Trying to find the content of this file: u.pomf.is/dwsart.db
What I've gotten so far:
1. It's a SQLite3 db file
2. The main data is is stored in a BLOB type field in binary. My guess is it's compressed.
I've tried to decompress it with gzip and a few other popular utilities but none worked. Also tried to check the first bytes for info but those gave me nothing.
pic unrelated
Upload binary data somewhere?
>>53519230
is this not the data?
>>53519308
o_o
>>53519308
If you check out the content of the DATA column you'll find pic related.
>>53519340
I have to mention that I'm really new/shit at stuff like this so I might be missing something very obvious here.
>>53519340
Run binwalk on it.
>>53519340
oh I see
yea
>>53519392
I ran file -d on a query of "select DATA from cache limit 1"
file is a command that tells you what type of data is in your file.
keep in mind this is a single row of the data, and that's maybe 1/10th of the total output, so run the command yourself.
>>53519459
kek forgot pic
about to go to bed..
that "cracklib password index, big endian (64 bit) idk what that means
>>53519464
ah that's cool. How did you run the command against a single query output? I'm currently checking row per row with a Python script.
>>53519253
>u.pomf.is/dwsart.db
>>53519500
sqlite3 dwsart.db "SELECT DATA FROM cache limit 1" | xxd -g1
that gives hex
sqlite3 dwsart.db "SELECT DATA FROM cache limit 1" > file.txt
I guess
>>53519546
then
"file -r -d file.txt"
70: > 4 belong&,=16,"GLS_BINARY_MSB_FIRST"]
mget(type=1, flag=20, offset=0, o=0, nbytes=3)
mget/64 @0: \001^\n\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
15: > 0 byte&,=-128,"8086 relocatable (Microsoft)"]
1 == 18446744073709551488 = 0
mget(type=20, flag=20, offset=0, o=0, nbytes=3)
mget/64 @0: \001^\n\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
13: > 0 search/1,=\000\000\000\000pwV1,"Cracklib password index, big endian ("64-bit")"]
mget(type=20, flag=60, offset=0, o=0, nbytes=3)
mget/64 @0: \001^\n\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
82: > 0 search/wtb/1,=<?xml,"XML document text"]
mget(type=10, flag=20, offset=1040, o=0, nbytes=3)
mget/64 @1040: \000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
idk how to find out what the exact data is, if we could do that then it'd be easy I guess
>>53519603
Those are all false positives.
>>53519789
elaborate?
>>53519888
>I found the byte sequence "pwV1", therefore its cracklib
>I found the byte sequence "?>", therefore it's XML
It's just shitting out everything it can match, that output is worthless.
Just ran the output through gzip, zlib and lzma and got nothing.
