-
-
Notifications
You must be signed in to change notification settings - Fork 92
Device_RawTCP
The LeechCore library supports reading memory using a compromised server iLO interface via a Raw TCP proxy.
Facts in short:
- Is supported on all supported platforms.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
LeechCore API:
Please specify the acquisition device type, the remote IP and optionally the remote port LC_CONFIG.szDevice when calling LcCreate. Examples:
RawTCP://<remote-host>
RawTCP://<remote-host>:<remote-port>
PCILeech / MemProcFS:
Please specify the device type in the -device option.
Examples:
-device RawTCP://192.168.1.2
-device RawTCP://192.168.1.2:6666
Requires a compromised iLO as described in the blog entry by Synacktiv.
Requires the external plugin leechcore_device_rawtcp from the LeechCore-plugins project. Place leechcore_device_rawtcp.[so|dll] alongside leechcore.[so|dll]. This plugin is pre-packaged together with the binary release distribution of LeechCore.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖