Honeypots mailing list archives
Re: Announce: cmdexe.pl (honeyd script)
From: "Vilhelm Verendel" <vive () dtek chalmers se>
Date: Thu, 2 Dec 2004 17:46:19 +0100 (CET)
[from the README] Description cmdexe.pl is a simple Perl script, that works with honeyd, to emulate a DOS command prompt. It is useful to emulate a simple Windows "shell" backdoor, as used by many worms nowadays. It logs the command line entered. Non-printable characters are logged in hexdump format.
Ok :-) I would like to mention the dos.py script available among the spank (http://spank.sf.net) programs. It can simulate a 'cmd.exe' service with basic file system operations on top of different virtual filesystems (represented in a mysql database). That means, one can simulate and get a little more of interaction -- e.g. for letting a worm cd around in virtual directories, deleting virtual files, and so on... /Vilhelm Verendel
Current thread:
- Announce: cmdexe.pl (honeyd script) Luiz Eduardo Roncato Cordeiro (Dec 02)
- <Possible follow-ups>
- Re: Announce: cmdexe.pl (honeyd script) Vilhelm Verendel (Dec 02)
- Re: Announce: cmdexe.pl (honeyd script) SecurIT Informatique Inc. (Dec 03)