Last days we have keep working on more modules for Inguma, so let's see the result of this work.
First we have two new modules that could be very useful when used together with the DnsSpoof; both modules are located under the Gather category and are a TCP proxy and a Web Server with some basic crawling capabilities.
inguma> info webserver crawl =target = port = inguma> info tcpproxy target = port = newport = inguma>
The web server will crawl a web page, if crawl variable is set to 'True', and after that will start serving that page at the specified port.
inguma> info webserver crawl =target = port = inguma> crawl = True inguma> target = 'http://mail.google.com' inguma> port = 80 inguma> webserver Crawl True Crawling page: http://mail.google.com Parsing image links... Parsing href links... Crawled page saved at /home/hteso/Proyectos/inguma-dev/data/web/index.html serving at port 80 localhost - - [09/Sep/2008 23:08:17] "GET / HTTP/1.1" 200 - localhost - - [09/Sep/2008 23:08:17] "GET /favicon.ico HTTP/1.1" 404 -
This can be funny ;)
On the other hand we have the TCP Proxy...
inguma> info tcpproxy target =port = newport = inguma> target = 'http://www.google.es' inguma> port = 80 inguma> newport = 80 inguma> tcpproxy Starting TCP proxy Redirecting: localhost:80 -> http://mail.google.com:80 inguma> Creating new session for 127.0.0.1 55231 Creating new pipe thread ( ('127.0.0.1', 55231) -> ('74.125.39.104', 80) ) 1 pipes active Creating new pipe thread ( ('74.125.39.104', 80) -> ('127.0.0.1', 55231) ) 2 pipes active 0010 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69 76 3D meta http-equiv= 0020 22 63 6F 6E 74 65 6E 74 2D 74 79 70 65 22 20 63 "content-type" c 0030 6F 6E 74 65 6E 74 3D 22 74 65 78 74 2F 68 74 6D ontent="text/htm 0040 6C 3B 63 68 61 72 73 65 74 3D 75 74 66 2D 38 22 l;charset=utf-8" 0080 79 20 7B 66 6F 6E 74 2D 66 61 6D 69 6C 79 3A 20 y {font-family: 0090 61 72 69 61 6C 2C 73 61 6E 73 2D 73 65 72 69 66 arial,sans-serif ...
One of the next improvements for this module will be the ability to trap and modify requests and answers.
Finally we have added a new section called RCE that will group all the tools for working with binaries:
inguma> show rce List of rce modules ------------------- debugger Userland Debugger hexdump A simple HexDump utility The first tool is a simple Hexdump utility. inguma> info hexdump target = < Target file > lines =inguma> target = '/bin/cat' inguma> hexdump /bin/cat -------------------------------------------------------------------------- 000000: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 | ELF............ 000010: 02 00 03 00 01 00 00 00 c0 8c 04 08 34 00 00 00 | ........�...4... 000020: 78 66 00 00 00 00 00 00 34 00 20 00 07 00 28 00 | xf......4. ...(. 000030: 1b 00 1a 00 06 00 00 00 34 00 00 00 34 80 04 08 | ........4...4... 000040: 34 80 04 08 e0 00 00 00 e0 00 00 00 05 00 00 00 | 4...�...�....... 000050: 04 00 00 00 03 00 00 00 14 01 00 00 14 81 04 08 | ................ 000060: 14 81 04 08 13 00 00 00 13 00 00 00 04 00 00 00 | ................ 000070: 01 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 | ................ 000080: 00 80 04 08 c0 63 00 00 c0 63 00 00 05 00 00 00 | ....�c..�c...... 000090: 00 10 00 00 01 00 00 00 c0 63 00 00 c0 f3 04 08 | ........�c..� 0000a0: c0 f3 04 08 dc 01 00 00 64 03 00 00 06 00 00 00 | ��..�...d....... 0000b0: 00 10 00 00 02 00 00 00 d4 63 00 00 d4 f3 04 08 | ........�c..� 0000c0: d4 f3 04 08 d0 00 00 00 d0 00 00 00 06 00 00 00 | ��..�...�....... 0000d0: 04 00 00 00 04 00 00 00 28 01 00 00 28 81 04 08 | ........(...(... 0000e0: 28 81 04 08 20 00 00 00 20 00 00 00 04 00 00 00 | (... ... ....... 0000f0: 04 00 00 00 51 e5 74 64 00 00 00 00 00 00 00 00 | ....Q�td........ 000100: 00 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 | ................ 000110: 04 00 00 00 2f 6c 69 62 2f 6c 64 2d 6c 69 6e 75 | ..../lib/ld-linu 000120: 78 2e 73 6f 2e 32 00 00 04 00 00 00 10 00 00 00 | x.so.2.......... -------------------------------------------------------------------------- jump to...
And the last tool that we will review today is a ring 3 debugger coded in python and that you can find in this web site.
inguma> debugger Loading VDB Modules: ... Complete vdb > help Documented commands (type help): ======================================== alias bpedit config fds maps mode regs snapshot threads attach break detach go mem ps script stepi vstruct bestname bt dis ignore memdump python server struct writemem bp call exec lm meta quit signal syms Undocumented commands: ====================== EOF help sections vdb > ps [Pid] [ Name ] 1 /sbin/init 2764 /sbin/udevd --daemon 4458 /sbin/portmap 4482 /sbin/rpc.statd 4611 /sbin/getty 38400 tty4 4612 /sbin/getty 38400 tty5 4614 /sbin/getty 38400 tty2 4617 /sbin/getty 38400 tty3 4618 /sbin/getty 38400 tty6 4813 /usr/sbin/acpid -c /etc/acpi/events -s /var/run/acpid.socket ...
Actually the module just starts the debugger (either in console or graphical mode) but we are working on a more deep integration of the tool with Inguma and, may be, a programmatic RCE environment with the debugger, OpenDis, ...
That's all for the moment, stay tuned!!
Hugo Teso
1 comment:
Nice job Hugo!
Post a Comment