-
Notifications
You must be signed in to change notification settings - Fork 45
Running
Daryl Bennett edited this page Sep 23, 2017
·
7 revisions
- An output directory with the date and time in LiMEaide/output/
- A RAM dump with specified name default:dump.bin
- A Volatility profile <kernel version>.zip
In the following example we connect to 192.168.234.130 with the user account. user only has sudo privileges.
kd8bny@dunkelweizen > python3 limeaide.py -u kd8bny 192.168.14.102
.---. _______
| |.--. __ __ ___ __.....__ .--.\ ___ `'. __.....__
| ||__|| |/ `.' `. .-'' '. |__| ' |--.\ \ .-'' '.
| |.--.| .-. .-. ' / .-''"'-. `. .--. | | \ ' / .-''"'-. `.
| || || | | | | |/ /________\ \ __ | | | | | '/ /________\ |
| || || | | | | || | .:--.'. | | | | | || |
| || || | | | | |\ .-------------'/ | \ || | | | ' .'\ .-------------'
| || || | | | | | \ '-.____...---.`" __ | || | | |___.' /' \ '-.____...---.
| ||__||__| |__| |__| `. .' .'.''| ||__|/_______.'/ `. .'
'---' `''-...... -' / / | |_ \_______|/ `''-...... -'
\ \._,\ '/
`--' `
by kd8bny v1.3.2
LiMEaide is licensed under GPL-3.0
LiME is licensed under GPL-2.0
> Establishing secure connection [email protected]
Password:
Would you like to select a pre-generated profile [Y/n]n
> Sending LiME src to remote client
> Building loadable kernel module
> Detected arch-linux 4.12.13-1-ARCH x86_64
> Installing LKM and retrieving RAM
> Changing permissions
> Compressing image to Bzip2...This will take awhile
> Beam me up Scotty
Transfer of 'dump.lime.bz2' is at 12817057013/12817057013 bytes (100%)
Transfer of 'lime-arch-linux-4.12.13-1-ARCH-x86_64.ko' is at 871456/871456 bytes (100%)
> Memory extraction is complete
dump.lime is in ./output/2017_09_23T12_32_33_938869/
> Attempting to grab files for volatility profile
> Obtaining system.map
> Obtaining symbols
adding: System.map-4.12.13-1-ARCH
adding: 4.12.13-1-ARCH.dwarf (deflated 91%)
Profile generation complete run 'vol.py --info | grep Linux' to see your profile
> Cleaning up...
> Removing LKM...standby
> Done
Table of Contents