• Short guides to forum navigation, searching, posting, translation, alerts and notifications viewable by clicking here.
  • Türk dostlarımıza hoş geldiniz Giriş burada.
  • Scammers are running ads on Facebook and Instagram claiming a giveaway. DO NOT OPEN THESE LINKS AND LOG IN. See this thread: here
  • The Kinesis Community Forum will be down starting on Friday, Eastern Standard Time, and is expected to be back online on Monday. Big changes in the backend are coming!

[Forensics] KAU flow-graph (corrected)

KAU-directed-graph-corrected.pngThis is a corrected version of what I posted 4 months ago in this forum here.

In the next post, I'll show what I ran to produce this result.

bash cource code is at github

here
and
here

All based on previous work I have documented on this forum over the last few weeks in particular.

I use the same bash script to work on KAG and KAU.
The subtlety is in the parameters you pass to the script files.
See photograph in next post (...).

The 2 output files as well. At github.
Please read the pic, bottom right to see exactly which output files I use to draw to draw the digraph enclosed.
 
Click to expand...
Screenshot from 2023-07-07 21-48-12.png

I have now modified one of my workhorse bash scripts (tinkered on here in this forum) to read 3 files as input.

This allows me to use the same script for both KAG and KAU.
The subtlety is in the 3 files passed down.

I pipe out to some output file with a time stamp.

For me it is a little bizarre making photographs of linux command line sessions but I do this out of courtesy for other users of my VPN who will unfortunately get the following message:

Screenshot from 2023-07-07 17-21-00.png

The aggressive defensive protective measures behind this esteemed forum have blocked all the VPN IPs I have used so far.

This means all users using this VPN provider (a standard one in Switzerland) cannot even have read access to this forum.

Apparently posting source code in the raw presents a risk of buffer overflow.

I have no experience of sysadmin nor network admin. So I must of course comply.
 
Gnome:

We don't hate you. We don't mind that you're doing this.

But this is a forum that's essentially a series of web-requests to the server backend. And one of the things our software does is look for people trying to compromise the forum by finding buffer overflows - when they succeed they can convince the underlying operating system to run commands from the URL they submitted instead. That's possibly the most common web site attack.

So if the software sees URLs with bash or sh commands, it assumed you're trying to run a buffer overflow attack, because that's what those look like. You just happen to want to post a bunch of bash commands in forum posts like you are, but you're an edge case. That's not typical.

We see way more hack attempts than posts from you, and it's important to protect the site from those, so the software cuts you off.

Please don't be upset by it. It's actually a pretty normal defensive stance.
 
Looking to move away from amateurish manual methods to a more automated process.
Will github it all when i've cleaned it up more.
KAU_dotfile-2023-07-10-T20:47:06-UTC.png
Output option #2:
KAU_dotfile-2023-07-10-T20:47:06-UTC_circo.png
 
You must log in or register to reply here.

Translate

Back
Top