Jump to content

Search the Community

Showing results for tags 'capture'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 3 results

  1. Have you ever been on a pentest, or troubleshooting a customer issue, and the "next step" was to capture packets on a Windows host? Then you find that installing winpcap or wireshark was simply out of scope or otherwise not allowed on that SQL, Exchange, Oracle or other host? It used to be that this is when we'd recommend installing Microsoft's Netmon packet capture utility, but even then lots of IT managers would hesitate about using the "install" word in association with a critical server. Well, as they say in networking (and security as well), there's always another way, and this is that way. "netsh trace" is your friend. And yes, it does exactly what it sounds like it does. Type "netsh trace help" on any Windows 7 Windows Server 2008 or newer box, and you'll see the following: C:\>netsh trace help The following commands are available: Commands in this context: ? - Displays a list of commands. convert - Converts a trace file to an HTML report. correlate - Normalizes or filters a trace file to a new output file. diagnose - Start a diagnose session. dump - Displays a configuration script. help - Displays a list of commands. show - List interfaces, providers and tracing state. start - Starts tracing. stop - Stops tracing. Of course, in most cases, tracing everything on any production box is not advisable - especially if it's your main Exchange, SQL or Oracle server. We'll need to filter the capture, usually to a specific host IP, protocol or similar. You can see more on this here: netsh trace show capturefilterhelp One of the examples in this output shows you how t o e.g. 'netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=157.59.136.1' You could also add Protocol=TCP or UDP and so on.. Full syntax and notes for netsh trace can be found here: https://technet.microsoft.com/en-us/library/dd878517 For instance, the following session shows me capturing an issue with a firewall that I'm working on. Note that you need admin rights to run this, the same as any capture tool. In a pentest you would likely specify an output file that isn't in the users' directory. C:\>netsh trace start capture=yes IPv4.Address=192.168.122.2 Trace configuration: ------------------------------------------------------------------- Status: Running Trace File: C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace .etl Append: Off Circular: On Max Size: 250 MB Report: Off When you are done capturing data, it's time to stop it: C:\> netsh trace stop Correlating traces ... done Generating data collection ... done The trace file and additional troubleshooting information have been compiled as "C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace.cab". File location = C:\Users\Administrator\AppData\Local\Temp\NetTraces\NetTrace.etl Tracing session was successfully stopped. c:\ The cool thing about this is that it doesn't need a terminal session (with a GUI, cursor keys and so on). If all you have is a metasploit shell, netsh trace works great! If this is a capture for standard sysadmin work, you can simply copy the capture over to your workstation and proceed on with analysis. If this is a pentest, a standard copy might still work (remember, we're on a Microsoft server), but if you need netcat type function to exfiltrate your capture, take a look at PowerCat (which is a netcat port in PowerShell). Next, open the file (which is in Microsoft's ETL format) in Microsoft's Message Analyzer app - which you can install on your workstation rather than the server we ran the capture on ( Download Microsoft Message Analyzer from Official Microsoft Download Center ). Message Analyzer has a surprisingly nice interface and some decent packet parsing, you might be able to wrap up your analysis just in this tool (see below). If you do need another packet analysis tool, it's easy to a File / Save As / Export, and save as a PCAP file that Wireshark, tcpdump, SNORT, ngrep, standard python or perl calls, or any other standard tool can read natively. Or you can convert to PCAP using PowerShell (of course you can). A short, simple script to do this might look like: $s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop $s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl” $s | Start-PefTraceSession This Powershell cmdlet is not available in Windows 7 - you'll need Windows 8, or Server 2008 or newer (This script was found at So you want to use Wireshark to read the netsh trace output .etl? - The troubleshooters and problem solvers... - Site Home - TechNet Blogs ) If 'netsh trace' has solved an interesting problem for you, or was the tool that got you some interesting data in a pentest, please, use our comment form to let us know how you used it (within your NDA of course!) ====================== - some extra information to prevent confusion: on Windows 7, the NETSH TRACE command is only available on the 64-bit version of NETSH so in case it tells you the TRACE command is not available then just make sure to run the 64-bit version... c:\>netsh trace The following command was not found: trace. c:\>run -l netsh 1) CHOSEN: netsh.exe [C:\Windows\SysWOW64] 2) netsh.exe [C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9] 3) windows - What appid should I use with netsh.exe- - Stack Overflow.url [F:\AWS\Sec] c:\>run -1 netsh trace Running: C:\Windows\SysWOW64\netsh.exe: The following command was not found: trace. c:\>run -2 netsh trace Running: C:\Windows\winsxs\amd64_microsoft-windows-netsh_31bf3856ad364e35_6.1.7600.16385_none_bb95e7e51189d8f9\netsh.exe: ? - convert - Converts a trace file to an HTML report. correlate - Normalizes or filters a trace file to a new output file. diagnose - Start a diagnose session. dump - help - show - List interfaces, providers and tracing state. start - Starts tracing. stop - Stops tracing. Source: HERE
  2. Product Description Ashampoo Snap 7 is the smartest way to capture screenshots, add notes and annotations and share them with your friends. With Ashampoo Snap 7 … … you capture images and videos right from your screen in seconds Capture rectangular regions Use free form capture for maximum flexibility Use timers for interval capturing … you have the tools to express yourself visually Get your message across with texts, hints and notes Command attention with arrows, shapes and stamps Use the pencil tool to draw freely … sharing becomes a breeze Save your screenshots to common image formats Create PDFs without extra tools Upload to Facebook, Twitter and Ashampoo Webspace with ease Ashampoo Snap 7 is ideal for beginners and professionals alike. Experience visually intuitive controls Enjoy smooth 1-click operations Quickly access tools through the capture bar New in Ashampoo Snap 7 Smoother workflow Ashampoo Snap 7 uses optimized drawing routines to provide a smoother, rounder look and feel that you will simply love. Less complexity With Ashampoo Snap 7, it takes less clicks to achieve your goals. Save time and boost your productivity. Smarter work environment Ashampoo Snap 7 employs smart background versioning so your original image is never lost and all modifications remain editable. Want to start over? Revert to the original at the click of a button. More creative freedom Ashampoo Snap 7 has all the tools you know and love and improves them. Apply gradients to almost any object, use the new outline style for visual accents, work with curved lines and arrows or 1-click clone objects for simple reuse. Not sure which application window you will later need? Simply use the new “Capture all visible desktop windows as objects” and capture all of them at once. The windows will then be captured into a single project but remain movable and resizable right from within Snap. Sharing has never been easier You no longer require an installed application to email your work, thanks to the integrated support for browser-based email clients. The integration with common file hosting services has also been greatly improved with integrated support for Dropbox, Google Drive and Microsoft Sky Drive. Need an even easier way to share your work? Upload it to Ashampoo Webspace, now with HTML 5 video support, and share a unique Internet link with your friends. Furthermore, Ashampoo Snap 7 features JXR and PSD export with layers for easy processing, e.g. with Adobe Photoshop, for power users. Grab 50% Discount Coupon on Ashampoo Snap 8 Here -> Download <-Deal Expire in: EXPIRED!
  3. Fi8sVrs

    CutyCapt

    CutyCapt CutyCapt is a small cross-platform command-line utility to capture WebKit's rendering of a web page into a variety of vector and bitmap formats, including SVG, PDF, PS, PNG, JPEG, TIFF, GIF, and BMP. See IECapt for a similar tool based on Internet Explorer. Samples Here are some samples of CutyCapt generated renderings: PNG Snapshot of http://digg.com PNG Snapshot of css Zen Garden: The Beauty in CSS Design SVG Snapshot of MSDN Silverlight Dev Center PDF Snapshot of MSDN Silverlight Dev Center Status CutyCapt has a number of known quirks, most of which are caused by problems with Qt and/or WebKit. For example, while plugin support can be enabled, and the plugins execute properly, their rendering cannot be captured on some platforms. Use of with caution. Requirements CutyCapt depends on Qt 4.4.0+. Download Help wanted! Previously I have used MinGW to make a static Qt build and correspondingly single-file CutyCapt executables for Windows. However, MinGW no longer supports single-file executables for threaded applications, they require to re-distribute a DLL instead, and Qt no longer supports static builds of QtWebkit. Similarily, if I just used Visual Studio 2010, as I do for normal development, proper builds would have to redistribute Microsoft runtime DLLs. Anyone who wants to prepare CutyCapt.exe + *.DLL builds is most welcome to join the project to do so, or alternatively provide them externally which I would then link from here. Let me know if you are interested. Thanks. CutyCapt-Win32-2010-04-26.zip (7MB, .exe for Win32 systems) CutyCapt-Win32-2008-06-11.zip (6MB, .exe for Win32 systems) Source code The source code is available in the SVN repositorty(download tarball). Usage Open a command prompt and ask for help: % CutyCapt --help ----------------------------------------------------------------------------- Usage: CutyCapt --url=http://www.example.org/ --out=localfile.png ----------------------------------------------------------------------------- --help Print this help page and exit --url=<url> The URL to capture (http:...|file:...|...) --out=<path> The target file (.png|pdf|ps|svg|jpeg|...) --out-format=<f> Like extension in --out, overrides heuristic --min-width=<int> Minimal width for the image (default: 800) --min-height=<int> Minimal height for the image (default: 600) --max-wait=<ms> Don't wait more than (default: 90000, inf: 0) --delay=<ms> After successful load, wait (default: 0) --user-styles=<url> Location of user style sheet, if any --header=<name>:<value> request header; repeatable; some can't be set --method=<get|post|put> Specifies the request method (default: get) --body-string=<string> Unencoded request body (default: none) --body-base64=<base64> Base64-encoded request body (default: none) --app-name=<name> appName used in User-Agent; default is none --app-version=<version> appVers used in User-Agent; default is none --user-agent=<string> Override the User-Agent header Qt would set --javascript=<on|off> JavaScript execution (default: on) --java=<on|off> Java execution (default: unknown) --plugins=<on|off> Plugin execution (default: unknown) --private-browsing=<on|off> Private browsing (default: unknown) --auto-load-images=<on|off> Automatic image loading (default: on) --js-can-open-windows=<on|off> Script can open windows? (default: unknown) --js-can-access-clipboard=<on|off> Script clipboard privs (default: unknown) --print-backgrounds=<on|off> Backgrounds in PDF/PS output (default: off) ----------------------------------------------------------------------------- <f> is svg,ps,pdf,itext,html,rtree,png,jpeg,mng,tiff,gif,bmp,ppm,xbm,xpm ----------------------------------------------------------------------------- Build Instructions If your system is set up to compile Qt applications, building CutyCapt should be a simple matter of checking out the source code and running qmake and your version of make. As an example, if you are running Ubuntu Hardy Heron and have configured the system to use packages from hardy-backports, the following should do: % sudo apt-get install subversion libqt4-webkit libqt4-dev g++ % svn co https://cutycapt.svn.sourceforge.net/svnroot/cutycapt % cd cutycapt/CutyCapt % qmake % make % ./CutyCapt --url=http://www.example.org --out=example.png Using CutyCapt without X server You cannot use CutyCapt without an X server, but you can use e.g. Xvfb as light-weight server if you are not running an interactive graphical desktop environment. For example, you could use: % xvfb-run --server-args="-screen 0, 1024x768x24" ./CutyCapt --url=... --out=... Author Björn Höhrmann bjoern@hoehrmann.de CutyCapt - A Qt WebKit Web Page Rendering Capture Utility
×
×
  • Create New...