THC-ManipulateData

THC-ManipulateData can search data on a harddisk/partition/file.
Download

THC-ManipulateData Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • The Hacker's Choice
  • Publisher web site:
  • http://thc.org

THC-ManipulateData Tags


THC-ManipulateData Description

THC-ManipulateData can search data on a harddisk/partition/file. THC-ManipulateData can search data on a harddisk/partition/file, extract the part you are interested in, and write it back after you modified it.Useful to find and modify really all unencrypted Logfiles on a system. Does everything in RAW mode, and hence does not tamper a/m/ctimes.It comes with 4 tools:Syntax of search_data: ./search_data blockdevice searchstring-i - the only parameter which is optional. This does the search case insensitive.-d - dump the found occasions in hexblockdevice - a blockdevice you want to search for data. It need not to be a blockdevice, it can be anything, but normaly you use it on these.searchstring - a string you want to search forThe blockdevice is searched for the occurance of searchstring, which are printed with location when found. Example: ./search_data -i /dev/hda3 "connect from 10.0.0.1"Output looks like:found at 234600: connect from 10.0.0.1/unresolved (UNKNOWN)Syntax of read_data: ./read_data blockdevice start_address no_of_bytesblockdevice - a blockdevice you want to get your data from. It need not to be a blockdevice, it can be anything, but normaly you use it on these.start_address - from which offset of the blockdevice you want to extract data fromno_of_bytes - how many bytes of data starting at the start_address you want to extract in a file.The output filename is always START_ADDRESS.NO_OF_BYTESExample: ./read_data /dev/hda3 234653 1024writes 1024 bytes of data from /dev/hda3 starting from offset 234653 to the file "234653.1024"Syntax of write_data: ./write_data blockdevice filenameblockdevice - a blockdevice you want to write your data to. It need not to be a blockdevice, it can be anything, but normaly you use it on these.filename - the data you want to write to the blockdevice. For error protection, the location where it is put it gathered from the filename - as you can see above from read_data. If you modified the data extracted with read_data into the file, it may not have a different size than defined in the filename! The data in filename is written to the blockdeviceExample: ./write_data /dev/hda3 234653.1024writes 1024 bytes of data to /dev/hda3 starting at offset 234653 with thedata read from the file "234653.1024"Syntax of replace_data: ./replace_data blockdevice searchstring replacestring-i - the only parameter which is optional. This does the search case insensitive.blockdevice - a blockdevice you want to search for data. It need not to be a blockdevice, it can be anything, but normaly you use it on these.searchstring - a string you want to search forreplacestring - the string you want to replace the found entries withThe blockdevice is searched for the occurance of searchstring, and is then replaced.Example: ./replace_data -i /dev/hda3 "connect from 1.0.0.1" "Remap table failure "Output looks like:found at 234600 - replacedWhat's New in This Release:· fixed a bug in read/write_data, seeks over 2gb now succeed· added -d for hexdump display of occasions found in search_data


THC-ManipulateData Related Software