extract from sqlite

i have a sqlite database created from the honeypot. the database contains malware files. how can i extract these files开发者_运维问答 from the sqlite database. please if someone can help

You can dump the whole database with:

echo .dump | sqlite3 database.sqlite > database.dump

Or just view the structure with:

echo .schema | sqlite3 database.sqlite

To get the files, you'll probably need a small script to extract the BLOBs into files. Post the schema of the database if you need help.

The sqlite3 command can easily interrogate an sqlite3 database and the .dump command will allow you to dump a given table, and the .output command will let you select a filename for the output before dumping.

If the data came from a honeypot, be very careful about the tools you use to inspect the contents: flaws have been found in terminals that allow malicious content to gain privileges on the system. Simply using 'cat' to inspect a file on such a terminal could grant the malicious program your complete set of privileges.

So, at a minimum step, please at least use an unprivileged user account with no access to other data on the system. Using a tool such as AppArmor, SMACK, TOMOYO, SELinux, LIDS, to confine your tools to a small subset of system resources would be a good idea too. Virtualization could also work, but there have been plenty of 'breakouts' from those tools as well.