Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
07-01-2023, 01:21 PM
#1
Member
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Devuan, Freebsd
Posts: 577
Rep:
How to analyse a docx document for possible payload
Hi all,
Received this word document which both the wife an I opened, she uses Win10 and I use Slackware.
On mine, the document cannot be opened as it spits out "general input/output error"
On her Win10, when opening the document it logged her out of the desktop and sh had to login again...
How do I effectively analyse it so as to rule out it came loaded with trojan, malware, virus, etc?
Thanks in advance.
07-01-2023, 02:25 PM
#2
Member
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
if it doesnt contain personal info you could send it to :
https://www.virustotal.com/gui/home/upload
edit: there is malware-sandboxes also, there you can upload malware samples and see what it does on simulated environment :
https://www.joesandbox.com/
Last edited by //////; 07-01-2023 at 02:33 PM .
1 members found this post helpful.
07-01-2023, 03:37 PM
#3
Member
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Devuan, Freebsd
Posts: 577
Original Poster
Rep:
Thanks for the sandbox link, did not know that existed.
Edit: Bummer, after uploading to that sandbox the 'analyse with joe' button stays grey and cannot start the process.
Last edited by yvesjv; 07-01-2023 at 03:54 PM .
07-02-2023, 08:16 AM
#4
Senior Member
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 3,616
Could be a non-malicious but corrupt file that caused Windows to crash. Have you tried retrieving the file again from wherever the source is, and comparing checksums (or at least dates and filesize).
Anyhow, docx is a Zip archive containing XML files, so one could open it up and examine those with a text editor to see if there's anything odd going on.
See
this Wikipedia article for basics of the format.
Of course, whilst unlikely, it is possible for malware to exploit
vulnerabilities in unzip - so make sure you're sufficiently patched, and in a suitably isolated environment.
2 members found this post helpful.
07-02-2023, 01:44 PM
#5
Member
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Devuan, Freebsd
Posts: 577
Original Poster
Rep:
Yes, that worked.
Opened it with Ark and viewed the files within.
The 'document.xml' is the problematic file that refuses to open.
Using the cat tool worked to view the contents.
I'm wagering on a corrupted word document.
07-02-2023, 02:09 PM
#6
LQ Veteran
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.9.2009
Posts: 5,736
Scan the file with anti-virus on either machine?
07-03-2023, 09:28 AM
#7
Member
Registered: Nov 2005
Location: Land of Linux :: Finland
Distribution: Arch Linux && OpenBSD 7.4 && Pop!_OS && Kali && Qubes-Os
Posts: 824
there is command hexdump that can be used to view file content : in my case i hexdumped conkyrc ->
Code:
[root@arch Music]# hexdump -C /home/vile/conf/conkyrc
00000000 63 6f 6e 6b 79 2e 63 6f 6e 66 69 67 20 3d 20 7b |conky.config = {|
00000010 0a 20 20 20 20 6f 77 6e 5f 77 69 6e 64 6f 77 20 |. own_window |
00000020 3d 20 74 72 75 65 2c 0a 20 20 20 20 6f 77 6e 5f |= true,. own_|
00000030 77 69 6e 64 6f 77 5f 74 79 70 65 20 3d 20 27 6e |window_type = 'n|
00000040 6f 72 6d 61 6c 27 2c 0a 20 20 20 20 6f 77 6e 5f |ormal',. own_|
00000050 77 69 6e 64 6f 77 5f 74 72 61 6e 73 70 61 72 65 |window_transpare|
00000060 6e 74 20 3d 20 74 72 75 65 2c 0a 20 20 20 20 6f |nt = true,. o|
00000070 77 6e 5f 77 69 6e 64 6f 77 5f 61 72 67 62 5f 76 |wn_window_argb_v|
00000080 69 73 75 61 6c 20 3d 20 74 72 75 65 2c 0a 20 20 |isual = true,. |
00000090 20 20 6f 77 6e 5f 77 69 6e 64 6f 77 5f 68 69 6e | own_window_hin|
000000a0 74 73 20 3d 20 27 75 6e 64 65 63 6f 72 61 74 65 |ts = 'undecorate|
000000b0 64 2c 73 6b 69 70 5f 74 61 73 6b 62 61 72 2c 73 |d,skip_taskbar,s|
000000c0 6b 69 70 5f 70 61 67 65 72 2c 62 65 6c 6f 77 27 |kip_pager,below'|
000000d0 2c 0a 20 20 20 20 64 6f 75 62 6c 65 5f 62 75 66 |,. double_buf|
000000e0 66 65 72 20 3d 20 74 72 75 65 2c 20 0a 20 20 20 |fer = true, . |
000000f0 20 75 73 65 5f 73 70 61 63 65 72 20 3d 20 27 72 | use_spacer = 'r|
00000100 69 67 68 74 27 2c 0a 20 20 20 20 0a 09 75 73 65 |ight',. ..use|
00000110 5f 78 66 74 20 3d 20 74 72 75 65 2c 0a 20 20 20 |_xft = true,. |
00000120 20 6f 76 65 72 72 69 64 65 5f 75 74 66 33 32 5f | override_utf32_|
00000130 6c 6f 63 61 6c 65 20 3d 20 74 72 75 65 2c 0a 20 |locale = true,. |
00000140 20 20 20 0a 20 20 20 20 61 6c 69 67 6e 6d 65 6e | . alignmen|
00000150 74 20 3d 20 27 74 6f 70 5f 72 69 67 68 74 27 2c |t = 'top_right',|
00000160 20 0a 20 20 20 20 67 61 70 5f 78 20 3d 20 35 2c | . gap_x = 5,|
00000170 20 0a 20 20 20 20 67 61 70 5f 79 20 3d 20 35 2c | . gap_y = 5,|
00000180 20 0a 20 20 20 20 75 70 64 61 74 65 5f 69 6e 74 | . update_int|
00000190 65 72 76 61 6c 20 3d 20 32 2c 20 0a 20 20 20 20 |erval = 2, . |
000001a0 6d 69 6e 69 6d 75 6d 5f 77 69 64 74 68 20 3d 20 |minimum_width = |
000001b0 33 30 30 2c 20 0a 20 20 20 20 6d 61 78 69 6d 75 |300, . maximu|
000001c0 6d 5f 77 69 64 74 68 20 3d 20 33 38 35 2c 20 0a |m_width = 385, .|
000001d0 20 20 20 20 73 74 69 70 70 6c 65 64 5f 62 6f 72 | stippled_bor|
000001e0 64 65 72 73 20 3d 20 33 2c 20 0a 20 20 20 20 62 |ders = 3, . b|
000001f0 6f 72 64 65 72 5f 77 69 64 74 68 20 3d 20 31 2c |order_width = 1,|
00000200 20 0a 20 20 20 20 64 65 66 61 75 6c 74 5f 63 6f | . default_co|
00000210 6c 6f 72 20 3d 20 27 31 37 39 30 64 30 27 2c 20 |lor = '1790d0', |
00000220 0a 20 20 20 20 64 72 61 77 5f 6f 75 74 6c 69 6e |. draw_outlin|
00000230 65 20 3d 20 6e 6f 2c 20 0a 20 20 20 20 64 72 61 |e = no, . dra|
00000240 77 5f 62 6f 72 64 65 72 73 20 3d 20 79 65 73 2c |w_borders = yes,|
00000250 20 0a 20 20 20 20 66 6f 6e 74 20 3d 20 27 54 65 | . font = 'Te|
00000260 72 6d 69 6e 75 73 3a 73 69 7a 65 3d 31 30 27 2c |rminus:size=10',|
00000270 20 0a 20 20 20 20 75 70 70 65 72 63 61 73 65 20 | . uppercase |
00000280 3d 20 6e 6f 2c 20 0a 20 20 20 20 64 72 61 77 5f |= no, . draw_|
00000290 73 68 61 64 65 73 20 3d 20 79 65 73 2c 0a 20 20 |shades = yes,. |
000002a0 20 20 0a 20 20 20 20 78 69 6e 65 72 61 6d 61 5f | . xinerama_|
000002b0 68 65 61 64 20 3d 20 31 0a 20 20 20 20 0a 7d 20 |head = 1. .} |
000002c0 0a 0a 63 6f 6e 6b 79 2e 74 65 78 74 20 3d 20 5b |..conky.text = [|
000002d0 5b 20 0a 24 7b 68 72 20 32 7d 0a 24 7b 65 78 65 |[ .${hr 2}.${exe|
000002e0 63 70 69 20 33 36 30 20 63 68 65 63 6b 75 70 64 |cpi 360 checkupd|
000002f0 61 74 65 73 20 7c 20 61 77 6b 20 27 45 4e 44 20 |ates | awk 'END |
00000300 7b 20 70 72 69 6e 74 20 28 4e 52 20 3d 3d 20 30 |{ print (NR == 0|
00000310 20 3f 20 22 53 79 73 74 65 6d 20 75 70 20 74 6f | ? "System up to|
00000320 20 64 61 74 65 22 20 3a 20 4e 52 20 22 20 70 61 | date" : NR " pa|
00000330 63 6b 61 67 65 22 20 28 4e 52 20 3e 20 31 20 3f |ckage" (NR > 1 ?|
00000340 20 22 73 22 20 3a 20 22 22 29 29 3b 20 7d 27 7d | "s" : "")); }'}|
00000350 0a 41 6c 6c 20 50 61 63 6b 61 67 65 73 20 49 6e |.All Packages In|
00000360 73 74 61 6c 6c 65 64 20 3a 20 24 7b 65 78 65 63 |stalled : ${exec|
00000370 70 69 20 33 36 30 20 70 61 63 6d 61 6e 20 2d 51 |pi 360 pacman -Q|
00000380 20 7c 20 77 63 20 2d 6c 7d 0a 24 7b 68 72 20 32 | | wc -l}.${hr 2|
00000390 7d 0a 24 7b 63 6f 6c 6f 72 20 46 46 39 39 33 33 |}.${color FF9933|
000003a0 7d 24 7b 65 78 65 63 69 20 31 30 20 77 68 6f 7d |}${execi 10 who}|
000003b0 0a 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d |.${color 1790d0}|
000003c0 24 7b 68 72 20 32 7d 0a 24 7b 66 6f 6e 74 20 54 |${hr 2}.${font T|
000003d0 65 72 6d 69 6e 75 73 3a 73 69 7a 65 3d 38 30 3a |erminus:size=80:|
000003e0 73 74 79 6c 65 3d 62 6f 6c 64 7d 24 7b 63 6f 6c |style=bold}${col|
000003f0 6f 72 20 31 37 39 30 64 30 7d 20 24 7b 74 69 6d |or 1790d0} ${tim|
00000400 65 20 25 48 3a 25 4d 7d 24 7b 66 6f 6e 74 7d 0a |e %H:%M}${font}.|
00000410 24 7b 66 6f 6e 74 7d 0a 24 7b 63 6f 6c 6f 72 20 |${font}.${color |
00000420 77 68 69 74 65 7d 53 59 53 54 45 4d 20 49 4e 46 |white}SYSTEM INF|
00000430 4f 52 4d 41 54 49 4f 4e 20 24 7b 68 72 20 32 7d |ORMATION ${hr 2}|
00000440 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 44 | .${color grey}D|
00000450 61 74 65 20 24 7b 63 6f 6c 6f 72 20 31 37 39 30 |ate ${color 1790|
00000460 64 30 7d 24 7b 74 69 6d 65 20 25 41 7d 2c 24 7b |d0}${time %A},${|
00000470 74 69 6d 65 20 25 65 7d 20 24 7b 74 69 6d 65 20 |time %e} ${time |
00000480 25 42 7d 20 24 7b 74 69 6d 65 20 25 47 7d 24 7b |%B} ${time %G}${|
00000490 61 6c 69 67 6e 72 7d 0a 24 7b 63 6f 6c 6f 72 20 |alignr}.${color |
000004a0 67 72 65 79 7d 4d 61 63 68 69 6e 65 24 7b 63 6f |grey}Machine${co|
000004b0 6c 6f 72 20 31 37 39 30 64 30 7d 20 24 6e 6f 64 |lor 1790d0} $nod|
000004c0 65 6e 61 6d 65 20 24 61 6c 69 67 6e 72 20 24 7b |ename $alignr ${|
000004d0 63 6f 6c 6f 72 20 67 72 65 79 7d 55 70 74 69 6d |color grey}Uptim|
000004e0 65 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d |e${color 1790d0}|
000004f0 20 24 75 70 74 69 6d 65 20 0a 24 7b 63 6f 6c 6f | $uptime .${colo|
00000500 72 20 67 72 65 79 7d 4b 65 72 6e 65 6c 20 24 7b |r grey}Kernel ${|
00000510 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 6b 65 |color 1790d0}$ke|
00000520 72 6e 65 6c 20 24 61 6c 69 67 6e 72 20 24 7b 63 |rnel $alignr ${c|
00000530 6f 6c 6f 72 20 67 72 65 79 7d 41 72 63 68 20 24 |olor grey}Arch $|
00000540 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 6d |{color 1790d0}$m|
00000550 61 63 68 69 6e 65 20 0a 24 7b 68 72 20 32 7d 20 |achine .${hr 2} |
00000560 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 47 50 |.${color grey}GP|
00000570 55 20 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 |U ${color 1790d0|
00000580 7d 41 53 55 53 20 4e 76 69 64 69 61 20 52 54 58 |}ASUS Nvidia RTX|
00000590 20 33 30 36 30 20 54 69 20 24 7b 63 6f 6c 6f 72 | 3060 Ti ${color|
000005a0 20 67 72 65 79 7d 24 7b 61 6c 69 67 6e 72 7d 24 | grey}${alignr}$|
000005b0 7b 65 78 65 63 69 20 36 20 6e 76 69 64 69 61 2d |{execi 6 nvidia-|
000005c0 73 6d 69 20 7c 20 67 72 65 70 20 2d 69 20 27 64 |smi | grep -i 'd|
000005d0 72 69 76 65 72 27 20 7c 20 61 77 6b 20 27 7b 70 |river' | awk '{p|
000005e0 72 69 6e 74 20 24 34 2c 20 24 36 7d 27 7d 0a 24 |rint $4, $6}'}.$|
000005f0 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 54 45 4d 50 |{color grey}TEMP|
00000600 3a 20 24 7b 63 6f 6c 6f 72 20 67 72 65 65 6e 7d |: ${color green}|
00000610 24 7b 6e 76 69 64 69 61 20 74 65 6d 70 7d c2 b0 |${nvidia temp}..|
00000620 43 20 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 20 |C ${color grey} |
00000630 20 47 50 55 20 43 6c 6f 63 6b 73 20 24 7b 63 6f | GPU Clocks ${co|
00000640 6c 6f 72 20 31 37 39 30 64 30 7d 24 7b 6e 76 69 |lor 1790d0}${nvi|
00000650 64 69 61 20 67 70 75 66 72 65 71 7d 24 7b 63 6f |dia gpufreq}${co|
00000660 6c 6f 72 20 67 72 65 79 7d 2f 24 7b 63 6f 6c 6f |lor grey}/${colo|
00000670 72 20 31 37 39 30 64 30 7d 24 7b 6e 76 69 64 69 |r 1790d0}${nvidi|
00000680 61 20 6d 65 6d 66 72 65 71 7d 24 7b 63 6f 6c 6f |a memfreq}${colo|
00000690 72 20 67 72 65 79 7d 20 4d 68 7a 0a 24 7b 68 72 |r grey} Mhz.${hr|
000006a0 20 32 7d 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 | 2}.${color grey|
000006b0 7d 43 50 55 20 24 7b 63 6f 6c 6f 72 20 31 37 39 |}CPU ${color 179|
000006c0 30 64 30 7d 24 7b 65 78 65 63 69 20 39 39 39 39 |0d0}${execi 9999|
000006d0 39 20 63 61 74 20 2f 70 72 6f 63 2f 63 70 75 69 |9 cat /proc/cpui|
000006e0 6e 66 6f 20 7c 20 67 72 65 70 20 22 6d 6f 64 65 |nfo | grep "mode|
000006f0 6c 20 6e 61 6d 65 22 20 2d 6d 31 20 7c 20 63 75 |l name" -m1 | cu|
00000700 74 20 2d 64 22 3a 22 20 2d 66 32 20 7c 20 63 75 |t -d":" -f2 | cu|
00000710 74 20 2d 64 22 20 22 20 2d 66 32 2d 20 7c 20 73 |t -d" " -f2- | s|
00000720 65 64 20 27 73 23 50 72 6f 63 65 73 73 6f 72 20 |ed 's#Processor |
00000730 23 23 27 7d 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 |##'} .${color gr|
00000740 65 79 7d 46 72 65 71 20 24 7b 63 6f 6c 6f 72 20 |ey}Freq ${color |
00000750 31 37 39 30 64 30 7d 24 7b 66 72 65 71 5f 67 20 |1790d0}${freq_g |
00000760 32 7d 47 48 7a 20 24 61 6c 69 67 6e 72 20 24 7b |2}GHz $alignr ${|
00000770 63 6f 6c 6f 72 20 67 72 65 79 7d 4c 6f 61 64 20 |color grey}Load |
00000780 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 |${color 1790d0}$|
00000790 7b 6c 6f 61 64 61 76 67 7d 20 0a 24 7b 63 6f 6c |{loadavg} .${col|
000007a0 6f 72 20 67 72 65 79 7d 50 72 6f 63 65 73 73 65 |or grey}Processe|
000007b0 73 20 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 |s ${color 1790d0|
000007c0 7d 24 72 75 6e 6e 69 6e 67 5f 70 72 6f 63 65 73 |}$running_proces|
000007d0 73 65 73 2f 20 24 70 72 6f 63 65 73 73 65 73 20 |ses/ $processes |
000007e0 24 61 6c 69 67 6e 72 20 43 50 55 20 54 65 6d 70 |$alignr CPU Temp|
000007f0 3a 20 24 7b 63 6f 6c 6f 72 20 67 72 65 65 6e 7d |: ${color green}|
00000800 24 7b 65 78 65 63 69 20 31 20 73 65 6e 73 6f 72 |${execi 1 sensor|
00000810 73 20 7c 20 67 72 65 70 20 43 50 55 3a 20 7c 20 |s | grep CPU: | |
00000820 63 75 74 20 2d 63 20 31 36 2d 31 37 7d c2 b0 43 |cut -c 16-17}..C|
00000830 0a 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 41 |..${color grey}A|
00000840 76 67 20 4c 6f 61 64 20 24 7b 63 70 75 62 61 72 |vg Load ${cpubar|
00000850 20 63 70 75 30 20 31 32 2c 32 36 30 7d 0a 0a 24 | cpu0 12,260}..$|
00000860 7b 63 6f 6c 6f 72 20 77 68 69 74 65 7d 54 4f 50 |{color white}TOP|
00000870 20 38 20 50 52 4f 43 45 53 53 45 53 20 24 7b 68 | 8 PROCESSES ${h|
00000880 72 20 32 7d 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 |r 2} .${color gr|
00000890 65 79 7d 4e 41 4d 45 24 61 6c 69 67 6e 72 20 20 |ey}NAME$alignr |
000008a0 20 20 20 20 20 20 20 20 20 20 20 20 20 50 49 44 | PID|
000008b0 20 20 20 20 20 20 43 50 55 20 20 20 20 20 20 4d | CPU M|
000008c0 45 4d 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 |EM .${color grey|
000008d0 7d 31 2e 20 24 7b 74 6f 70 20 6e 61 6d 65 20 31 |}1. ${top name 1|
000008e0 7d 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d |}${color 1790d0}|
000008f0 24 61 6c 69 67 6e 72 24 7b 74 6f 70 20 70 69 64 |$alignr${top pid|
00000900 20 31 7d 20 20 20 24 7b 74 6f 70 20 63 70 75 20 | 1} ${top cpu |
00000910 31 7d 20 20 20 24 7b 74 6f 70 20 6d 65 6d 20 31 |1} ${top mem 1|
00000920 7d 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d |} .${color grey}|
00000930 32 2e 20 24 7b 74 6f 70 20 6e 61 6d 65 20 32 7d |2. ${top name 2}|
00000940 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 |${color 1790d0}$|
00000950 61 6c 69 67 6e 72 24 7b 74 6f 70 20 70 69 64 20 |alignr${top pid |
00000960 32 7d 20 20 20 24 7b 74 6f 70 20 63 70 75 20 32 |2} ${top cpu 2|
00000970 7d 20 20 20 24 7b 74 6f 70 20 6d 65 6d 20 32 7d |} ${top mem 2}|
00000980 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 33 | .${color grey}3|
00000990 2e 20 24 7b 74 6f 70 20 6e 61 6d 65 20 33 7d 24 |. ${top name 3}$|
000009a0 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 |{color 1790d0}$a|
000009b0 6c 69 67 6e 72 24 7b 74 6f 70 20 70 69 64 20 33 |lignr${top pid 3|
000009c0 7d 20 20 20 24 7b 74 6f 70 20 63 70 75 20 33 7d |} ${top cpu 3}|
000009d0 20 20 20 24 7b 74 6f 70 20 6d 65 6d 20 33 7d 20 | ${top mem 3} |
000009e0 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 34 2e |.${color grey}4.|
000009f0 20 24 7b 74 6f 70 20 6e 61 6d 65 20 34 7d 24 7b | ${top name 4}${|
00000a00 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 6c |color 1790d0}$al|
00000a10 69 67 6e 72 24 7b 74 6f 70 20 70 69 64 20 34 7d |ignr${top pid 4}|
00000a20 20 20 20 24 7b 74 6f 70 20 63 70 75 20 34 7d 20 | ${top cpu 4} |
00000a30 20 20 24 7b 74 6f 70 20 6d 65 6d 20 34 7d 20 0a | ${top mem 4} .|
00000a40 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 35 2e 20 |${color grey}5. |
00000a50 24 7b 74 6f 70 20 6e 61 6d 65 20 35 7d 24 7b 63 |${top name 5}${c|
00000a60 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 6c 69 |olor 1790d0}$ali|
00000a70 67 6e 72 24 7b 74 6f 70 20 70 69 64 20 35 7d 20 |gnr${top pid 5} |
00000a80 20 20 24 7b 74 6f 70 20 63 70 75 20 35 7d 20 20 | ${top cpu 5} |
00000a90 20 24 7b 74 6f 70 20 6d 65 6d 20 35 7d 20 0a 24 | ${top mem 5} .$|
00000aa0 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 36 2e 20 24 |{color grey}6. $|
00000ab0 7b 74 6f 70 20 6e 61 6d 65 20 36 7d 24 7b 63 6f |{top name 6}${co|
00000ac0 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 6c 69 67 |lor 1790d0}$alig|
00000ad0 6e 72 24 7b 74 6f 70 20 70 69 64 20 36 7d 20 20 |nr${top pid 6} |
00000ae0 20 24 7b 74 6f 70 20 63 70 75 20 36 7d 20 20 20 | ${top cpu 6} |
00000af0 24 7b 74 6f 70 20 6d 65 6d 20 36 7d 20 0a 23 24 |${top mem 6} .#$|
00000b00 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 37 2e 20 24 |{color grey}7. $|
00000b10 7b 74 6f 70 20 6e 61 6d 65 20 37 7d 24 7b 63 6f |{top name 7}${co|
00000b20 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 6c 69 67 |lor 1790d0}$alig|
00000b30 6e 72 24 7b 74 6f 70 20 70 69 64 20 37 7d 20 20 |nr${top pid 7} |
00000b40 20 24 7b 74 6f 70 20 63 70 75 20 37 7d 20 20 20 | ${top cpu 7} |
00000b50 24 7b 74 6f 70 20 6d 65 6d 20 37 7d 20 0a 23 24 |${top mem 7} .#$|
00000b60 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 38 2e 20 24 |{color grey}8. $|
00000b70 7b 74 6f 70 20 6e 61 6d 65 20 38 7d 24 7b 63 6f |{top name 8}${co|
00000b80 6c 6f 72 20 31 37 39 30 64 30 7d 24 61 6c 69 67 |lor 1790d0}$alig|
00000b90 6e 72 24 7b 74 6f 70 20 70 69 64 20 38 7d 20 20 |nr${top pid 8} |
00000ba0 20 24 7b 74 6f 70 20 63 70 75 20 38 7d 20 20 20 | ${top cpu 8} |
00000bb0 24 7b 74 6f 70 20 6d 65 6d 20 38 7d 20 0a 0a 24 |${top mem 8} ..$|
00000bc0 7b 63 6f 6c 6f 72 20 77 68 69 74 65 7d 4d 45 4d |{color white}MEM|
00000bd0 4f 52 59 20 26 20 53 57 41 50 20 24 7b 68 72 20 |ORY & SWAP ${hr |
00000be0 32 7d 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 |2} .${color grey|
00000bf0 7d 52 41 4d 20 55 73 65 64 3a 24 7b 63 6f 6c 6f |}RAM Used:${colo|
00000c00 72 20 31 37 39 30 64 30 7d 20 24 6d 65 6d 24 61 |r 1790d0} $mem$a|
00000c10 6c 69 67 6e 72 24 7b 63 6f 6c 6f 72 20 67 72 65 |lignr${color gre|
00000c20 79 7d 52 41 4d 20 54 6f 74 61 6c 3a 24 7b 63 6f |y}RAM Total:${co|
00000c30 6c 6f 72 20 31 37 39 30 64 30 7d 20 24 6d 65 6d |lor 1790d0} $mem|
00000c40 6d 61 78 20 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 |max .${color gre|
00000c50 79 7d 52 41 4d 24 7b 63 6f 6c 6f 72 20 31 37 39 |y}RAM${color 179|
00000c60 30 64 30 7d 20 24 6d 65 6d 70 65 72 63 25 24 7b |0d0} $memperc%${|
00000c70 63 6f 6c 6f 72 20 67 72 65 79 7d 20 24 7b 6d 65 |color grey} ${me|
00000c80 6d 62 61 72 20 36 7d 20 0a 24 7b 63 6f 6c 6f 72 |mbar 6} .${color|
00000c90 20 67 72 65 79 7d 53 57 41 50 24 7b 63 6f 6c 6f | grey}SWAP${colo|
00000ca0 72 20 31 37 39 30 64 30 7d 20 24 73 77 61 70 70 |r 1790d0} $swapp|
00000cb0 65 72 63 25 24 7b 63 6f 6c 6f 72 20 67 72 65 79 |erc%${color grey|
00000cc0 7d 20 24 7b 73 77 61 70 62 61 72 20 36 7d 20 0a |} ${swapbar 6} .|
00000cd0 0a 24 7b 63 6f 6c 6f 72 20 77 68 69 74 65 7d 44 |.${color white}D|
00000ce0 52 49 56 45 53 20 2d 20 46 52 45 45 20 53 50 41 |RIVES - FREE SPA|
00000cf0 43 45 20 24 7b 68 72 20 32 7d 20 0a 24 7b 63 6f |CE ${hr 2} .${co|
00000d00 6c 6f 72 20 67 72 65 79 7d 42 6f 6f 74 20 24 7b |lor grey}Boot ${|
00000d10 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 7b 66 |color 1790d0}${f|
00000d20 73 5f 66 72 65 65 5f 70 65 72 63 20 2f 62 6f 6f |s_free_perc /boo|
00000d30 74 7d 25 20 41 76 61 69 6c 61 62 6c 65 24 61 6c |t}% Available$al|
00000d40 69 67 6e 72 24 7b 66 73 5f 66 72 65 65 20 2f 62 |ignr${fs_free /b|
00000d50 6f 6f 74 7d 20 6f 66 20 24 7b 66 73 5f 73 69 7a |oot} of ${fs_siz|
00000d60 65 20 2f 62 6f 6f 74 7d 20 0a 24 7b 63 6f 6c 6f |e /boot} .${colo|
00000d70 72 20 67 72 65 79 7d 24 7b 66 73 5f 62 61 72 20 |r grey}${fs_bar |
00000d80 36 20 2f 62 6f 6f 74 7d 0a 24 7b 63 6f 6c 6f 72 |6 /boot}.${color|
00000d90 20 67 72 65 79 7d 2f 20 24 7b 63 6f 6c 6f 72 20 | grey}/ ${color |
00000da0 31 37 39 30 64 30 7d 24 7b 66 73 5f 66 72 65 65 |1790d0}${fs_free|
00000db0 5f 70 65 72 63 20 2f 7d 25 20 41 76 61 69 6c 61 |_perc /}% Availa|
00000dc0 62 6c 65 24 61 6c 69 67 6e 72 24 7b 66 73 5f 66 |ble$alignr${fs_f|
00000dd0 72 65 65 20 2f 7d 20 6f 66 20 24 7b 66 73 5f 73 |ree /} of ${fs_s|
00000de0 69 7a 65 20 2f 7d 20 0a 24 7b 63 6f 6c 6f 72 20 |ize /} .${color |
00000df0 67 72 65 79 7d 24 7b 66 73 5f 62 61 72 20 36 20 |grey}${fs_bar 6 |
00000e00 2f 7d 0a 0a 24 7b 63 6f 6c 6f 72 20 77 68 69 74 |/}..${color whit|
00000e10 65 7d 4e 45 54 57 4f 52 4b 20 49 4e 46 4f 52 4d |e}NETWORK INFORM|
00000e20 41 54 49 4f 4e 20 24 7b 68 72 20 32 7d 20 0a 24 |ATION ${hr 2} .$|
00000e30 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 49 50 20 41 |{color grey}IP A|
00000e40 64 64 72 65 73 73 3a 20 24 7b 63 6f 6c 6f 72 20 |ddress: ${color |
00000e50 31 37 39 30 64 30 7d 24 7b 61 64 64 72 20 65 6e |1790d0}${addr en|
00000e60 70 34 73 30 7d 0a 24 7b 63 6f 6c 6f 72 20 67 72 |p4s0}.${color gr|
00000e70 65 79 7d 45 78 74 65 72 6e 61 6c 20 49 50 3a 20 |ey}External IP: |
00000e80 24 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 |${color 1790d0}$|
00000e90 7b 65 78 65 63 69 20 36 30 30 20 63 75 72 6c 20 |{execi 600 curl |
00000ea0 69 66 63 6f 6e 66 69 67 2e 63 6f 20 32 3e 2f 64 |ifconfig.co 2>/d|
00000eb0 65 76 2f 6e 75 6c 6c 20 7c 20 74 61 69 6c 20 7d |ev/null | tail }|
00000ec0 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 47 61 |.${color grey}Ga|
00000ed0 74 65 77 61 79 20 41 64 64 72 65 73 73 3a 20 24 |teway Address: $|
00000ee0 7b 63 6f 6c 6f 72 20 31 37 39 30 64 30 7d 24 7b |{color 1790d0}${|
00000ef0 67 77 5f 69 70 7d 20 0a 24 7b 63 6f 6c 6f 72 20 |gw_ip} .${color |
00000f00 67 72 65 79 7d 4e 65 74 77 6f 72 6b 20 49 6e 74 |grey}Network Int|
00000f10 65 72 66 61 63 65 3a 20 24 7b 63 6f 6c 6f 72 20 |erface: ${color |
00000f20 31 37 39 30 64 30 7d 24 7b 67 77 5f 69 66 61 63 |1790d0}${gw_ifac|
00000f30 65 7d 0a 0a 24 7b 63 6f 6c 6f 72 20 77 68 69 74 |e}..${color whit|
00000f40 65 7d 42 41 4e 44 57 49 44 54 48 20 26 20 54 4f |e}BANDWIDTH & TO|
00000f50 54 41 4c 20 44 41 49 4c 59 20 54 52 41 46 46 49 |TAL DAILY TRAFFI|
00000f60 43 24 7b 68 72 20 32 7d 24 7b 63 6f 6c 6f 72 7d |C${hr 2}${color}|
00000f70 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 55 70 |.${color grey}Up|
00000f80 3a 20 24 7b 63 6f 6c 6f 72 7d 24 7b 75 70 73 70 |: ${color}${upsp|
00000f90 65 65 64 20 65 6e 70 34 73 30 7d 24 61 6c 69 67 |eed enp4s0}$alig|
00000fa0 6e 72 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 44 |nr${color grey}D|
00000fb0 6f 77 6e 3a 20 24 7b 63 6f 6c 6f 72 7d 24 7b 64 |own: ${color}${d|
00000fc0 6f 77 6e 73 70 65 65 64 20 65 6e 70 34 73 30 7d |ownspeed enp4s0}|
00000fd0 0a 24 7b 63 6f 6c 6f 72 20 67 72 65 79 7d 55 70 |.${color grey}Up|
00000fe0 3a 20 24 7b 63 6f 6c 6f 72 7d 24 7b 65 78 65 63 |: ${color}${exec|
00000ff0 69 20 31 30 20 76 6e 73 74 61 74 20 7c 20 67 72 |i 10 vnstat | gr|
00001000 65 70 20 74 6f 64 61 79 20 7c 20 61 77 6b 20 27 |ep today | awk '|
00001010 7b 70 72 69 6e 74 20 24 35 2c 20 24 36 20 7d 27 |{print $5, $6 }'|
00001020 7d 24 61 6c 69 67 6e 72 20 24 7b 63 6f 6c 6f 72 |}$alignr ${color|
00001030 20 67 72 65 79 7d 44 6f 77 6e 3a 20 24 7b 63 6f | grey}Down: ${co|
00001040 6c 6f 72 7d 24 7b 65 78 65 63 69 20 31 30 20 76 |lor}${execi 10 v|
00001050 6e 73 74 61 74 20 7c 20 67 72 65 70 20 74 6f 64 |nstat | grep tod|
00001060 61 79 20 7c 20 61 77 6b 20 27 7b 70 72 69 6e 74 |ay | awk '{print|
00001070 20 24 32 2c 20 24 33 20 7d 27 7d 0a 5d 5d 0a | $2, $3 }'}.]].|
0000107f
[root@arch Music]#
it shows ascii and hex with -C option.
2 members found this post helpful.
07-04-2023, 01:28 PM
#8
Member
Registered: Sep 2015
Location: Australia
Distribution: Slackware, Devuan, Freebsd
Posts: 577
Original Poster
Rep:
Quote:
Originally Posted by
//////
there is command hexdump that can be used to view file content : in my case i hexdumped conkyrc ->
That was interesting to play with and a nice learning curve with that too.
Thanks
https://class.malware.re/2020/02/04/...nalysis-1.html
And I'd guess this is just the tip of the iceberg when it comes to malware analysis.
All times are GMT -5. The time now is 05:03 PM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News