오늘도 하나 건짐 ㅋ

http://pypi.python.org/pypi/setuptools

파이썬으로 모듈 쉽게 설치해주는 툴!~!~!~!~!

ex) python-magic

vSphere Client 4.1 이상 버젼에서 Clipboard 사용하기

출처
http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&externalId=1026437


1. 원하는 Virtual Machine (전원 끈 상태)선택해서 우측마우스 버튼 -> 설정 편집
2. 네비게이션(Tab)바에서 옵션 선택
3. 고급(Advanced) -> 일반(General) -> 구성 매개 변수... 클릭
4. 행추가
isolation.tools.copy.disable – false
isolation.tools.paste.disable – false

시작하면 클립보드 내용이 복사됨.
파일은 복사가 안되네요.

http://www.secureworks.com/assets/24669/truman-0.1.tar.gz <-설치URL
http://pen-test.jpn.org/honey:truman CentOS Truman 설치 잘 나온거
http://blog.naver.com/nforce7050?Redirect=Log&logNo=140141157931 CentOS 커널설치

http://www.linuxquestions.org/questions/linux-server-73/centos-5-pxe-install-server-w-kickstart-issues-721241/
http://www.jopenbusiness.com/tc/oss/entry/CentOS-%EB%84%A4%ED%8A%B8%EC%9B%8C%ED%81%AC-%EC%84%A4%EC%A0%95
http://www.linuxreaders.com/2010/06/15/pxe-boot-server-on-centos/
 http://blog.blueweb.co.kr/140
http://nsmwiki.org/Truman_Installation_Notes#Truman_Server truman 설치 방법 제일 잘 나온거
http://www.techienote.com/2010/06/pxe-boot-server-on-centos.html

### CentOS Truman 설치>>>>>>>>>> CentOS 5.4 이상 버젼 부터는 kernel이 탑재되었음. dkms와 dkms-fuse가 필요하지 않음.
 문제는 fuse와 fuse-ntfs-3g를 설치해야는데 fuse-ntfs-3g가 no pakages
 CentOS 사이트에서 다시 rpmporge설정을 해야 함.
 
 ngrep 설치
 >wget http://packages.sw.be/ngrep/ngrep-1.45-1.el6.rf.i686.rpm
 >rpm -ivh ngrep-1.45-1.el6.rf.i686.rpm

### Ubuntu Truman 설치>>>>>>>>>> 우분투 LTS(10.04)도 커널 마운트는 기본으로 설치됨
 설치하면 최초 루트 권한을 가져와야한다. sudo passwd root
 이후 apt-get update로 패키지 update
 apt-get install xinetd tftpd-hpa dhcp3-server
  ####여기서 netkit-inetd가 없다. 그래서 apt-get install openbsd-inetd로 설치
  하나하나 다시 설치!!### - x
 netstat -uap로 tftp 확인
 vim 설치, apt-get install vim
 vim /etc/inetd.conf
  [...]
  #:BOOT: Tftp service is provided primarily for booting.  Most sites
  # run this only on machines acting as "boot servers."
  tftp           dgram   udp     wait    root  /usr/sbin/in.tftpd /usr/sbin/in.tftpd -s /var/lib/tftpboot
  [...]

 여기서 잠깐! xinetd와 inetd는 같이 설치될 수 없다. 따라서 밑에 것은 주석 처리.
 ##########>sudo /etc/init.d/openbsd-inetd restart 
  
 >cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf_orig
 >cat /dev/null > /etc/dhcp3/dhcpd.conf
 >vim /etc/dhcp3/dhcpd.conf (수정...http://nsmwiki.org/Truman_Installation_Notes 요거로)
  -> vim /etc/default/dhcp3-server
   -> INTERFACES="eth1"
 >sudo sysctl -w net.ipv4.ip_forward=1 (이건 나중에..)
 >/etc/init.d/dhcp3-server restart (/etc/init.d/dhcpd start는 안됌, 무슨 차이인지 모르겠음)
 #우분투 인터페이스 설정방법
 >sudo vim /etc/network/interfaces
  auto eth1
  iface eth1 inet static
  netmask 255.0.0.0
 >ifup eth1
 >sudo /etc/init.d/networking restart
 >apt-get install apache2
  /etc/init.d/apache2 restart
 >apt-get install wireshark
 >apt-get install ngrep
 >apt-get install bootp(검증x)
 >vim /bin/ddquiet
  #!/bin/bash
  /bin/dd $* 2>/dev/null
 >트루만 설치
  >wget http://www.secureworks.com/assets/24669/truman-0.1.tar.gz
  >tar xvzf truman - 0.1.tar.gz
 >clinet MAC 00 0C-29-1D-C7-5D
 >각종 설정 파일을 수정
 # cp /usr/lib/cgi-bin/index.html /usr/lib/cgi-bin/truman.cgi/var/www/cgi-bin/
 # chown -R apache:apache /var/www/cgi-bin/
 # chown apache:apache /tftpboot/pxelinux.cfg/*
 # chmod 777 /forensics/queue /forensics/exes

http://apache.mirror.cdnetworks.com//httpd/httpd-2.2.21.tar.gz
-----------------
https://help.ubuntu.com/community/PXEInstallServer -> 개념
http://poohyhoh.blogspot.com/2011/01/1010-tftp.html -> 국내
http://rookiecj.tistory.com/256 -> 국내, 요것도 개념 TFTP Server설정하는 방법
http://www.howtoforge.com/ubuntu_pxe_install_server
http://blog.dinux.kr/?p=94
.
http://webcache.googleusercontent.com/search?q=cache:JtEkO5K-AmAJ:wizardbible.org/30/30.txt+bin/ddquiet&cd=4&hl=ko&ct=clnk&gl=kr

-------------------------------------------------------------

.....안돼는 원인을 안거 같다.

Truman은 오래전에 만들어진 것이고, IDE hard disk 상에서 돌아간다.
지금은 SCSI를 사용하고 그것은 커널상의 문제가 있기 때문이다.
따라서 예전 커널을 사용하는 Linux를 사용하면 IDE hard를 hda로 포멧이 가능해서
dd 명령을 구현가능하다.

결론은 정말 포기..

아오!!!

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

14C machine (i386)

9 number of sections

4802539D time date stamp Mon Apr 14 03:40:29 2008

0 file pointer to symbol table

0 number of symbols

E0 size of optional header

10E characteristics

Executable

Line numbers stripped

Symbols stripped

32 bit word machine

OPTIONAL HEADER VALUES

10B magic #

7.10 linker version

14B80 size of code

2A00 size of initialized data

0 size of uninitialized data

159F7 address of entry point

380 base of code

----- new -----

80766000 image base

80 section alignment

80 file alignment

1 subsystem (Native)

5.01 operating system version

5.01 image version

5.01 subsystem version

17900 size of image

380 size of headers

1CD25 checksum

00040000 size of stack reserve

00001000 size of stack commit

00100000 size of heap reserve

00001000 size of heap commit

0 DLL characteristics

0 [ 0] address [size] of Export Directory

15A40 [ 50] address [size] of Import Directory

16780 [ 3E0] address [size] of Resource Directory

0 [ 0] address [size] of Exception Directory

0 [ 0] address [size] of Security Directory

16B80 [ C24] address [size] of Base Relocation Directory

B680 [ 1C] address [size] of Debug Directory

0 [ 0] address [size] of Description Directory

0 [ 0] address [size] of Special Directory

0 [ 0] address [size] of Thread Storage Directory

BE68 [ 40] address [size] of Load Configuration Directory

0 [ 0] address [size] of Bound Import Directory

B480 [ 1F4] address [size] of Import Address Table Directory

0 [ 0] address [size] of Delay Import Directory

0 [ 0] address [size] of COR20 Header Directory

0 [ 0] address [size] of Reserved Directory

SECTION HEADER #1

.text name

97BA virtual size

380 virtual address

9800 size of raw data

380 file pointer to raw data

0 file pointer to relocation table

0 file pointer to line numbers

0 number of relocations

0 number of line numbers

68000020 flags

Code

Not Paged

(no align specified)

Execute Read

.....

1. Prepare kernel debug using Windbg tool
2. menu - Debug - Event Filters.. -> Set the Load Module to 'enabled - not handle'
3. excute app
4. kd> kb -> check 4rd address from 'nt!DbgLoadImageSysbols 0x42' (It is 'ImageBase')
5. kd> !dh '4rd address('ImageBase')' -> check address of entry point
6. kd> u 'ImageBase' + 'entry point' -> bp 'DeviceControl address'

DeviceControl(MajorFunction[14]) 주소에 bp를 걸고 유저가 호출하는 코드를 따라간다.