Wednesday, February 17, 2010

Installing Xplico

I have been scouring the internet for some useful forensic tools when I cam across a tool call Xplico. I wanted to do some of the forensic challenges offered by the folks over at SANS and it looks like to win anything you have to write tools. Realistically in a high paced environment the luxury of having time to write your own tools sometimes doesn't exist.

Xplico has a couple of install options. First they have a virtualbox VM that you can download. If you are running Ubuntu 9.10 they have a nice .deb package for you. And for the brave ones they have the source that you can build yourself. I am running Ubuntu 9.10 64bit style so I need to do a little extra to get the prepackage to work.

So let's get our download on:

$ wget http://downloads.sourceforge.net/project/xplico/Xplico%20versions/version%200.5.4/xplico_0.5.4_i386.deb?use_mirror=softlayer

When I tried to force install it on a 64bit OS I got all this stuff:

xplico depends on libice6 (>= 1:1.0.0); however:
Package libice6 is not installed.
xplico depends on libmysqlclient16 (>= 5.1.21-1); however:
Package libmysqlclient16 is not installed.
xplico depends on libsm6; however:
Package libsm6 is not installed.
xplico depends on libsqlite0 (>= 2.8.17); however:
Package libsqlite0 is not installed.
xplico depends on libxt6; however:
Package libxt6 is not installed.
xplico depends on tshark; however:
Package tshark is not installed.
xplico depends on python-all; however:
Package python-all is not installed.
xplico depends on apache2.2-common; however:
Package apache2.2-common is not installed.
xplico depends on php5-common; however:
Package php5-common is not installed.
xplico depends on libapache2-mod-php5; however:
Package libapache2-mod-php5 is not installed.
xplico depends on php5-sqlite; however:
Package php5-sqlite is not installed.
xplico depends on php5-cli; however:
Package php5-cli is not installed.


Ubuntu is supossed to be cool enough to go download all this crap but somehow it was stuck. So I did the following:
$ sudo apt-get install libice6 tshark libsm6 build-essential
After that I was able to give it a:
$ sudo apt-get -f install
This basically fixed all my jacked up packages and looked like everything installed properly.

So at this point lets see if it worked. Give your terminal one of these
$ xplico -h

It should print out the help. So now lets fire up our interwebs and see what this looks like. Connect to the host you installed it on on port 9876.


So that is how I got mine working. Coming up next is using this tool :)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)