Honeypots mailing list archives
Re: forkcmdexe.pl
From: Joachim Schipper <j.schipper () math uu nl>
Date: Mon, 25 Apr 2005 17:49:18 +0200
On Mon, Apr 25, 2005 at 02:59:53PM +0200, David Halsband wrote:
Hi everyone, I am a student who is working for a university-honeypot-project in Germany. My honeyd itself runs without any problem. All emulated services are working, but I have difficulties with the script cmdexe.pl. This is a part of my honeyd-configuration file: ### Windows computers create windows set windows personality "Microsoft Windows XP Professional" set windows default tcp action reset set windows default udp action reset set windows default icmp action open [...] add windows tcp port 4444 "/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl -p winxp -l //etc/honeyd/scripts/cmdexe-1.06/log" [...] set windows uid 77811 gid 31553 set windows uptime 1244462 bind [1]172.16.0.233 windows When I am trying to connect to this honeyd host to port 4444, I get the following: # telnet [2]172.16.0.233 4444 Trying 172.16.0.233... Connected to [3]172.16.0.233. Escape character is '^]'. Connection closed by foreign host. Honeyd displays the following error information: cmd_fork: execv(/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl) .. Permission denied Any idea of what I am doing wrong? Cmdexe.pl has all file access permissions. Any help would be appreciated.
Dear David, not that I know anything about the script mentioned, or much at all, but have you checked the permissions on the perl binary? I'm not sure, but that would be my guess. Failing that, check for noexec mounts, kernel patches that require trusted path execution or somesuch, and so on. Good luck! Joachim
Current thread:
- forkcmdexe.pl David Halsband (Apr 25)
- Re: forkcmdexe.pl Jan Reister (Apr 26)
- Re: forkcmdexe.pl Joachim Schipper (Apr 27)
- Re: forkcmdexe.pl Laurent OUDOT (Apr 27)