Skip to main content

Posts

Showing posts from April, 2010
Changing filenames to lowercase/capital Changing to ALL lowercase Say we have tonnes of AVI files:  for i in *.avi; do mv $i `echo $i |tr [A-Z] [a-z]`;done Another way around, changing from mixed to CAPITAL  for i in *.avi; do mv $i `echo $i |tr [a-z] [A-Z]`;done
I bought this book, Hacking Exposed: Malware & Rootkits several months back, while it is still new! A good read and really worth for your money. It keeps you update with current stuffs and first of its kind within Hacking Exposed series. Perhaps more to come in the same title in future! If you comfortable shopping online, just visit Amazon and get the latest copy here HACKING EXPOSED MALWARE AND ROOTKITS
sctest, tool in libemu I recently just tested out sctest, a tool to process shellcode provided in libemu . The usage is as follows:   sctest -gS -s 10000 -v -G test.dot  Basically there are several steps prior to that (which I need a friend to help me out!). Say, I have a file called hexdump.txt; Try with 10, 000 steps: $ sctest -Ss 10000 -g < hexdump.txt verbose = 0 success  offset = 0x00000005   stepcount 10000   Try with 100, 000 steps we got this:   $ sctest -Ss 100000 -gv < hexdump.txt   verbose = 1 success  offset = 0x00000005   stepcount 100000 HMODULE LoadLibraryA ( LPCTSTR lpFileName = 0x0012fe80 => = "ws2_32"; ) = 0x71a10000; int WSAStartup ( WORD wVersionRequested = 2; LPWSADATA lpWSAData = 1244276; ) = 0; SOCKET WSASocket ( int af = 2; int type = 1; int protocol = 0; LPWSAPROTOCOL_INFO lpProtocolInfo = 0; GROUP g = 0;
Marking Nepenthes' log with GeoIP I always wanted to let my Nepenthes log meaningful, rather than cryptic columns which is pretty much boring. So this is what I did after several searches on the Net... some of the link just show the result, and I wonder why don't they just *put* the script online. Here goes! Let say, I am processing /var/log/nepenthes/logged_downloads 116.7.16.130 df51e3310ef609e908a6b487a28ac068 116.80.225.172 1d419d615dbe5a238bbaa569b3829a23 116.80.227.106 e269d0462eb2b0b70d5e64dcd7c676cd 116.80.81.221 98eb0fdadf8a403c013a8b1882ec986d 116.80.85.224 e269d0462eb2b0b70d5e64dcd7c676cd 116.81.88.146 2fa0e36b36382b74e6e6a437ad664a80 I want it to be: Russian Federation ,95.28.56.118 , 7d99b0e9108065ad5700a899a1fe3441 Russian Federation ,95.28.63.209 , 7d99b0e9108065ad5700a899a1fe3441 Russian Federation ,95.28.71.57 , 7d99b0e9108065ad5700a899a1fe3441 Russian Federation ,95.28.82.129 , 7d99b0e9108065ad5700a899a1fe3441 Russian Federation ,95.28.89.135 , 7d99b0e910