接上一篇的圖講解
From this you can start to make some attempts to read a certain type of file. There are a
number of file conversion utilities available to you under Linux, and even more available on
the Internet, as well as a number of file viewers for various formats. Sometimes it may require
more than one step to get to a place where you can really work with the data – try to think
laterally!
Occasionally, you will come across files which have been encrypted or password protected.
The complication that this presents varies, from encryption that is easily broken to stuff that
would even give the NSA ( or GCHQ or whatever your local government agency happens to
be ) a headache. There are again a number of tools available on the Internet that you can
use to try to break the encryption on a file. It pays to examine the area surrounding the
computer that you are dealing with. People aren't very good at remembering passwords, it
may well be written down somewhere nearby. Common choices for passwords also involve :
pets, relatives, dates ( marriage, date of birth ), telephone numbers, car registrations, and
other simple combinations ( 123456, abcdef, qwerty etc. ). People are also reluctant to use
more than one or two passwords for everything, so if you can reverse engineer a password on
one file or application, try it on the others. It is highly likely to be the same.
現在你可以嘗試的查看某種類型的文件。在Linux系統下有很多文件轉換器,因特網上除了有文件轉換器外,還有很多針對不同格式文件的文件瀏覽器。有時候只需要更近一步就可以真正的使用一些信息---試着擴散思維。
有時候你會遇到被加密了的文件,密文的複雜度各種各樣,有些密文很好解密,但有些及時給美國國家安全局(不管哪個國家的安全局)都不能解決。網上一樣的有對加密文件進行解密的工具。這些工具檢查待解密電腦周圍的環境。人們不是很擅長記密碼,有可能將密碼寫下來放到附近某個地方。密碼設置一般包含下面內容:寵物名,親戚名,一些特殊日期(結婚日期,出生日期),電話號碼,車牌號,以及其它簡單組合數(123456、abcdef、qwerty 等等)。人們一般不會設置很多的祕密,如果你解開了某個工程師的文件密碼或者應用程序密碼,用這個密碼試試解別的加密文件,很有可能這個密碼就能解碼。
Exercises:
For these Exercises, we will learn about password cracking. While it is legal to crack your own
passwords if you forget them, it is not legal in some countries to figure out how something else
is encrypted, in order to protect the other material from being cracked.
DVD movies are encrypted to prevent them from being stolen off the DVD and sold. While
this is an excellent use of encryption, it is illegal for anyone to research how that encryption is
used. This leads to your first exercise:
1. What is "DeCSS" and how does it relate to DVD encryption? Search on "decss" to learn
more.
2. Knowing that something is password protected means learning how to open that file. This is
known as "cracking" the password. Find information about cracking various types of
passwords. To do this search for "cracking XYZ passwords" where XYZ is the password type you
are looking for. Do this for the following password types:
a. MD5
b. Adobe PDF
c. Excel
3. If the encryption method is too strong to be broken, it may be necessary to perform a
“dictionary attack” ( sometimes known as “brute force”). Find out what a dictionary attack is.
練習:
通過這些練習,我們可以學習破解密碼。當你忘記你自己的密碼時破解自己的密碼是合法的,在某些國家,爲了保護資源被盜取,破解別人的密碼是非法的。
DVD電影爲了加密是爲了防止他人盜取販賣。但是加密也有一個很重要的用途,弄清加密原理對每個人來說都是非法的。下面是你的第一個練習:
1、“DeCSS”是什麼,它和DVD加密是怎麼聯繫的?在網上搜索“decss”。
2、知道某件物品是加密的就要嘗試怎麼去解密。這就叫做破解密碼。查找破解密碼的各種方法。在網上搜索“破解xyz密碼”,其中xyz是你要查找的密碼類型。查詢下列幾種密碼:
a. MD5
b. Adobe PDF
c. Excel
3、如果密碼太難破解,試着採用字典破解的方法,查詢關於字典破解的知識。
8.2.3 Finding a Needle in a Haystack
Commercial forensic software includes powerful search tools that allow you to search for
many combinations and permutations of factors. Without these expensive commercial tools
you need to be a little more resourceful. Linux provides you with plenty of scope to construct
similar tools using standard utilities. The following text details the use of find, grep and strings,
and then describes the use of the pipe to combine them.
8.2.3.1 find
find [path...][expression]
find is used to locate files meeting certain criteria within the operating system. It is not
designed for looking within the files. There must be a million permutations of expressions that
can be combined to search for a file.
Exercise:
1. Read the manual page for find. Complete the “Effect” for each “Expression” in the table
below. (Hint: Where a number is given as an argument, it can be specified as follows: +n – for
greater than n; -n – for less than n; n – for exactly n.)
8.2.3 大海撈針
商業診斷軟件包含強大的搜索工具,可以搜索許多因子的組合體和排列體。如果沒有這些昂貴的商業工具,你需要動一點腦筋。Linux系統可以用標準工具組建相似的搜索工具。下面文本信息告訴你怎樣使用find、grep、strings,用pipe組合這些工具。
8.2.3.1 find
find [path...][expression]
find是操作系統中查找某個特定格式文件的工具。find不是在所有文件中進行查找的工具。肯定有數以萬記的表達式可以用來查找某個文件。
練習:
1、閱讀find軟件的操作指南,完成下面的表格(提示:一個數據作爲條件給出,下面是其代表的意思:+n:大於n,-n:少於n,n-:等於n)
