Reorganized

Network_and_802.11/wireshark_stuff/shark_the_ripper.py

@@ -0,0 +1,65 @@
+#!/usr/bin/env python
+
+import os
+import sys
+import binascii
+
+"""
+    Shark the Ripper Tool
+
+    For packet capture CTF problems:
+        Follow TCP Steam > Hex Dump > (Select Client/Server Chat) > Save As
+        Then input the file, followed by offset(s) where you want to cut.
+
+    -mandy
+
+"""
+
+if len(sys.argv) < 2:
+    print "Oh ffs, seriously?"
+    print "Usage: " + sys.argv[0] + " pasted_wireshark_hex_dump.txt START_OFFSET END_OFFSET"
+    sys.exit()
+
+if os.path.isfile( sys.argv[1] ):
+    with open( sys.argv[1] ) as f:
+        filecontents = f.read()
+
+    if len( sys.argv ) > 2:
+        if len( sys.argv ) == 4:
+            start = sys.argv[2]
+            end = sys.argv[3]
+        else:
+            start = sys.argv[2]
+            end = "FFFFFFFF"
+
+        cut = True
+
+        if len( start ) != 8 or len( end ) != 8:
+            print "Invalid offset size"
+            sys.exit()
+    else:
+        cut = False
+
+    output = ""
+
+    if cut == True:
+        start_cutting = False
+        for row in filecontents.split("\n"):
+            if row != "":
+                if row[:8] == start:
+                    start_cutting = True
+
+                if row[:8] == end:
+                    start_cutting = False
+
+                if start_cutting == True:
+                    output += row[10:][:48].replace(" ", "")
+    else:
+        for row in filecontents.split("\n"):
+            if row != "":
+                output += row[10:][:48].replace(" ", "")
+
+    output = binascii.unhexlify(output)
+    with open( sys.argv[1] + ".out", 'w') as output_file:
+        output_file.write( output )
+

Network_and_802.11/wireshark_stuff/useful_cmds.md

@@ -0,0 +1,14 @@
+# Useful
+
+## Recon
+
+* Statistics -> Conversations
+	-> Some SSH, HTTP
+
+
+## Filters
+* Filer on HTTP:
+
+```
+ip.addr==172.16.133.133 && tcp.port==52694 && ip.addr==172.16.133.149 && tcp.port==80
+```