Honeypots mailing list archives

Re: Announce: cmdexe.pl (honeyd script)

From: "Vilhelm Verendel" <vive () dtek chalmers se>
Date: Thu, 2 Dec 2004 17:46:19 +0100 (CET)

[from the README]

Description

   cmdexe.pl is a simple Perl script, that works with honeyd, to
   emulate a DOS command prompt.  It is useful to emulate a simple
   Windows "shell" backdoor, as used by many worms nowadays.  It logs
   the command line entered.  Non-printable characters are logged in
   hexdump format.


Ok :-)

I would like to mention the dos.py script available among the spank
(http://spank.sf.net) programs. It can simulate a 'cmd.exe' service
with basic file system operations on top of different virtual
filesystems (represented in a mysql database). That means, one can simulate
and get a little more of interaction -- e.g. for letting a worm cd
around in virtual directories, deleting virtual files, and so on...

/Vilhelm Verendel

Current thread:

Announce: cmdexe.pl (honeyd script) Luiz Eduardo Roncato Cordeiro (Dec 02)
- <Possible follow-ups>
- Re: Announce: cmdexe.pl (honeyd script) Vilhelm Verendel (Dec 02)
  - Re: Announce: cmdexe.pl (honeyd script) SecurIT Informatique Inc. (Dec 03)