Skip to main content

Posts

Showing posts from April, 2010
Changing filenames to lowercase/capital

Changing to ALL lowercase

Say we have tonnes of AVI files:

 for i in *.avi; do mv $i `echo $i |tr [A-Z] [a-z]`;done
Another way around, changing from mixed to CAPITAL

 for i in *.avi; do mv $i `echo $i |tr [a-z] [A-Z]`;done
I bought this book, Hacking Exposed: Malware & Rootkits several months back, while it is still new! A good read and really worth for your money. It keeps you update with current stuffs and first of its kind within Hacking Exposed series. Perhaps more to come in the same title in future!
If you comfortable shopping online, just visit Amazon and get the latest copy here HACKING EXPOSED MALWARE AND ROOTKITS
sctest, tool in libemu



I recently just tested out sctest, a tool to process shellcode provided in libemu.

The usage is as follows:





sctest -gS -s 10000 -v -G test.dot 





Basically there are several steps prior to that (which I need a friend to help me out!).

Say, I have a file called hexdump.txt;



Try with 10, 000 steps:

$ sctest -Ss 10000 -g < hexdump.txt

verbose = 0success 

offset = 0x00000005

stepcount 10000




Try with 100, 000 steps we got this:


$ sctest -Ss 100000 -gv < hexdump.txt




verbose = 1success 

offset = 0x00000005

stepcount 100000




HMODULE LoadLibraryA ( LPCTSTR lpFileName = 0x0012fe80 => = "ws2_32";) = 0x71a10000;int WSAStartup ( WORD wVersionRequested = 2; LPWSADATA lpWSAData = 1244276;) = 0;SOCKET WSASocket ( int af = 2; int type = 1; int protocol = 0; LPWSAPROTOCOL_INFO lpProtocolInfo = 0; GROUP g = 0; DWORD dwFlags = 0;) = 66;int bind ( SOCKET s = 66; struct sockaddr_in * name = 0x0012fe6c => struct …
Marking Nepenthes' log with GeoIP

I always wanted to let my Nepenthes log meaningful, rather than cryptic columns which is pretty much boring.

So this is what I did after several searches on the Net... some of the link just show the result, and I wonder why don't they just *put* the script online. Here goes!


Let say, I am processing /var/log/nepenthes/logged_downloads

116.7.16.130 df51e3310ef609e908a6b487a28ac068
116.80.225.172 1d419d615dbe5a238bbaa569b3829a23
116.80.227.106 e269d0462eb2b0b70d5e64dcd7c676cd
116.80.81.221 98eb0fdadf8a403c013a8b1882ec986d
116.80.85.224 e269d0462eb2b0b70d5e64dcd7c676cd
116.81.88.146 2fa0e36b36382b74e6e6a437ad664a80

I want it to be:

Russian Federation ,95.28.56.118 , 7d99b0e9108065ad5700a899a1fe3441
Russian Federation ,95.28.63.209 , 7d99b0e9108065ad5700a899a1fe3441
Russian Federation ,95.28.71.57 , 7d99b0e9108065ad5700a899a1fe3441
Russian Federation ,95.28.82.129 , 7d99b0e9108065ad5700a899a1fe3441
Russian Federation ,95.28.89.135 , 7d99b0e9108065ad5700a899…