--- tags: NASA --- # NASA 2017 Midterm Practice  ## 1. --- ## 2. ### 1. Filter: `dns && ip.addr == 140.112.28.0/19` ### 2. Filter: `dhcp` `e0:ac:cb:69:44:90` `78:f8:82:b1:74:70` `48:4b:aa:00:1c:56` `d4:f4:6f:98:09:54` ### 3. Filter: `http contains "Mac"` `54.243.198.221` `206.108.53.86` `163.28.5.35` `163.28.5.40` --- ## 3. --- ## 4. Use Conversations->TCP->Follow Stream * Find Meow’s private key in thepcapfile ``` -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,55CE2F9FC2E46A7465CDF0B134A2E008 U+nsjO/8swdsg/JjlEYYQapAa/eqgMmgmrwuvgrb9vDFEMzVkNZ7xlaVYyw67E3z EJOo0nsQUsqP2y4c4hJYPtBR2RYpejVCV8uwsmY1vyV099fXN+IKsyllwNF39Ls3 eDWoE50DRkNvXuzXWVcstaQG924U3oYCkiqUXRpMSfYd8784TOSylX+J1976/ip9 ~~~省略~~~ SOsSazr0MXLqb4tyHvUWij9QPfs1WhYOUBf/qBjOh3Lu/Jg/Syvt0KvfwaeuVt6s eYuPRsEZ2FC9GoWy2nlZLhi0bYcHymsX1oZRIjky3LRNLhIGYk/aBnjwgjTa8sQy zh+Ox80BmpgB/DwophmZeAjYVXC0wQgrP+At82Oxf13mlLD6ujDYz2K7OjNs5c4y -----END RSA PRIVATE KEY----- ``` * Find the private key’s passphrase in thepcapfile `my_password_dont_meow_this` * Find ssh server’s listening port in thepcapfile * Find the hostname/IP of the remote server in thepcapfile ```[oasis2.csie.ntu.edu.tw]:9753,[140.112.30.52]:9753``` --- ## 5. ```shell=bash #!/bin/bash ans='195a30a1d1561cbc0ae7c488b93d037f6b713354' og='Base{32,64}_Is_Stupid_But_Sometimes_Useful' D2B=({0..1}{0..1}{0..1}{0..1}{0..1}) enc=('base32' 'base64') for((i=0; i<32; i++)); do try="$og" bini="${D2B[$i]}" for ((j=0; j<5; j++)); do bit="${bini:${j}:1}" try=`echo "$try" | ${enc[${bit}]}` done try=`echo "$try" | sha1sum` try="${try:0:40}" if [[ "$try" == "$ans" ]]; then echo "${enc[${bini:0:1}]} -> ${enc[${bini:1:1}]} -> ${enc[${bini:2:1}]} -> ${enc[${bini:3:1}]} -> ${enc[${bini:4:1}]}" break fi done ``` --- ## 6. ```shell=bash #!/bin/bash filename="country.csv" echo "here" IFS=''; while read -r line; do code=`echo $line | cut -d ',' -f 1 | tr '[:upper:]' '[:lower:]'` full=`echo $line | cut -d ',' -f 2` if [[ $code == "id" ]]; then continue fi dns_record=`dig +short ftp.${code}.debian.org` echo "$full ftp.${code}.debian.org" if [[ -n "$dns_record" ]]; then index=0 record_lines=() IFS=''; while read -r dline && test -n "$dline"; do record_lines["$index"]="$dline" index=$(($index+1)) done <<< "$dns_record" index=0 unfinished='false' while [[ $index -lt ${#record_lines[@]} ]]; do rline="${record_lines[$index]}" # echo "$rline" if [[ "${rline:0:1}" =~ [0-9] ]]; then IP="$rline" provider=`curl ipinfo.io/$IP 2> /dev/null | grep '"org":' | cut -d ':' -f 2 | sed 's/\"//g' | sed 's/,$//g'` echo "$IP, provided by$provider" unfinished='false' else echo -n "$rline => " unfinished='true' fi index=$(($index+1)) done if [[ "$unfinished" == 'true' ]]; then echo "unresolvable" fi # break else echo "unresolvable" fi echo "" done < "$filename" unset IFS ``` --- ## 7. ```shell=bash #!/bin/sh n=6 min=8 max=10 re='^[0-9]+$' while [[ $# -gt 0 ]] do key="$1" case $key in -n) n="$2" if ! [[ $2 =~ $re ]]; then echo "ERROR" >&2 exit 1 fi shift shift ;; -m) min="$2" if ! [[ $2 =~ $re ]]; then echo "ERROR" >&2 exit 1 fi shift # past argument shift # past value ;; -x) max="$2" if ! [[ $2 =~ $re ]]; then echo "ERROR" >&2 exit 1 fi shift # past argument shift # past value ;; *) echo "ERROR" >&2; exit 1 ;; esac done for ((i = 0 ; i < $n ; i++ )) do len=`shuf -i $min-$max -n 1` rand=`cat /dev/random | tr -dc 'a-zA-Z0-9' | fold -w $len | head -n 1` echo "$rand" done ``` ## 8. ```shell=bash #!/bin/sh cat fail2ban.log | grep fail2ban.actions | grep NOTICE | grep Ban > banned.tmp gawk -i inplace '{print $(NF)}' banned.tmp wc -l banned.tmp cat banned.tmp | uniq > ip.tmp wc -l ip.tmp touch country.tmp cnt=0 while read ip; do echo "$cnt" ((cnt=cnt+1)) whois $ip | awk ' /[Cc]ountry/{print $2;exit}' >> country.tmp done < ip.tmp cat country.tmp|sort|uniq -c|sort ``` ## 10. ``` vi /etc/sysconfig/network-scripts/ifcfg-<interfaces> onboot=yes ```