OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Tools to analyze "captured" binaries? -Reply
From: Ex Machina (xmGEEKMAFIA.DYNIP.COM)
Date: Sat Apr 22 2000 - 09:58:41 CDT

The "Kickers of ELF" tarball from LinuxAssembly.org has some tools handy
for analyzing binaries.

[snip, snip]

     * elfls: a utility that displays an ELF file's program and/or
       section header tables, which serve as a kind of global roadmap to
       the file's contents.

     * elftoc: a program that takes an ELF file and generates C code that
       defines a structure with the same memory image, using the
       structures and preprocessor symbols defined in <linux/elf.h>.

[snip, snip]

Handy, eh?

Ex Machina (xmgeekmafia.dynip.com) http://geekmafia.dynip.com/~xm/
phone: 1-877-LPT-WHIP icq: 3387005 aim: ExMachina
GnuPG Keyprint: 0627 C3A8 DE25 F7FB 46BD 4870 2006 CF7F EBDA 949D

On Thu, 20 Apr 2000, Network Security wrote:

> Date: Thu, 20 Apr 2000 08:02:34 -0600
> From: Network Security <NSECURITYTASC.USDA.GOV>
> To: INCIDENTSSECURITYFOCUS.COM
> Subject: Tools to analyze "captured" binaries? -Reply
>
> truss is your friend...there is also a good gnu debugger but the name
> escapes me currently.
> -- statik
>
> >>> Anton Chuvakin <achuvakiIC.SUNYSB.EDU> 04/19/00 02:18pm
> >>>
> Hi there!
>
> I just got a bunch of trojaned binaries (usual rootkit, I guess,
> fingerd/ftp/login together with a sniffer) from my friend's box (hacked
> via ADMROCKS, of course). What tools (apart from strings, ldd, file) I can
> use to analyze those?
>
> Thanks,
>