Xanda's Blog !~!

Fixing pcre++ looping bug in Macports

May
30

I’ve updated my Macports to version 2.1.1 and out of sudden, the following error/warning occur:

Warning: No port pcre++ found in the index; can't rebuild
--->  Found 0 broken port(s), determining rebuild order
--->  Rebuilding in order
--->  Scanning binaries for linking errors: 100.0%
--->  Found 1 broken file(s), matching files to ports
Warning: No port pcre++ found in the index; can't rebuild
--->  Found 0 broken port(s), determining rebuild order
--->  Rebuilding in order
--->  Scanning binaries for linking errors: 100.0%
--->  Found 1 broken file(s), matching files to ports

This is due to the pcre++ is now replaced with pcrexx package. As for the quick solution for this:

sudo port -f deactivate pcre++
sudo port -f activate pcrexx

In my case, the output is as below:

--->  The following versions of pcrexx are currently installed:
--->      pcrexx @0.9.5_1
--->      pcrexx @0.9.5_2
Error: port activate failed: Registry error: Please specify the full version as recorded in the port registry.

Now choose the latest version and activate it

sudo port -f activate pcrexx @0.9.5_2

Installation of Thug (a Python low-interaction honeyclient) on Ubuntu/Debian

May
21

Thug is a Python low-interaction honeyclient aimed at mimicking the behaviour of a web browser in order to detect and emulate malicious contents. [1]

I’m impressed with the artwork of @buffer AKA Angelo in his previous project, phoneyc and started to give a detail look and hacks on the project. While only 1 hack finished on my side, Angelo already release a brand new honeyclient based on Python + V8 JS engine called Thug. What a wonderful idea + talent

Here are some useful information that might help you to build and compile Thug + V8 on Ubuntu/Debian machine:

 

    • Install some dependencies
sudo apt-get install python-setuptools build-essential git-core subversion scons python-chardet python-html5lib libboost-python-dev libboost-dev python-pefile python-httplib2 python-cssutils libboost-thread-dev libc6-dev libreadline-dev libboost-system-dev
sudo easy_install beautifulsoup4
sudo apt-get install python-magic python-pydot
    • Obtain the codes via svn and git
cd ~
git clone https://github.com/buffer/thug.git
cd ~/thug/
svn checkout http://v8.googlecode.com/svn/trunk/ v8
    • Apply the Thug’s patch for V8
cp patches/V8-patch* .
patch -p0 < V8-patch1.diff
patch -p0 < V8-patch2.diff
rm V8-patch*
    • Build and compile python wrapper for V8. This process will compile the V8 engine at the same time
cd /tmp/
svn checkout http://pyv8.googlecode.com/svn/trunk/ pyv8
export V8_HOME=$HOME/thug/v8
cd pyv8 &amp;&amp; python setup.py build
sudo python setup.py install
    • If you came across the following warning, simply ignore it
#######################################################
#  WARNING: Building V8 with SCons is deprecated and  #
#  will not work much longer. Please switch to using  #
#  the GYP-based build now. Instructions are at       #
#  http://code.google.com/p/v8/wiki/BuildingWithGYP.  #
#######################################################
    • Now test your installation
cd ~/thug/src
python thug.py
    • With the previous test, you will get something similar to this:
Synopsis:
    Thug: Pure Python honeyclient implementation
 
    Usage:
        python thug.py [ options ] url
 
    Options:
        -h, --help          	Display this help information
        -o, --output=       	Log to a specified file
        -r, --referer=      	Specify a referer
        -p, --proxy=        	Specify a proxy (see below for format and supported schemes)
        -l, --local         
        -v, --verbose       	Enable verbose mode    
        -d, --debug         	Enable debug mode
        -u, --useragent=    	Select a user agent (see below for values, default: xpie61)
 
    Proxy Format:
        scheme://[username:password@]host:port (supported schemes:  http, socks4, socks5)
 
    Available User-Agents:
	xpie60			Internet Explorer 6.0 (Windows XP)
	xpie61			Internet Explorer 6.1 (Windows XP)
	xpie70			Internet Explorer 7.0 (Windows XP)
	xpie80			Internet Explorer 8.0 (Windows XP)
	w2kie60			Internet Explorer 6.0 (Windows 2000)
	w2kie80			Internet Explorer 8.0 (Windows 2000)

Reference:
[1] https://github.com/buffer/thug

Installation of libemu and pylibemu on Ubuntu/Debian

May
16

libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. It is designed to be used within network intrusion/prevention detections and honeypots. [1]

Here are some useful information that might help you to build and compile libemu on Ubuntu machine:

  • Install some dependencies for the building process
  • sudo apt-get install build-essential git-core autoconf libtool python-dev
  • Obtaining libemu via Git
  • cd /tmp/
    git clone git://git.carnivore.it/libemu.git
  • Configure and install
  • cd /tmp/libemu/
    autoreconf -v -i
    ./configure --enable-python-bindings --prefix=/opt/libemu
    sudo make install
    sudo ldconfig -n /opt/libemu/lib

Now install the pylibemu, the python wrapper for the Libemu library

  • Install some dependencies for the building process
  • sudo apt-get install python-dev python-setuptools
  • Obtaining pylibemu via Git
  • cd /tmp/
    git clone https://github.com/buffer/pylibemu.git
  • Build and install
  • cd /tmp/pylibemu/
    sudo sh -c "echo /opt/libemu/lib > /etc/ld.so.conf.d/pylibemu.conf"
    python setup.py build
    sudo python setup.py install

Yerp.. you are good to go.

Reference:
[1] http://libemu.carnivore.it