obfuscated, so on 3.0.5.30 it should do the same but it doesn't
> 
> argusc-3.0.5.30/bin/ra -M printer=obfuscate -nr argus-user-data.arg3 -s suser:64 duser:64
> srcUdata,dstUdata
> s[64]=.m.."v...e.*...Oc.K;= ...Jm.2{.....xq..b<E.~......+....q...{.mo.,
> s[64]=..b!.,.h.nf....Z.._.J....>b..m~....P...a.A0.l.....%.............,d[64]=.E...-QVd.[.....F.L;R.....&9}.....]..t.nd{Py...M..ml............
> s[33]=.V...........ftp.ics.uci.edu.....,d[64]=.V...........ftp.ics.uci.edu..................one-ring-vip......
> s[33]=(............ftp.ics.uci.edu.....,d[64]=(............ftp.ics.uci.edu..................one-ring-vip...-..
> s[64]=USER anonymous..PASS -wget at ..SYST..PWD..TYPE I..CWD /incoming..S,d[64]=220-..220-.        Information and Computer Science..220-
> ,d[64]='S#...].....&..A..t?k..Y*...T)M..... at f?..$....3......lw.h...fj..
> 
> By the way there's typo in ra.c, when we run ra -h
> 
> printer='printer'   specify user data printing format
>                ascii            print user data using ascii encoding
>                obfuscate        print user data using ascii` encoding, obfuscate passwords
>                encode32         print user data using encode32 encoding
>                encode64         print user data using encode64 encoding
> 
> just remove ` in obfuscate line will do
> 
> 
> 
> 
> 
> -- 
> Best Regards,
> 
> CS Lee<geek00L[at]gmail.com>
> 
> http://geek00l.blogspot.com
> http://defcraft.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120125/d174cb7c/attachment.html>

More information about the argus mailing list