Device_RawTCP

Memory Acquisition Method: iLO / Raw TCP (Hardware)

The LeechCore library supports reading memory using a compromised server iLO interface via a Raw TCP proxy.

Facts in short:

Is supported on all supported platforms.
Acquires memory in read/write mode.
Acquired memory is assumed to be volatile.
Have additional requirements.

Connection string:

LeechCore API:

Please specify the acquisition device type, the remote IP and optionally the remote port LC_CONFIG.szDevice when calling LcCreate. Examples: RawTCP://<remote-host> RawTCP://<remote-host>:<remote-port>

PCILeech / MemProcFS:

Please specify the device type in the -device option.

Examples:

-device RawTCP://192.168.1.2

-device RawTCP://192.168.1.2:6666

Requirements:

Requires a compromised iLO as described in the blog entry by Synacktiv.

Requires the external plugin leechcore_device_rawtcp from the LeechCore-plugins project. Place leechcore_device_rawtcp.[so|dll] alongside leechcore.[so|dll]. This plugin is pre-packaged together with the binary release distribution of LeechCore.

Overview

Home

API

Acquisition Methods

FILE
REMOTE
EXISTING
HW: USB3380
HW: FPGA
- DMA not working
- DMA on AMD/
  Thunderbolt
HW: FPGA/RawUDP
HW: iLO/RawTCP
Hyper-V Saved State
TotalMeltdown
DumpIt
LiveKd
LiveCloudKd
QEMU
VMWare
WinPMEM

LeechAgent

Overview
Installing

Development

Building

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Device_RawTCP

Memory Acquisition Method: iLO / Raw TCP (Hardware)

Connection string:

Requirements:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Overview

API

Acquisition Methods

LeechAgent

Development

Clone this wiki locally