Re: RV: Monitor program execution

From: Andres Riancho (andres.riancho@gmail.com)
Date: Thu Dec 01 2005 - 08:42:15 EST

• Next message: Miguel Dilaj: "RE: policy-based password cracker"
• Previous message: Colon, Roger: "SQL Server Password Cracker/Guesser"
• In reply to: ijl20042004@yahoo.es: "RV: Monitor program execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

ijl20042004@yahoo.es wrote:

> Hi all.
>
> I'm making a pentration test, and there is a program with full access to
>the instalation.
> I would like to know if exist another program to control and monitor any
>kind of execution of a program with access to full instalation:
> - What files execute de file monitorized
> - What files read
> - What files create
> - What files modify
> - What communications generate (output): ftp, telnet, http, https,
>etc. with its output directions
> - What communications receive (input): ftp, telnet, http, https,
>etc. with its input directions
> - Memory usage
> - etc.
>
> Any information will be grateful.
> Thanks in advance.
>
>
>
>
>
>
>______________________________________________
>Renovamos el Correo Yahoo!
>Nuevos servicios, más seguridad
>http://correo.yahoo.es
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>

You could use strace:
    http://www.liacs.nl/~wichert/strace/
<http://www.liacs.nl/%7Ewichert/strace/>

For the network part of your investigation you could use tcpdump. The
difficult part would be to separate the packets that where generated by
the process being investigated and other programs, but maybe you could
use something like proxychains. With proxychains you could run the
program and redirect all outgoing connections to a proxy server you
control for further analysis.

--
          Andres Riancho
      www.securearg.net <http://www.securearg.net/>
   /Secure from the source/

• application/pgp-signature attachment: OpenPGP digital signature

• Next message: Miguel Dilaj: "RE: policy-based password cracker"
• Previous message: Colon, Roger: "SQL Server Password Cracker/Guesser"
• In reply to: ijl20042004@yahoo.es: "RV: Monitor program execution"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:13 EDT