Quantcast
Channel: Astr0baby's not so random thoughts _____ rand() % 100;
Viewing all articles
Browse latest Browse all 183

Looting LiveCDs for fun and profit

July 24, 2013, 11:15 am
$
0
0

loot

Recently I ran into a need to run a good native Antivirus software on one of my linux boxes (Debian amd64). There are many available options, but I have always liked F-Secure and its products for some reason. F-Secure offers a Knoppix based RescueCD downloadable from here: download.f-secure.com/estore/rescue-cd-3.16-52606.iso which contains all the linux binaries to run local scans against winpe and elf binaries.

To extract the goodies from the CD first boot it with VirtualBox, rescue01

Once booted, you need to switch to second console via Alt+F2rescue02Next we will create a tarball with all the needed files from the LiveCD

rescue03

Command is following:

tar -cvf fsecure.tar /etc/opt/f-secure/ /var/opt/f-secure/ /opt/f-secure/ /etc/init.d/fsaua /etc/init.d/fsupdate

Once we have the tarball, we scp it to our host like so: rescue04

TT is a temporary subfolder created for this purpose in user home directory, 10.0.2.2 is an IP address of the host running VirtualBox.

scp fsecure.tar user@10.0.2.2:~/TT

Now we can switch off the Virtual machine, we don’t need it anymore.  Now we can install extract the fsecure.tar from root directory in our host:

# mv /home/user/TT/fsecure.tar /
# cd /
# tar -xvf fsecure.tar

The tarball creates the following directories and fills them with f-secure files:

.:
total 12
drwxr-xr-x 4 user user 4096 Jul 24 19:25 etc
drwxr-xr-x 3 user user 4096 Jul 24 19:25 opt
drwxr-xr-x 3 user user 4096 Jul 24 19:25 var

./etc:
total 8
drwxr-xr-x 2 user user 4096 Jul 24 19:25 init.d
drwxr-xr-x 3 user user 4096 Jul 24 19:25 opt

./etc/init.d:
total 12
-rwxr-xr-x 1 user user 2635 Jun 26 2012 fsaua
-rwxr-xr-x 1 user user 4127 Jun 26 2012 fsupdate

./etc/opt:
total 4
drwxr-xr-x 6 user user 4096 Jun 26 2012 f-secure

./etc/opt/f-secure:
total 16
drwxr-xr-x 2 user user 4096 Jun 26 2012 fsaua
drwxr-xr-x 3 user user 4096 Jun 26 2012 fsma
drwxr-xr-x 2 user user 4096 Jun 26 2012 fssp
drwxr-xr-x 2 user user 4096 Jun 26 2012 product_versions

./etc/opt/f-secure/fsaua:
total 4
-rw-r--r-- 1 user user 3434 Jun 26 2012 fsaua_config

./etc/opt/f-secure/fsma:
total 4
drwxr-xr-x 2 user user 4096 Jun 26 2012 policy

./etc/opt/f-secure/fsma/policy:
total 116
-rw-r--r-- 1 user user 10151 Jun 26 2012 fsav_linux_sp.dpf
-rw-r--r-- 1 user user 5179 Jun 26 2012 fsav_linux_sp.msg
-rw-r--r-- 1 user user 97623 Jun 26 2012 fsav_linux_sp.txt

./etc/opt/f-secure/fssp:
total 20
-rw-r--r-- 1 user user 13001 Jun 26 2012 fssp.conf
-rw-r--r-- 1 user user 11 Jun 26 2012 fssp_updateseries

./etc/opt/f-secure/product_versions:
total 4
-rw-r--r-- 1 user user 52 Jun 26 2012 1.3.6.1.4.1.2213.48

./opt:
total 4
drwxr-xr-x 5 user user 4096 Jun 26 2012 f-secure

./opt/f-secure:
total 116
drwxr-xr-x 2 user user 4096 Jun 26 2012 doc
-rw-r--r-- 1 user user 32386 Jun 26 2012 eula_0806.txt
drwxr-xr-x 5 user user 4096 Jun 26 2012 fsaua
-rwxr-xr-x 1 user user 31735 Jun 26 2012 fsscan_partitions.sh
drwxr-xr-x 10 user user 4096 Jun 26 2012 fssp
-rw-r--r-- 1 user user 2370 Jun 26 2012 linuxteam.gpg
-rwxr-xr-x 1 user user 4175 Jun 26 2012 repair_script.sh
-rwxr-xr-x 1 user user 9120 Jun 26 2012 terminal_cmap
-rw-r--r-- 1 user user 6586 Jun 26 2012 terminal_cmap.c
-rwxr-xr-x 1 user user 6558 Jun 26 2012 transmogrify_cd_into_stick.sh

./opt/f-secure/doc:
total 4
-rw-r--r-- 1 user user 1652 Jun 26 2012 manual.html

./opt/f-secure/fsaua:
total 40
drwxr-xr-x 2 user user 4096 Jun 26 2012 bin
drwxr-xr-x 2 user user 4096 Jun 21 2012 etc
-rw-r--r-- 1 user user 3433 Jun 21 2012 fsaua_config.template
-rw-r--r-- 1 user user 23312 Jun 21 2012 fsbw.dpf
drwxr-xr-x 2 user user 4096 Jun 26 2012 libexec

./opt/f-secure/fsaua/bin:
total 804
-rwxr-xr-x 1 user user 429524 Jun 21 2012 fsaua
-rwxr-xr-x 1 user user 19396 Jun 21 2012 fsaua-config
-rwxr-x--- 1 user user 9236 Jun 21 2012 fsaua-ctrl
-rwxr-xr-x 1 user user 81248 Jun 21 2012 fsauaprogress
-rwxr-xr-x 1 user user 188824 Jun 21 2012 fsauasc
-rwxr-xr-x 1 user user 84320 Jun 21 2012 fsauatool

./opt/f-secure/fsaua/etc:
total 0

./opt/f-secure/fsaua/libexec:
total 20
-rw-r--r-- 1 user user 6986 Jun 21 2012 fsaua-functions
-rwxr-xr-x 1 user user 2635 Jun 21 2012 fsaua_startup-debian-ubuntu
-rw-r--r-- 1 user user 468 Jun 21 2012 fsaua_startup-gentoo
-rwxr-xr-x 1 user user 2441 Jun 21 2012 fsaua_startup-redhat-suse

./opt/f-secure/fssp:
total 36
drwxr-xr-x 2 user user 4096 Jun 26 2012 bin
drwxr-xr-x 2 user user 4096 Jun 26 2012 databases
drwxr-xr-x 2 user user 4096 Jun 26 2012 etc
-rw-r--r-- 1 user user 2116 Jun 26 2012 install.log
drwxr-xr-x 3 user user 4096 Jun 26 2012 lib
drwxr-xr-x 2 user user 4096 Jun 26 2012 libexec
drwxr-xr-x 2 user user 4096 Jun 26 2012 man
drwxr-xr-x 2 user user 4096 Jun 26 2012 modules
drwxr-xr-x 2 user user 4096 Jun 26 2012 sbin

./opt/f-secure/fssp/bin:
total 208
-rwxr-xr-x 1 user user 5060 Jun 26 2012 clstate_generator
-rwxr-xr-x 1 user user 416 Jun 26 2012 clstate_update
-rwxr-xr-x 1 user user 3724 Jun 26 2012 clstate_updated.rc
-rwxr-xr-x 1 user user 23911 Jun 26 2012 dbupdate
-rwxr-xr-x 1 user user 7133 Jun 26 2012 dbupdate_lite
-rwxr-xr-x 1 user user 142560 Jun 26 2012 fsav
-rwxr-xr-x 1 user user 11155 Jun 26 2012 fsdiag
-rwxr-xr-x 1 user user 4724 Jun 26 2012 licensetool

./opt/f-secure/fssp/databases:
total 0

./opt/f-secure/fssp/etc:
total 12
-rwxr-xr-x 1 user user 2713 Jun 26 2012 fsavd
-rwxr-xr-x 1 user user 4127 May 28 2012 fsupdate

./opt/f-secure/fssp/lib:
total 4016
-rw-r--r-- 1 user user 2475 Jun 26 2012 fsavdsimple.pm
-rwxr-xr-x 1 user user 91173 Jun 26 2012 fsavdsimple.so
-rw-r--r-- 1 user user 32196 Jun 26 2012 fssp-common
-rwxr-xr-x 1 user user 244324 Jun 26 2012 libdaas2.so
-rwxr-xr-x 1 user user 123748 Jun 26 2012 libdaas2tool.so
-rwxr-xr-x 1 user user 1705956 Jun 26 2012 libfm.so
-rwxr-xr-x 1 user user 74872 Jun 26 2012 libfsavd.so
lrwxrwxrwx 1 user user 17 Jul 24 19:25 libfsavd.so.4 -> libfsavd.so.4.0.0
-rwxr-xr-x 1 user user 66648 Jun 26 2012 libfsavd.so.4.0.0
lrwxrwxrwx 1 user user 17 Jul 24 19:25 libfsavd.so.5 -> libfsavd.so.5.0.0
-rwxr-xr-x 1 user user 70744 Jun 26 2012 libfsavd.so.5.0.0
lrwxrwxrwx 1 user user 17 Jul 24 19:25 libfsavd.so.6 -> libfsavd.so.6.0.0
-rwxr-xr-x 1 user user 192806 Jun 26 2012 libfsavd.so.6.0.0
lrwxrwxrwx 1 user user 13 Jul 24 19:25 libfsclm.so -> libfsclm.so.2
lrwxrwxrwx 1 user user 18 Jul 24 19:25 libfsclm.so.2 -> libfsclm.so.2.2312
-rwxr-xr-x 1 user user 309724 Jun 26 2012 libfsclm.so.2.2312
lrwxrwxrwx 1 user user 20 Jul 24 19:25 libfsmgmt.2.so -> libmgmtfile.2.0.0.so
-rwxr-xr-x 1 user user 27272 Jun 26 2012 libfssysutil.so
-rwxr-xr-x 1 user user 27272 Jun 26 2012 libfssysutil.so.0
-rwxr-xr-x 1 user user 40108 Jun 26 2012 libgcc_s-3.4.6-20060404.so.1
lrwxrwxrwx 1 user user 28 Jul 24 19:25 libgcc_s.so.1 -> libgcc_s-3.4.6-20060404.so.1
-rw-r--r-- 1 user user 44308 Jun 26 2012 libkeycheck.so
-rwxr-xr-x 1 user user 55936 Jun 26 2012 libmgmtfile.2.0.0.so
-rwxr-xr-x 1 user user 56420 Jun 26 2012 libmgmtfsma.2.0.0.so
lrwxrwxrwx 1 user user 18 Jul 24 19:25 libstdc++.so.6 -> libstdc++.so.6.0.3
-rwxr-xr-x 1 user user 806176 Jun 26 2012 libstdc++.so.6.0.3
-rwxr-xr-x 1 user user 94660 Jun 26 2012 libsubstatus.1.0.0.so
lrwxrwxrwx 1 user user 21 Jul 24 19:25 libsubstatus.1.so -> libsubstatus.1.0.0.so
lrwxrwxrwx 1 user user 17 Jul 24 19:25 libsubstatus.so -> libsubstatus.1.so
-rw-r--r-- 1 user user 2696 Jun 26 2012 safe_rm
drwxr-xr-x 2 user user 4096 Jun 26 2012 x86_64

./opt/f-secure/fssp/lib/x86_64:
total 240
lrwxrwxrwx 1 user user 13 Jul 24 19:25 libfsavd.so -> libfsavd.so.6
lrwxrwxrwx 1 user user 17 Jul 24 19:25 libfsavd.so.6 -> libfsavd.so.6.0.0
-rwxr-xr-x 1 user user 243306 Jun 26 2012 libfsavd.so.6.0.0

./opt/f-secure/fssp/libexec:
total 2876
-rwxr-xr-x 1 user user 11176 Jun 26 2012 daas2verify
-rwxr-xr-x 1 user user 69316 Jun 26 2012 dbtool
-rwxr-xr-x 1 user user 3346 Jun 26 2012 fslmalerter
-rwxr-xr-x 1 user user 2723981 Jun 26 2012 fsupdated
-rwxr-xr-x 1 user user 4127 May 28 2012 fsupdated.rc
-rwxr-xr-x 1 user user 63108 Jun 26 2012 license-check
-rwxr-xr-x 1 user user 56796 Jun 26 2012 mgmtpipe

./opt/f-secure/fssp/man:
total 72
-rw-r--r-- 1 user user 3690 Jun 26 2012 dbupdate.8
-rw-r--r-- 1 user user 38643 Jun 26 2012 fsav.1
-rw-r--r-- 1 user user 21307 Jun 26 2012 fsavd.8
-rw-r--r-- 1 user user 0 Jun 26 2012 manpage.links
-rw-r--r-- 1 user user 27 Jun 26 2012 manpage.refs

./opt/f-secure/fssp/modules:
total 4
-rw-r--r-- 1 user user 334 Jun 26 2012 fslmalerter.config

./opt/f-secure/fssp/sbin:
total 496
-rwxr-xr-x 1 user user 327116 Jun 26 2012 fsavd
-rwxr-xr-x 1 user user 1331 Jun 26 2012 fssp-config
-rwxr-xr-x 1 user user 167456 Jun 26 2012 monitor
-rwxr-xr-x 1 user user 779 Jun 26 2012 uninstall-fssp
-rwxr-xr-x 1 user user 1540 Jun 26 2012 validate_permissions.sh

./var:
total 4
drwxr-xr-x 3 user user 4096 Jul 24 19:25 opt

./var/opt:
total 4
drwxr-xr-x 4 user user 4096 Jun 26 2012 f-secure

./var/opt/f-secure:
total 8
drwxr-xr-x 5 user user 4096 Jun 26 2012 fsaua
drwxr-xr-x 7 user user 4096 Jun 26 2012 fssp

./var/opt/f-secure/fsaua:
total 16
drwxr-xr-x 5 user user 4096 Jun 26 2012 data
-rw------- 1 user user 0 Jun 26 2012 fsauadbg.log
-rw------- 1 user user 922 Jun 26 2012 fsaua.log
drwxr-xr-x 2 user user 4096 Jun 26 2012 run
drwxr-xr-x 2 user user 4096 Jun 26 2012 tmp

./var/opt/f-secure/fsaua/data:
total 20
-rw------- 1 user user 142 Jun 26 2012 bwstate_fsbwserver.f-secure.com_80
-rw------- 1 user user 142 Jun 26 2012 bwstate_fsbwserver.f-secure.com_80_backup
drwxr-xr-x 2 user user 4096 Jun 26 2012 content
drwxr-xr-x 2 user user 4096 Jun 26 2012 header
drwxr-xr-x 2 user user 4096 Jun 26 2012 subscriptions

./var/opt/f-secure/fsaua/data/content:
total 0

./var/opt/f-secure/fsaua/data/header:
total 0

./var/opt/f-secure/fsaua/data/subscriptions:
total 16
-rw------- 1 user user 207 Jun 26 2012 auatool_aquapacked
-rw------- 1 user user 207 Jun 26 2012 auatool_hydralinux
-rw------- 1 user user 205 Jun 26 2012 auatool_rescuecd
-rw------- 1 user user 171 Jun 26 2012 SBST_fmlibunix

./var/opt/f-secure/fsaua/run:
total 0
-rw-r--r-- 1 user user 0 Jun 26 2012 fsaua_run_lock

./var/opt/f-secure/fsaua/tmp:
total 0

./var/opt/f-secure/fssp:
total 28
-rw-r--r-- 1 user user 58 Jun 26 2012 aua_api.log
drwxr-xr-x 3 user user 4096 Jun 26 2012 auth
drwxr-xr-x 6 user user 4096 Jun 26 2012 databases
-rw-r--r-- 1 user user 465 Jun 26 2012 dbupdate.log
drwxr-xr-x 2 user user 4096 Jun 26 2012 log
drwxr-xr-x 2 user user 4096 Jun 26 2012 run
drwxr-xr-x 2 user user 4096 Jun 26 2012 update

./var/opt/f-secure/fssp/auth:
total 4
drwxr-xr-x 3 user user 4096 Jun 26 2012 global

./var/opt/f-secure/fssp/auth/global:
total 4
drwxr-xr-x 2 user user 4096 Jun 26 2012 acl

./var/opt/f-secure/fssp/auth/global/acl:
total 8
-rw-r--r-- 1 user user 367 Jun 26 2012 fsc_revoke_hq.acl
-rw-r--r-- 1 user user 3055 Jun 26 2012 fsc_root.acl

./var/opt/f-secure/fssp/databases:
total 16
drwxr-xr-x 2 user user 4096 Jun 26 2012 aqualnx32.0
-rw-r--r-- 1 user user 0 Jun 26 2012 db.lock
drwxr-xr-x 2 user user 4096 Jun 26 2012 fmlibunix.0
drwxr-xr-x 2 user user 4096 Jun 26 2012 hydralinux.0
drwxr-xr-x 2 user user 4096 Jun 26 2012 orsplnx32.0

./var/opt/f-secure/fssp/databases/aqualnx32.0:
total 112
-rw-r--r-- 1 user user 111311 May 28 2012 libaqua32.so

./var/opt/f-secure/fssp/databases/fmlibunix.0:
total 1668
-rwxr-xr-x 1 user user 1705956 Jun 26 2012 libfm-lnx32.so

./var/opt/f-secure/fssp/databases/hydralinux.0:
total 14676
-rw-r--r-- 1 user user 703 Jun 26 2012 01@hydra.pub
-rw-r--r-- 1 user user 458 Jun 26 2012 02@hydra.mf
-rw-r--r-- 1 user user 206 Jun 26 2012 02@hydra.ref
-rw-r--r-- 1 user user 1524 Jun 26 2012 BW_datapak.bif
-rw-r--r-- 1 user user 326 Jun 26 2012 BW_datapak.bis
-rw-r--r-- 1 user user 37 Jun 26 2012 bw_name.html
-rw-r--r-- 1 user user 358 Jun 26 2012 enginefiles-fselinux.set
-rw-r--r-- 1 user user 10272526 Jun 26 2012 fsedb.dat
-rw-r--r-- 1 user user 199 Jun 26 2012 fselinux.cr
-rw-r--r-- 1 user user 202 Jun 26 2012 FS@hydra.ini
-rw-r--r-- 1 user user 225 Jun 26 2012 hydralinux-update.ini
-rw-r--r-- 1 user user 10354 Jun 26 2012 hydralinux-update.mf
-rw-r--r-- 1 user user 22127 Jun 26 2012 info.iad
-rw-r--r-- 1 user user 4673277 Jun 26 2012 libfsecr32-linux.so
-rw-r--r-- 1 user user 2331 Jun 26 2012 licenses-fselinux.txt

./var/opt/f-secure/fssp/databases/orsplnx32.0:
total 140
-rw-r--r-- 1 user user 140513 Mar 29 2012 liborsp32.so

./var/opt/f-secure/fssp/log:
total 4
-rw-r--r-- 1 user user 954 Jun 26 2012 fsupdated.log

./var/opt/f-secure/fssp/run:
total 8
-rw-r--r-- 1 user user 6 Jun 26 2012 fsupdated.pid
-rw-r--r-- 1 user user 6 Jun 26 2012 fsupdated.rc.pid

./var/opt/f-secure/fssp/update:
total 0

We are now ready to run an update like so :install02The command is

#/opt/f-secure/fssp/bin/dbupdate_lite

Finally we can scan files…

install03

You can of-course customize the whole package to your needs, feel free to experiment ;)

“Execute every act of thy life as though it were thy last.” 

Search
Viewing all articles
Browse latest Browse all 183

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search