Advertisement
unixfreaxjp

#remnux #Tips #Tools Upgrading VOLATILITY to latest version

Apr 28th, 2012
209
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Linux remnux 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:50:42 UTC 2011 i686 i686 i386 GNU/Linux
  2. Sat Apr 28 16:02:28 JST 2012
  3.  
  4. # This is my private note for upgrading Remnux3.0's Volatile.
  5. # The curent installed volatile package was the ubuntu package.
  6. # If you want to try the latest version of volatile, you should
  7. # remove ubuntu package of volatile & install latest one using svn
  8. # I upgraded my colatility on the shinkansen train on the way home
  9. # and working well so I pasted the history commands here.
  10. #
  11. # Be free to take a look for your reference too, hope will
  12. # be helpful. - unixfreaxjp -
  13.  
  14. # You should upgrade manually the pycrypto, distorm3 &
  15. # yara (if necessary)using the last version
  16. # of course you need to use the latest version of python.
  17.  
  18. ////pycrypto:
  19. apt-get install subversion pcregrep libpcre++-dev python-dev -y
  20. wget http://gitweb.pycrypto.org/\?p=crypto/pycrypto-2.0.x.git\;a=snapshot\;h=9e9641d0a9b88f09683b5f26d3b99c4a2e148da5\;sf=tgz -O pycrypto.tgz
  21. tar -xzvf pycrypto.tgz
  22. cd pycrypto-2.0.x-xxxx/
  23. python setup.py build
  24. python setup.py build install
  25.  
  26. ////distorm3
  27. wget http://distorm.googlecode.com/files/distorm3-1.0.zip
  28. unzip distorm3-1.0.zip
  29. cd distorm3-1.0/
  30. python setup.py build
  31. python setup.py build install
  32.  
  33. ////Yara 1.4 and Yara-Python 1.4a (ps: the ubuntu package of Yara is Newer/1.6)
  34. //// just incase I wrote the steps w/commented
  35. # wget http://yara-project.googlecode.com/files/yara-python-1.4a.tar.gz
  36. # tar -xvzf yara-python-1.4a.tar.gz
  37. # cd yara-python-1.4a
  38. # python setup.py build
  39. # python setup.py build install
  40.  
  41. ////UPGRADING VOLATILITY to Volatility Framework 2.1_alpha
  42.  
  43. //go to your work directory...
  44. apt-get purge volatility
  45. svn checkout http://volatility.googlecode.com/svn/trunk Volatility
  46. //check latest..
  47. cd Volatility
  48. python ./setup.py --version
  49. //cont' w/malware plugin
  50. cd Volatility/volatility/plugins
  51. wget http://malwarecookbook.googlecode.com/svn/trunk/malware.py
  52. cd ../../
  53. python ./setup.py build
  54. python ./setup.py install
  55.  
  56. //check...
  57. ls -alkF `which vol` // the command line
  58. vol -h // <--check to make sure the latest downloaded malware plugin list is in there
  59. Volatile Systems Volatility Framework 2.1_alpha //<-- here's the latest ver
  60.  
  61. // the previously installed volatile symlink should stay in the system
  62. // so you can execute volatility w/ vol or volatility command as usual.
  63. // End of note, hope this will useful to you all!
  64. ------
  65. ZeroDay Japan http://0day.jp
  66. OPERATION CLEANUP JAPAN | #OCJP
  67. Analyst: Hendrik ADRIAN アドリアン・ヘンドリック
  68. Malware Researcher VT/ twitter/google: @unixfreaxjp
  69. sponsored by: 株式会社ケイエルジェイテック http://www.kljtech.com
Advertisement
RAW Paste Data Copied
Advertisement