Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: project

From: David Pick <d.m.pick () qmul ac uk>
Date: Wed, 30 Apr 2003 17:36:55 +0100


I mean I have captured data using Tcpdump (i.e. raw data), how to I
recombine the data into the orginal word attachment (or like)? Cannot
seem to find any information anywhere on the technical involved in this.


You'll not only need to reassemble the packet streams, you'll also
need to know what protocol was used to transport the higher-level
data. For example, was the data flowing over a "connection" to a
file server? if so you'll need to work out which protocol was used
(NFS, CIFS, NCP, something else...). Or if it was carried by EMail
you'll need to extrace the message text from the SMTP (or POP or
IMAP) protocol information and then (perhaps) extract individual
attachments from the message, and then reverse the Base64 encoding
(or whichever it was) and then...

-- 
        David Pick


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: