Re: [Burp-users] Restoring windows client on linux, WARNING: Could not open for writing aa/C:/Boot/
Brought to you by:
grke
Menu
▾
▴
Re: [Burp-users] Restoring windows client on linux, WARNING: Could not open for writing aa/C:/Boot/Fonts: Is a directory
|
From: Graham K. <gr...@gr...> - 2016-11-20 10:40:50
|
On Tue, Oct 25, 2016 at 10:33:55PM +0200, Marcin Mirosław wrote: > W dniu 2016-10-25 o 13:59, Graham Keeling pisze: > > On Tue, October 25, 2016 5:35 pm, Marcin MirosÅ‚aw wrote: > >> W dniu 19.10.2016 o 23:39, Graham Keeling pisze: > >>> On Thu, October 20, 2016 5:41 am, Marcin MirosÅ‚aw wrote: > >>>> W dniu 2016-10-19 o 11:01, Marcin MirosÅ‚aw pisze: > >>>>> W dniu 19.10.2016 o 03:30, Graham Keeling pisze: > >>>>>> On Wed, October 19, 2016 6:41 am, Marcin MirosÅ‚aw wrote: > >>>>>>> Hi! > >>>>>>> I'm trying to restore files from windows client on linux. > >>>>>>> # burp -C win -ar -b 32 -d aa > >>>>>>> 2016-10-18 22:37:27: burp[4548] auth ok > >>>>>>> 2016-10-18 22:37:27: burp[4548] Server version: 2.0.48 > >>>>>>> 2016-10-18 22:37:27: burp[4548] nocsr ok > >>>>>>> 2016-10-18 22:37:27: burp[4548] SSL is using cipher: > >>>>>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA > >>>>>>> Enc=AESGCM(256) > >>>>>>> Mac=AEAD > >>>>>>> > >>>>>>> 2016-10-18 22:37:27: burp[4548] extra_comms_begin > >>>>>>> ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=2:rshash=blake2: > >>>>>>> 2016-10-18 22:37:27: burp[4548] Switched to client win7 > >>>>>>> 2016-10-18 22:37:27: burp[4548] Server is forcing protocol 2 > >>>>>>> 2016-10-18 22:37:27: burp[4548] doing restore 32: > >>>>>>> 2016-10-18 22:37:27: burp[4548] doing restore confirmed > >>>>>>> > >>>>>>> 2016-10-18 22:37:27: burp[4548] WARNING: Could not open for writing > >>>>>>> aa/C:/Boot/Fonts: Is a directory > >>>>>>> 2016-10-18 22:37:27: burp[4548] unexpected command in > >>>>>>> restore_interrupt(): r: J A A A IH/ B A A A GAA A A BXHnlh BXHnlh > >>>>>>> BXGpag A > >>>>>>> A > >>>>>>> 2016-10-18 22:37:27: burp[4548] read cmd with no attribs > >>>>>>> 2016-10-18 22:37:27: burp[4548] ret: -1 > >>>>>>> > >>>>>>> What is the problem in restoring? Why burp throws error? > >>>>>>> Marcin > >>>>>> > >>>>>> > >>>>>> Hello, > >>>>> > >>>>> Hi! > >>>>> > >>>>>> Is your server supposed to be forcing protocol 2? > >>>>> > >>>>> Yes, I'm using protocol 2. > >>>>> > >>>>>> It looks like it is having a problem with restoring C:/Boots/Fonts to > >>>>>> aa/ > >>>>> > >>>>> Problem appears on every path I try to restore. It can be C:/Windows > >>>>> or > >>>>> C:/Users . it happens on directory on second or third level of depth. > >>>>> > >>>>>> It looks like it is trying to write it as if it is a file, but > >>>>>> presumably > >>>>>> it already exists as a directory. > >>>>>> What does the raw manifest entry for this path say? > >>>>>> > >>>>>> You will need to look in the backup storage directory and zgrep all > >>>>>> the > >>>>>> manifest components for the path, then run 'bsigs' on the file that > >>>>>> contains the path, and paste that to the list. > >>>>> > >>>>> Ok, I'll try to do it at evening. > >>>> > >>>> > >>>> Here it is: > >>>> x00030:0 > >>>> r0033 J A A A EH/ B A A A A A A BXHnlh BXHnlh BXGpag A A > >>>> f000DC:/Boot/Fonts > >>>> S002026EE0B31A5D8B125452eb3e80934c302f40ac45508eab2dd0000/0000/004C/0002 > >>>> x00030:0 > >>>> r0036 J A A A IH/ B A A A OF4A A A BXHnlh BKMBgP BXGpag A A > >>>> f001AC:/Boot/Fonts/chs_boot.ttf > >>>> > >>>> > >>>> Also look at this: > >>>> # burp -C win7 -ar -r "C:/Users" > >>>> 2016-10-19 21:37:42: burp[10583] No backup specified. Using the most > >>>> recent. > >>>> 2016-10-19 21:37:42: burp[10583] auth ok > >>>> 2016-10-19 21:37:42: burp[10583] Server version: 2.0.48 > >>>> 2016-10-19 21:37:42: burp[10583] nocsr ok > >>>> 2016-10-19 21:37:42: burp[10583] SSL is using cipher: > >>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) > >>>> Mac=AEAD > >>>> > >>>> 2016-10-19 21:37:42: burp[10583] extra_comms_begin > >>>> ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=2:rshash=blake2: > >>>> 2016-10-19 21:37:42: burp[10583] Switched to client win7 > >>>> 2016-10-19 21:37:42: burp[10583] Server is forcing protocol 2 > >>>> 2016-10-19 21:37:42: burp[10583] doing restore 0:C:/Users > >>>> 2016-10-19 21:37:42: burp[10583] doing restore confirmed > >>>> > >>>> 2016-10-19 21:37:44: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/All Users: Is a directory > >>>> 2016-10-19 21:37:46: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/Application Data: Is a directory > >>>> 2016-10-19 21:37:46: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/Dane aplikacji: Is a directory > >>>> 2016-10-19 21:37:46: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/Historia: Is a directory > >>>> 2016-10-19 21:37:46: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/History: Is a directory > >>>> 2016-10-19 21:37:46: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/Microsoft/Windows/GameExplorer: Is a > >>>> directory > >>>> 2016-10-19 21:37:48: burp[10583] WARNING: Could not open for writing > >>>> C:/Users/Default/AppData/Local/Microsoft/Windows/History/History.IE5: > >>>> Is > >>>> a directory > >>>> 2016-10-19 21:37:48: burp[10583] unexpected command in > >>>> restore_interrupt(): r: J A A A IP4 B A A A CR A A BXKPff BXKPff BXKPff > >>>> A > >>>> A > >>>> 2016-10-19 21:37:48: burp[10583] read cmd with no attribs > >>>> 2016-10-19 21:37:48: burp[10583] ret: -1 > >>>> > >>>> > >>>> This is backup of linux OS: > >>>> # burp -C zserwerek -ar > >>>> 2016-10-19 21:38:22: burp[10594] No backup specified. Using the most > >>>> recent. > >>>> 2016-10-19 21:38:22: burp[10594] auth ok > >>>> 2016-10-19 21:38:22: burp[10594] Server version: 2.0.48 > >>>> 2016-10-19 21:38:22: burp[10594] nocsr ok > >>>> 2016-10-19 21:38:22: burp[10594] SSL is using cipher: > >>>> DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) > >>>> Mac=AEAD > >>>> > >>>> 2016-10-19 21:38:22: burp[10594] extra_comms_begin > >>>> ok:autoupgrade:incexc:orig_client:uname:sincexc:counters_json:msg:forceproto=2:rshash=blake2: > >>>> 2016-10-19 21:38:22: burp[10594] Switched to client zserwerek > >>>> 2016-10-19 21:38:22: burp[10594] Server is forcing protocol 2 > >>>> 2016-10-19 21:38:22: burp[10594] doing restore 0: > >>>> 2016-10-19 21:38:22: burp[10594] doing restore confirmed > >>>> > >>>> 2016-10-19 21:38:23: burp[10594] WARNING: Path exists: > >>>> /bin/arc_summary.py > >>>> > >>>> 2016-10-19 21:38:24: burp[10594] WARNING: Path exists: /bin/arcstat.py > >>>> > >>>> 2016-10-19 21:38:24: burp[10594] WARNING: Path exists: /bin/attr > >>>> > >>>> 2016-10-19 21:38:27: burp[10594] WARNING: Path exists: /bin/awk > >>>> > >>>> and restore is going on. > >>>> Maybe it is problem with restoring windows's acl on linux filesystem? > >>>> > >>>> Marcin > >>> > >>> Ah, sorry, I misunderstood your problem. > >>> I thought you were restoring on Windows. > >>> > >>> When burp restores Windows directories, it takes VSS data and writes it > >>> to > >>> the Windows API in the same way as a file is restored. > >>> Whereas, on Linux, you just need to do a 'mkdir' and restore the > >>> attributes. > >>> > >>> So, yes, burp on Linux is confused because it cannot do anything with > >>> the > >>> VSS data. > >>> > >>> At some point, I will make the Linux client strip VSS data inline. > >>> > >>> But it shouldn't just fail with that 'restore_interrupt()' error. It > >>> should > >>> just print errors for the directories. > >> > >> Hi! > >> I have to admit that no possibility to restore windows files on linux is > >> a bit surprising. I don't like to work on file on win (I don't like win > >> cmd also), when I have to restore some files I prefer to do it on linux > >> and then copy it to win. > >> Thanks, > >> Marcin > > > > It's not something that anybody has asked for, as far as I remember. > > I'm suprised again:) > > > You can restore individual files though, you'll just have problems with > > directories. > > And you will have to strip the VSS manually. > > I will make it work better when I get the chance though. > > Ok, thank you. There is a change in master now that improves the 'restore_interrupt' thing. So, you still get lots of WARNING messages on directories, but it keeps restoring as much as it can instead of exiting early. |
