grugqMAILCITY.COM

• Next message: Donald McLachlan: "weird traceroutes"
• Previous message: J. J. Horner: "RH6.1/IPChains box hacked"
• Maybe in reply to: Anton Chuvakin: "Tools to analyze "captured" binaries?"
• Next in thread: karthik krishnamurthy: "Re: Tools to analyze "captured" binaries?"
• Maybe reply: Living Prophet of the GREAT GRUG: "Re: Tools to analyze "captured" binaries?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Assuming that it was an x86 Linux box that was hacked, the binaries should be simple ELF IA32 obj files. That means that you can use objdump to get an asm listing and much more.

Unfortunately the objdump tools doesn't do JMP and CALL cross refrencing, nor does it insert strings or even handle 1's complement numbers , all of which means that you will probably need dasm or reap to get the appropriate asm dump.

These tools can be gotten from http://packetstorm.securify.com/linux/reverse-engineering/

Also, you might want to check out reqt, which will call all the utilities availble over a binary and organise the output. If you would like, you can also send a copy of the files to myself, or the list and I would be happy to have a look at them.

peace,

grugq.

---
GIGANTOR is fighting RIGHT
                                         against WRONG
              G I G A N T O R
       G - I - G - A - N - T - O - R
Send FREE April Fool's Greetings to your friends!
http://www.whowhere.lycos.com/redirects/American_Greetings.rdct

• Next message: Donald McLachlan: "weird traceroutes"
• Previous message: J. J. Horner: "RH6.1/IPChains box hacked"
• Maybe in reply to: Anton Chuvakin: "Tools to analyze "captured" binaries?"
• Next in thread: karthik krishnamurthy: "Re: Tools to analyze "captured" binaries?"
• Maybe reply: Living Prophet of the GREAT GRUG: "Re: Tools to analyze "captured" binaries?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]