Penetration Testing mailing list archives
Re: RV: Monitor program execution
From: Andres Riancho <andres.riancho () gmail com>
Date: Thu, 01 Dec 2005 10:42:15 -0300
ijl20042004 () yahoo es wrote:
Hi all. I'm making a pentration test, and there is a program with full access to the instalation. I would like to know if exist another program to control and monitor any kind of execution of a program with access to full instalation: - What files execute de file monitorized - What files read - What files create - What files modify - What communications generate (output): ftp, telnet, http, https, etc. with its output directions - What communications receive (input): ftp, telnet, http, https, etc. with its input directions - Memory usage - etc. Any information will be grateful. Thanks in advance. ______________________________________________ Renovamos el Correo Yahoo! Nuevos servicios, más seguridad http://correo.yahoo.es ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
You could use strace: http://www.liacs.nl/~wichert/strace/ <http://www.liacs.nl/%7Ewichert/strace/> For the network part of your investigation you could use tcpdump. The difficult part would be to separate the packets that where generated by the process being investigated and other programs, but maybe you could use something like proxychains. With proxychains you could run the program and redirect all outgoing connections to a proxy server you control for further analysis. -- Andres Riancho www.securearg.net <http://www.securearg.net/> /Secure from the source/
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- RV: Monitor program execution ijl20042004 (Dec 01)
- Re: Monitor program execution David Eduardo Acosta Rodríguez (Dec 01)
- Re: Monitor program execution Cody Tubbs (Dec 01)
- Re: RV: Monitor program execution Joachim Schipper (Dec 01)
- Re: RV: Monitor program execution Andres Riancho (Dec 03)
- <Possible follow-ups>
- RV: Monitor program execution ijl20042004 (Dec 02)
- Re: Monitor program execution David Eduardo Acosta Rodríguez (Dec 01)