Online Decoder --> https://2cyr.com/decode/
Encoding errors --> https://ftfy.now.sh/
File Signatures List --> Click here
PCAP Analysis: --> https://www.packettotal.com/
Online Cipher Decryptors:
CyberChef - Cipher Decoder Crack Station-Hash Cracker Decrypt Any Kind of Hash
1) Cipher Statistics
2) Index of Coincidence Calculator - Online IC Cryptanalysis Tool
3) Tools List (Awesome and Fantastic Tools) Available on dCode
4) Solve an Aristocrat or Patristocrat
5) RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
5-1) RSA - Find PQ using N
6) BertNase's Own Hide content in a Image made of blocks - npiet fun!
7) Vigenere Solver - www.guballa.de
8) Fernet (Decode)
9) Unicode Text Steganography Encoders/Decoders
10) All in ONE encoders and Decoders Tool
11) Cryptii - Decoder
Image Forensics:
1) Forensically, free online photo forensics tools - 29a.ch
2) StegSolve to decryt data in image files
Online Stegnographic tools
1) https://osric.com/chris/steganography/decode.html
2) http://stylesuxx.github.io/steganography/
3) https://futureboy.us/stegano/decinput.html
4) https://www.pdf-online.com/osa/extract.aspx --> For PDF
Audio Forensics:
1) Decrypt Old tapes with software for Atari 8-bit computers (Software - Download Required)
Encoding errors --> https://ftfy.now.sh/
File Signatures List --> Click here
PCAP Analysis: --> https://www.packettotal.com/
Online Cipher Decryptors:
CyberChef - Cipher Decoder Crack Station-Hash Cracker Decrypt Any Kind of Hash
1) Cipher Statistics
2) Index of Coincidence Calculator - Online IC Cryptanalysis Tool
3) Tools List (Awesome and Fantastic Tools) Available on dCode
4) Solve an Aristocrat or Patristocrat
5) RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data
5-1) RSA - Find PQ using N
6) BertNase's Own Hide content in a Image made of blocks - npiet fun!
7) Vigenere Solver - www.guballa.de
8) Fernet (Decode)
9) Unicode Text Steganography Encoders/Decoders
10) All in ONE encoders and Decoders Tool
11) Cryptii - Decoder
Image Forensics:
1) Forensically, free online photo forensics tools - 29a.ch
2) StegSolve to decryt data in image files
Online Stegnographic tools
1) https://osric.com/chris/steganography/decode.html
2) http://stylesuxx.github.io/steganography/
3) https://futureboy.us/stegano/decinput.html
4) https://www.pdf-online.com/osa/extract.aspx --> For PDF
Audio Forensics:
1) Decrypt Old tapes with software for Atari 8-bit computers (Software - Download Required)
strings filename | awk 'length($0)>15' | sort -u /\ Setting the minimum length for a string can help clean out a lot of the garbage. this will only print strings with 15 or more chars. # strings -a -n 15 filename
grep -rnw '/' -ie 'password' --color=always
--> Print files with line numbers where string is found
# Grep for words starting with "co"
egrep "^co" common.txt > /cp.txt
#Hex Decode a file
cat key| xxd -r -p > key.bin
fcrackzip -D -p rockyou.txt -u --> crack a zip file using wordlist Download John the Ripper Community Version (Lot of Plugins are Available) zip2john filename.zip > filehash.txt --> creates a hash john filehash.txt -> cracks the password using default wordlist john -wordlist=/usr/share/wordlists/rockyou.txt.gz filehash.txt
pdfcrack -f file.pdf -w ../stego/rockyou.txt --> crack PDF Files using wordlist
Analyzing Event logs for finding violations
sudo usbrip events violations auth.json -f syslog
python latex.py --files file.7z --wordlist rockyou.txt Brute Force 7z Zip files -- 7z Zip Brute Force Github
String -a 'filename.png' --> scans the whole file instead of the data section.
binwalk -e 'filename.png' --> Automatically extracts all files. For this specific file this did not do us any good.
steghide info filename.png --> check the embedded data inside an image; you need a passkey to get the embedded data information
steghide extract -sf filename.png --> extract the embedded data;you need a passkey to get the embedded data extracted into a file
xxd filename --> Hex viewer
xxd -p -c 10000 FILENAME --> Dump all the data in a single lin
xxd -p -r hex.txt > meow --> reversing a file into binary; then file meow --> know the file details
python RsaCtfTool.py -n 2227212908056272288661402263220544270835000977233668976511 -e 3 --uncipher 56274920108122478990888092521371739605513959053
Decrypy the cipher text when n,e and c are given in RSA
cat file.csv | sed -e 's/,,/, ,/g' | column -s, -t | less -#5 -N -S
Read CSV files in linux Properly
echo "whateverthehellTheTextIsAddSpacesToYourText" | sed 's/\(.\{5\}\)/\1 /g'
Add a Space after every 5 Characters
#stegnography deccrypter
gem install zsteg
Imaging and Recovery:
scp user@10.10.10.48:/home/recovery.dd /location/filename.dd similar to ssh; used to copy the file into our location xxd filename open with hex editor to view the contents.sudo dcfldd if=/dev/sdb of=/home/recovery.dd if=input location; of=output location
Imaging for Forensics
dd if=\\.\d: of=c:\test.dd bs=1G --size --process
pngcheck -v filename.png --> PNGs can contain a variety of data ‘chunks’ that are optional (non-critical) as far as rendering is concerned.
exiftool filename.png --> meta data viewer; check if there are any hash values in it.
file filename.gif --> shows the actual file extension
strings ./filename -- > find the interesting strings any file
ltrace ./filename --> Intercept the functions that are being called.
Unzipping a lopp of files
ZIPFILE=$1
RESULT=0
while [ $RESULT -eq 0 ]
do
PASSWORD=$( unzip -l $ZIPFILE | grep -E "^\s+[0-9]+" | grep -Eo "[0-9]+\.zip" | grep -Eo "[0-9]+" )
unzip -P "$PASSWORD" "$ZIPFILE"
RESULT=$?
echo "Unzipped $ZIPFILE using password $PASSWORD ($RESULT)"
ZIPFILE="$PASSWORD.zip"
done
find / -size 33c -user bandit7 -group bandit6 2>/dev/null
Image Signature: JPG: Both images above show that a regular JPG begins with 0xFFD8 and ends with 0xFFD9 PNG: This shows that PNG images should begin with hex value 0x89504E47 and end with 0xAE426082 BMP: Bitmap images have an inconsistency in their end values from my study, but their beginning hex values are 0x424D36 GIF: Similar to bitmaps, end values for gif images vary, but they usually begin with 0x47494638
Data Recovery when you accidentally Delete a Partition https://dmde.com/
Forensics And Crypto >>>>> Download Now
ReplyDelete>>>>> Download Full
Forensics And Crypto >>>>> Download LINK
>>>>> Download Now
Forensics And Crypto >>>>> Download Full
>>>>> Download LINK