-
-
Notifications
You must be signed in to change notification settings - Fork 110
Device_RawTCP
The LeechCore library supports reading memory using a compromised server iLO interface via a Raw TCP proxy.
Facts in short:
- Is supported on all supported platforms.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
LeechCore API:
Please specify the acquisition device type, the remote IP and optionally the remote port LC_CONFIG.szDevice when calling LcCreate. Examples:
RawTCP://<remote-host>
RawTCP://<remote-host>:<remote-port>
PCILeech / MemProcFS:
Please specify the device type in the -device option.
Examples:
-device RawTCP://192.168.1.2
-device RawTCP://192.168.1.2:6666
Requires a compromised iLO as described in the blog entry by Synacktiv.
Requires the external plugin leechcore_device_rawtcp from the LeechCore-plugins project. Place leechcore_device_rawtcp.[so|dll] alongside leechcore.[so|dll]. This plugin is pre-packaged together with the binary release distribution of LeechCore.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcF
8000
S with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖