|
I got to thinking about file dumps in hexadecimal this week. This is something I do at least a few times a week - usually to look at file headers or non-printable characters for one reason or another. File headers will usually let you know what type of file you're looking at (no matter what the file extension is). More here on that: https://linux.die.net/man/1/file When looking at or for non-printable characters, this can be for any number of reasons, but almost always it's to figure out what some crazy application is doing with CRLF (Carriage Return / Line Feed) so that I can fix the output to properly feed the next script or tool, or so that Word will read it correctly (which I guess is the same thing). Anyway, the go-to tool for this is XXD:
More on XXD here (or type"man xxd"): https://linux.die.net/man/1/xxd If you're on a stripped-down Linux version, something like busybox, XXD won't be there (it comes with VIM, not VI), but often those distro's will still have the "hexdump" command:
But what if you're on a customer Windows host? And what if they haven't installed any of the Linux tools? Well, as you might guess, "PowerShell to the rescue!" Powershell's "format-hex" command gives you much the same output:
The full "format-hex" docs are here (along with dozens of other places that google will find for you): https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/format-hex?view=powershell-6 More on the various encoding options here: https://docs.microsoft.com/en-us/dotnet/api/system.text.encoding.codepage?view=netcore-2.2 If you've seen a situation where you needed a different method to accomplish this task, please use our comment form to share!! =============== |
Rob VandenBrink 579 Posts ISC Handler Jul 10th 2019 |
|||
| Thread locked Subscribe |
Jul 10th 2019 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
