Skip to content

Running v2

Jump to bottom
Daryl Bennett edited this page Jan 6, 2019 · 4 revisions

Lets show some basic outputs and what to expect when running the application

What to expect

An output directory will be created with the address, date, and time in LiMEaide/output/< dir >.

  • A memory image with specified name default:dump.lime in the output directory.
  • A text file containing the hash of the memory image default:dump.lime.sha1 in the output directory.
  • A Volatility profile <kernel version>.zip will be transferred to volatility unless opted out.
  • A copy of the profile will be located in LiMEaide/profiles/
  • A LiME kernel object <kernel version.ko will be located in LiMEaide/profiles/ for reuse

Example output

In the following example we connect to a remote client with the user account. user only has sudo privileges.

kd8bny@dunkelweizen > python3 limeaide.py -u kd8bny 192.168.1.17
 .---.                                                     _______
  |   |.--. __  __   ___         __.....__              .--.\  ___ `'.         __.....__
  |   ||__||  |/  `.'   `.   .-''         '.            |__| ' |--.\  \    .-''         '.
  |   |.--.|   .-.  .-.   ' /     .-''"'-.  `.          .--. | |    \  '  /     .-''"'-.  `.
  |   ||  ||  |  |  |  |  |/     /________\   \    __   |  | | |     |  '/     /________\   |
  |   ||  ||  |  |  |  |  ||                  | .:--.'. |  | | |     |  ||                  |
  |   ||  ||  |  |  |  |  |\    .-------------'/ |   \ ||  | | |     ' .'\    .-------------'
  |   ||  ||  |  |  |  |  | \    '-.____...---.`" __ | ||  | | |___.' /'  \    '-.____...---.
  |   ||__||__|  |__|  |__|  `.             .'  .'.''| ||__|/_______.'/    `.             .'
  '---'                        `''-...... -'   / /   | |_   \_______|/       `''-...... -'
                                               \ \._,\ '/
                                                `--'  `"
             by kd8bny 2.0.0 Beta 1

LiMEaide is licensed under GPL-3.0
LiME is licensed under GPL-2.0

> Cleaning profile manifest
> Establishing secure connection [email protected]
Password: 
Would you like to select a pre-generated profile [y/N] 
> Sending LiME src to remote client
> Building loadable kernel module
> Detected debian 4.9.0-8-amd64 x86_64
> Installing LiME and retrieving RAM
>> path=./.limeaide_working/dump.lime
>> format=lime
>> digest=sha1
> Changing permissions
> Beam me up Scotty
Transfer of dump.lime is at 156889152/156889152 bytes (100%)

Transfer of dump.lime.sha1 is at 40/40 bytes (100%)

Transfer of lime-debian-4.9.0-8-amd64-x86_64.ko is at 23336/23336 bytes (100%)

> Computing message digest of image
> Digest complete sha1 fc2c00770b1f0a70f059e4dc87b6c5f1b50e1f87
> Memory extraction is complete
dump.lime is in ./output/192.168.1.17_2019_01_05T22_13_46/
> Attempting to grab files for volatility profile
> Obtaining system.map
Transfer of System.map-4.9.0-8-amd64 is at 3193875/3193875 bytes (100%)

> Obtaining symbols
  adding: 4.9.0-8-amd64.dwarf (stored 0%)
  adding: System.map-4.9.0-8-amd64 (deflated 79%)
Profile generation complete run 'vol.py --info | grep Linux' to see your profile
> Cleaning up...
> Removing LKM...standby

Table of Contents

About

Installing

Version 1.x

Options

Running

Host Specifics

Using in Volatility

The Config File

Version 2.x

About

Options V2

Running V2

The Config File V2

More Info

Compiling External Modules

FAQ

Clone this wiki locally