Kiran Bandla kbandla

## es_install.sh
sudo apt-get update
sudo apt-get install openjdk-7-jre-headless -y

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.2.0.deb
sudo dpkg -i elasticsearch-1.2.0.deb

/usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head
sudo service elasticsearch start

#browse at http://localhost:9200

## sandworm
MD5 (CCProjectMgrStubEx.dll) = de6c083b7f6bcd404375285eb7ce98ba
MD5 (config.bak) = c931be9cd2c0bd896ebe98c9304fea9e
MD5 (default.txt) = ef618bd99411f11d0aa5b67d1173ccdf
MD5 (devlist.cim) = 59e41a4cdf2a7d37ac343d0293c616b7
MD5 (shell.bcl) = bdc7fafc26bee0e5e75b521a89b2746d
MD5 (slide1.gif) = 8a7c30a7a105bd62ee71214d268865e3
MD5 (slides.inf) = 8313034e9ab391df83f6a4f242ec5f8d
MD5 (view.ph) = 48937e732d0d11e99c68895ac8578374

## pydeep_setup.py
'''
In some cases, OS X 10.9.5 is unable to find fuzzy.h
A temporary solution is to force setup.py to look in library_dirs and include_dirs
'''
from distutils.core import setup, Extension

import os

def get_version():
    with open(os.path.join(os.path.dirname(__file__), 'pydeep.c'),'r') as f:

## dns_11_12_2014
             IP    AS Name
--------------- ----- --------------------
  208.98.12.145 46844 ST-BGP - Sharktech
 120.147.244.41  1221 ASN-TELSTRA Telstra Pty Ltd
  80.47.167.203  9105 TISCALI-UK Tiscali UK
  108.193.6.137  7018 ATT-INTERNET4 - AT&T Services, Inc.
  86.126.42.246  8708 RCS-RDS RCS & RDS SA
  108.61.125.49 20473 AS-CHOOPA - Choopa, LLC
  94.156.27.155 39396 NBIS-AS NBI Systems Ltd.
   76.218.76.61  7018 ATT-INTERNET4 - AT&T Services, Inc.

## ghost.c
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>

#define CANARY "in_the_coal_mine"

struct {
  char buffer[1024];

## test.py
import dpkt

f = open('dns.pcap')
pcap = dpkt.pcap.Reader(f)

for ts, buf in pcap:
    eth = dpkt.ethernet.Ethernet(buf)
    ip = eth.data
    udp = ip.data
    dns = dpkt.dns.DNS(udp.data)

## test.py
import re
from pdb import set_trace
data = open('data.text').read()
"""
Software version:
    5.2.0, 5.3


Operating system(s):
    Firmware

## sheenawadhwa.py
import dpkt
from dpkt.ip import IP
from dpkt.ethernet import Ethernet
import struct
import socket
import csv
def ip_to_str(address):
    return socket.inet_ntoa(address)
f = open('sample.pcap', 'rb')
pcap = dpkt.pcap.Reader(f)

## debugger.cpp
//
// debugger.cpp
//
// The MSEC Debugger Functions
//
//
// Developed by the Microsoft Security Engineering Center (MSEC)
// Copyright 2008-2013, Microsoft Corporation
//
//	Microsoft Public License (Ms-PL)

## dpkt_254.py
'''
dpkt issue 254
'''
import dpkt
from dpkt.ip import IP
from dpkt.ethernet import Ethernet
from dpkt.arp import ARP
from pprint import pprint
import socket
	sudo apt-get update
	sudo apt-get install openjdk-7-jre-headless -y

	wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.2.0.deb
	sudo dpkg -i elasticsearch-1.2.0.deb

	/usr/share/elasticsearch/bin/plugin -install mobz/elasticsearch-head
	sudo service elasticsearch start

	#browse at http://localhost:9200
	MD5 (CCProjectMgrStubEx.dll) = de6c083b7f6bcd404375285eb7ce98ba
	MD5 (config.bak) = c931be9cd2c0bd896ebe98c9304fea9e
	MD5 (default.txt) = ef618bd99411f11d0aa5b67d1173ccdf
	MD5 (devlist.cim) = 59e41a4cdf2a7d37ac343d0293c616b7
	MD5 (shell.bcl) = bdc7fafc26bee0e5e75b521a89b2746d
	MD5 (slide1.gif) = 8a7c30a7a105bd62ee71214d268865e3
	MD5 (slides.inf) = 8313034e9ab391df83f6a4f242ec5f8d
	MD5 (view.ph) = 48937e732d0d11e99c68895ac8578374
	'''
	In some cases, OS X 10.9.5 is unable to find fuzzy.h
	A temporary solution is to force setup.py to look in library_dirs and include_dirs
	'''
	from distutils.core import setup, Extension

	import os

	def get_version():
	with open(os.path.join(os.path.dirname(__file__), 'pydeep.c'),'r') as f:
	IP AS Name
	--------------- ----- --------------------
	208.98.12.145 46844 ST-BGP - Sharktech
	120.147.244.41 1221 ASN-TELSTRA Telstra Pty Ltd
	80.47.167.203 9105 TISCALI-UK Tiscali UK
	108.193.6.137 7018 ATT-INTERNET4 - AT&T Services, Inc.
	86.126.42.246 8708 RCS-RDS RCS & RDS SA
	108.61.125.49 20473 AS-CHOOPA - Choopa, LLC
	94.156.27.155 39396 NBIS-AS NBI Systems Ltd.
	76.218.76.61 7018 ATT-INTERNET4 - AT&T Services, Inc.
	#include <netdb.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>

	#define CANARY "in_the_coal_mine"

	struct {
	char buffer[1024];
	import dpkt

	f = open('dns.pcap')
	pcap = dpkt.pcap.Reader(f)

	for ts, buf in pcap:
	eth = dpkt.ethernet.Ethernet(buf)
	ip = eth.data
	udp = ip.data
	dns = dpkt.dns.DNS(udp.data)
	import re
	from pdb import set_trace
	data = open('data.text').read()
	"""
	Software version:
	5.2.0, 5.3


	Operating system(s):
	Firmware
	import dpkt
	from dpkt.ip import IP
	from dpkt.ethernet import Ethernet
	import struct
	import socket
	import csv
	def ip_to_str(address):
	return socket.inet_ntoa(address)
	f = open('sample.pcap', 'rb')
	pcap = dpkt.pcap.Reader(f)
	//
	// debugger.cpp
	//
	// The MSEC Debugger Functions
	//
	//
	// Developed by the Microsoft Security Engineering Center (MSEC)
	// Copyright 2008-2013, Microsoft Corporation
	//
	// Microsoft Public License (Ms-PL)
	'''
	dpkt issue 254
	'''
	import dpkt
	from dpkt.ip import IP
	from dpkt.ethernet import Ethernet
	from dpkt.arp import ARP
	from pprint import pprint
	import socket