Title : Toolz Armory
Author : Phrack Staff
==Phrack Inc.==
Volume 0x0b, Issue 0x3d, Phile #0x04 of 0x0f
|=------------------=[ T O O L Z A R M O R Y ]=------------------------=|
|=-----------------------------------------------------------------------=|
|=-----------------------=[ Phrack Staff ]=-----------------------------=|
This new section, Phrack Toolz Armory, is dedicated to tool
annoucements. We will showcast selected tools of relevance to the computer
underground which have been released recently.
Drop us a mail if you develop something kewl that you think is worth of
being mentioned in #62.
Content:
1 - Scapy, Interactive Packet Manipulation Program by Biondi
2 - ShellForge, Shellcode Builder by Biondi
3 - objobf : burneye2 IA32 object file obfuscator by team-teso
4 - ELFsh, ELF objects manipulation scripting langage by Devhell labs.
5 - Packit, Network injection, capture and auditing by D. Bounds
----[ 1 - Scapy : interactive packet manipulation program
URL : http://www.cartel-securite.fr/pbiondi/scapy.html
Author : biondi@cartel-securite.fr
Comment : Scapy is a powerful interactive packet manipulation tool, packet
generator, network scanner, network discovery tool, and packet
sniffer. It provides classes to interactively create packets or
sets of packets, manipulate them, send them over the wire, sniff
other packets from the wire, match answers and replies, and
more. Interaction is provided by the Python interpreter, so
Python programming structures can be used (such as variables,
loops, and functions). Report modules are possible and easy to
make. It is able to do about the same things as ttlscan,
nmap, hping, queso, p0f, xprobe, arping, arp-sk, arpspoof,
firewalk, irpas, tethereal, tcpdump, etc.
Here are some techniques that you can use it for : port,
protocol, network scans, arp cache poisonning, dns poisonning,
DoSing, nuking, sniffing etherleaking, icmpleaking, firewalking,
NAT discovery, fingerprinting, etc.
----[ 2 - ShellForge : shellcode builder
URL : http://www.cartel-securite.fr/pbiondi/shellforge.html
Author : biondi@cartel-securite.fr
Comment : ShellForge is a kit that builds shellcodes from C.
It is inspired from Stealth's Hellkit. This enables to
create very complex shellcodes (see example which scans ports).
C header files are included that provide macros to substitute
libc calls with direct system calls and an Python script
automates compilation, extraction, encoding and tests.
----[ 3 - objobf : burneye2 IA32 object file obfuscator
URL : http://www.team-teso.net/projects/objobf/
Author : teso@team-teso.net
Comment : Objobf is part of the burneye2 binary security suite. It is an ELF
relocatable object file obfuscation program. While still a beta
release it works well on smaller object files and can significantly
increase the time for manual decompilation. Within the downloadable
tarball there are some examples. Besides obfuscation it does limited
code and dataflow analysis and displays them in high quality graphs,
using the free xvcg or the propietary aiSee graphing tools.
Full sourcecode of the objobf tool is available at the above URL.
----[ 4 - ELFsh 0.51b2 portable : ELF objects manipulation scripting language
URL : http://elfsh.devhell.org
http://elfsh.segfault.net (mirror)
Author : elfsh@devhell.org
Comments : ELFsh is an interactive and scriptable ELF machine to play with
executable files, shared libraries and relocatable ELF32
objects. It is useful for daily binary manipulations such as
on-the-fly patching, embedded code injection, and binary
analysis in research fields such as reverse engineering,
security auditing and intrusion detection. ELFsh is based on
libelfsh, so that the API is really useable in opensource
projects. This version works on 2 architectures (INTEL, SPARC)
and 4 OS (Linux, FreeBSD, NetBSD, Solaris).
----[ 5 - Packit : Network injection, capture and auditing tool
URL : http://packit.sf.net
Author : Darren Bounds <dbounds@intrusense.com>
Comments : Packit (Packet toolkit) is a network auditing tool. Its value is
derived from its ability to customize, inject, monitor, and
manipulate IP traffic. By allowing you to define (spoof) nearly
all TCP, UDP, ICMP, IP, ARP, RARP, and Ethernet header options,
Packit can be useful in testing firewalls, intrusion
detection/prevention systems, port scanning, simulating network
traffic, and general TCP/IP auditing. Packit is also an
excellent tool for learning TCP/IP. It has been successfully
compiled and tested to run on FreeBSD, NetBSD, OpenBSD, MacOS X
and Linux.
|=[ EOF ]=---------------------------------------------------------------=|