I have an IP of the server and a port on which I'm able to connect via nc on Ubuntu 14.04.
> nc x.x.x.x PORT
In order to communicate with the server, the first step is to send a WAKEUP call and get acknowledgment. The server expects a 3 byte ID in the wakeup call. An example is provided in the documentation that shows the success scenario of sending the ID and receiving the ack using a software. i.e
The client sends:
<sy><sy><eq>111<et>
And the server responds with:
<sy><ak>A<et><cr>
Here is some detail of <sy>
Within <> brackets is a non-printable ASCII character (<sy> = ASCII 22 or Hex 0x16)
I tried to replicate the exact same scenario but failed to do so. The server doesn't respond to the data I send, although the data is received there. I'm not sure about these tags <sy><sy><eq> etc. How to send the ID(111) along with these tags <sy> correctly?
Also tried to send this data using Rails framework and Bindata ruby gem but don't know how to represent the above format.
netcat is probably the wrong tool for this. Or at least you will want to use some other program to feed it input.
If I were doing this, I would code up something in python or C that would both connect to the server and feed it whatever data I needed to send it (and receive/interpret the responses) leaving out nc altogether. There are many examples on the web.
You can encode the control characters in a byte string in python with the syntax b'\x16' for your <sy> character. Most other languages have an equivalent capability.
I can't be sure exactly what those characters are. It seems likely they are standard ASCII control characters, but they aren't using the standard abbreviations (see http://www.theasciicode.com.ar/ for example). So presumably the documentation you are looking at has a list of the corresponding values. Assuming for the sake of example that <eq> corresponds to the ASCII ENQ character and <et> to the ASCII EOT (and given you already know that <sy> is equivalent to ASCII SYN), your desired string <sy><sy><eq>111<et> can be encoded in a python byte string: b'\x16\x16\x05111\x04'
(or equivalently b'\x16\x16\x05\x31\x31\x31\x04' if you like regularity: the 1 characters are simply ASCII digits, so you can replace each 1 with its binary equivalent b'\x31')
To return to nc, trying to type in the control characters to the nc input from a terminal window is, while possible in most cases, very difficult and error-prone. You will need to know the equivalent control character mapping (for example, 0x16 is "Ctrl-V") and will need to know how to get the terminal to accept that literal character (coincidentally, in linux, you have to precede most control characters with a Ctrl-V in order to enter them as input and avoid having them interpreted in the usual way: Ctrl-D == EOF, Ctrl-C == Interrupt, Ctrl-W == Delete-Previous-Word, etc).
So if you wanted to enter the data above into nc's input from the command line, you would need to type these characters:
Ctrl-V Ctrl-V <sy> / SYN
Ctrl-V Ctrl-V <sy> / SYN
Ctrl-V Ctrl-E <eq> / ENQ
1
1
1
Ctrl-V Ctrl-D <et> / EOT
But also important to note is that ordinarily nc will not actually send anything until you enter a newline (i.e. press the Return key). Then that newline character will also get sent to the server which might not be what you want.
Related
I have an input:
May 16 12:45:47 host-dev1 kernel: [ 162.648366] wireguard: wg0: Sending keepalive packet to peer 2 (171.12.198.123:51079)
I want to parse the info as: TIMESTAMP "Sending keepalive packet to peer 2" IP:PORT
For the middle sentence I want to parse whatever is after wg0: until the first parenthesis of the port. This sentence can change to "Sending handshake initiation to peer 10" for example.
I've done
filter {
grok {
match => { "message" => "%{SYSLOGBASE:timestap} %{GREEDYDATA:action} %{IP:peerip}:%{NUMBER:port}" }
}
}
I need to change GREEDYDATA to something that will specifically parse the mentioned boundaries
Give this a try:
%{SYSLOGBASE:timestamp} \[ ?%{NUMBER:TIMESTAMP} ?\]( %{WORD}:)* %{GREEDYDATA:action} \(%{IP:peerip}:%{NUMBER:port}
Here's a breakdown:
%{SYSLOGBASE:timestamp} - the syslog prefix
\[ ?%{NUMBER:TIMESTAMP} ?\] - the application timestamp
( %{WORD}:)* - any words followed by a colon, like
'wg0:', zero or more times
%{GREEDYDATA:action} - any characters ('DATA' would also work)
\(%{IP:peerip}:%{NUMBER:port} - a literal '(' followed by IP and port
The important thing in making GREEDYDATA / DATA work here is that the the boundaries (%{WORD}: and \() are properly defined.
You may need to vary the boundary definitions depending on what other log messages look like (specifically, whether you can rely on the colon and parenthesis at the boundaries).
It may be helpful to use a named capture group, depending on whether existing grok patterns cover your other message formats, like : (?<notColons>[^:]*) \( to specify "a colon, then a space, then any number of non-colon characters, then a space, then an open bracket".
Im using a BG96 modem to connect to AWS iot over MQTT.
I'm trying to set my MQTT Last Will and Testament with the following AT-command:
+QMTCFG:"will",(0-5),(0,1),(0-2),(0,1),"willtopic","willmessage"
Which works great.
But now I'm trying to add a JSON formatted string to "willmessage", so I need to add "" (double quotes) in there, which means I need to escape them in my command. But I have no clue if I can escape them or what the escape character is.
Things I tried: \" (backslash) and "" (double double quotes)
I looked in all of the BG96 datasheets, and I don't see it mentioned anywhere.
I had the same issue while using MQTT commands on a SIMCOM SIM800c, and I noticed that the regular backslash (\) escapes the quotation marks (as it does in c) when communicating directly with the GSM unit via a USB to TTL converter. To implement this in software I printed the following string to the UART connected to the GSM Modem:
AT+SMPUB=\"testTopicPost\",0,1,\"{\x5c\x22Key\x5c\x22 : \x5c\x22Value\x5c\x22}\"
What this basically does is send the raw \ and " characters to the GSM unit. Hope this solution works for you as well.
Escaping of " within a string is covered in chapter 5.4.2.2 String constants in the V.250 standard - which is a MUST READ for anyone writing code handling AT commands (read at least all of chapter 5):
String constants shall consist of a sequence of ... except for the characters """ ... . String constants shall be bounded at the beginning and end by the double-quote character (""" ... . ... The double-quote character, used as the beginning and ending string delimiter, shall be represented within a string constant as "\22".
So the escape mechanism is \22 not \x22. This should be universally the case for all modems and not something that is implementation dependent.
I did not find reference to documentation of MQTT and BG96 and you did not link any of your "all of the BG96 datasheets" so I am just providing example syntax for an imaginary command to send a JSON payload of {"key": "value"}:
AT+SOMECOMMAND=...,"{\22key\22: \22value\22}"
Some special characters have different values between the ASCII character set and the GSM character set.
i.e.
In the ASCII character set: \ = 0x5C.
In the GSM character set: Ö = 0x5C.
Beyond this point, some special characters must be entered using a specific way, such as a 2-byte representation. I suggest you check the standard/version of AT commands implemented on your hardware (i.e. GSM 07.07, GSM 07.05, manufacturer specific set...).
i.e. I'm using a GPS+GPRS modem from Ai-Thinker called A9G. In this one, to use the AT+MQTTPUB command with data formatted in JSON style, I need to append \x5c\x32\x32. So the module will interpret this as \22 and the server as \".
i.g.
"{\x5c\x32\x32Key\x5c\x32\x32:\x5c\x32\x32Value\x5c\x32\x32}"
at the cloud it will be:
{"Key":"Value"}
How can I search for control characters in unix ed(1)?
For example
ed somefile.log <<EOF
1,$s/.*\015//
w
q
EOF
doesn't work. Neither does \r. Obviously sed(1), awk(1) and other editors can do this, however ed has the very useful line move (m) command which is all I need within the bash script I am using.
I am able to accomplish what I want within the script by entering the control character directly (escaping it with C-v in vi, C-q in emacs for example), but this means that binary characters must be present in my otherwise printable text script.
ed Transport2SVN-W0177.log <<EOF
g/^M/s/.*^M//p
w
q
EOF
The ^M is actually character 0x0d.
ed doesn't provide any support for converting control characters.
The way you have found of inserting control-characters directly into the script (using Ctrl-V at the keyboard) is portable and it works.
It's possible that particular implementations of ed might support this, but it would not be portable.
Which Ansi escape sequence is the most portable and/or simply best and why?
1. "\u001B[32;1mThis is bright green\u001B[0m"
2. "\x1B[33;1mThis is bright yellow\x1B[0m"
3. "\e[35;4;1mThis is bright purple underlined\e[0m"
I have been using printf "\x1B[32;1mgreen\x1B[0m" (that's an example in unix bash script for example) out of habit, but I was wondering if there were any reasons to use one over the other. Is one more portable than the others? That would be my assumption.
Also, if you know of any other Ansi Escape sequence feel free to share it in the comments or at the end of your answer.
If you don't know what an Ansi Escape sequence is or want to become more familiar with it, then here you go: http://en.wikipedia.org/wiki/ANSI_escape_code
NOTE:
All of the escape sequences above have worked on all of the Unix systems I have been on, however one must still rely on the system itself to interpret the escape codes. Windows, for example, does not permit any sort of escape codes except four (BEL, L-F or linefeed, C-R or carriage return and, of course, BS or backspace), so Ansi escape sequences will not work.
Short answer: It depends on the host string parser.
Long answer:
It depends on the string parser; that is, the piece of code that actually takes in your string ("\x1b[1mSome string\x1b[0m") as a literal and parses the escape characters using the backslash ANSI escape sequence.
For parsers that support hexadecimal escapes (\x), then \x1b (character 0x1B) should work.
For parsers that support octal escapes (\ddd), then \033 (octal 33) should work.
For parsers that support unicode escapes (\u), then \u001B should work.
Quick elaboration: \x and \u are similar; \x usually refers to a single character, 0-255, in hexadecimal radix. \u means the same (as it is represented in hexadecimal), but supports two bytes (in most parsers) and generally refers to 16-bit unicode characters.
A lesser used/supported escape character, as you mentioned, is \e. This escape is most commonly used with parsers/languages that expect a lot of ANSI escaping to happen, such as bash (and most other shells).
For instance, Node.js does not support \e:
> console.log("\x1b[31mhello\x1b[0m")
hello
undefined
> console.log("\e[31mhello\e[0m")
e[31mhelloe[0m
undefined
Neither does Lua:
> print('\x1b[31mhello\x1b[0m')
hello
> print('\e[31mhello\e[0m')
stdin:1: invalid escape sequence near '\e'
Or even Python:
>>> print("\x1b[31mhello\x1b[0m")
hello
>>> print("\e[31mhello\e[0m")
\e[31mhello\e[0m
>>>
Though PHP does:
<?php
echo "\x1b[31mhello\x1b[0m\n"; // hello
echo "\e[31mhello\e[0m\n"; // hello
I have been trying to figure out how exactly \x00, \n, \r, \, or \x1a can cause an SQL Injection (as it is mentioned at http://nl3.php.net/manual/en/function.mysql-real-escape-string.php)
I understand the idea of single quote and double quotes, but how and why I need to take care of the other items to make my query safe?
I was wondering about the same question and I found the answer in the C API documentation of MySQL, it states:
Characters encoded are “\”, “'”, “"”, NUL (ASCII 0), “\n”, “\r”, and
Control+Z (\x1a). Strictly speaking, MySQL requires only that backslash and
the quote character used to quote the string in the query be escaped.
mysql_real_escape_string() quotes the other characters to make them
easier to read in log files.
It is also explained in String Literals that:
The mysql client truncates quoted strings containing NUL characters if
they are not escaped, and Control+Z may be taken for END-OF-FILE on
Windows if not escaped.
The NUL character represents the end of a string in C language, so this can falsely terminate the input argument of the mysql client program. Same thing for \x1a, it marks the end-of-file under Windows (try type test.txt in a command prompt with a \x1a character in the middle of the file).
The main point is that an admin can miss important information in a log file if his log file reader doesn't show the data beyond one of these characters. But who still uses precarious type command or equivalent under Windows to read a log file anyway?
In other terms, there is no danger with \n, \r, \0 or \x1a in PHP, other than potentially making a log file difficult to read.
As for the backslash, \' OR 1==1 would be converted to \\' OR 1==1 if it was not escaped too, cancelling the effect of the escaping of the quote.
let's assume you have
$SQL="select * from mytable where myfield='$uservalue'"
\ -> \:
try \' or 1=1; --', after escaping the quote, you would get \\' or 1=1; --' and the SQL would be select * from mytable where myfield='\\' or 1=1; --'
\x00
Not important for PHP, but for C
Sorry, too lazy for the rest.