Re: forkcmdexe.pl

[Joachim Schipper <j.schipper () math uu nl>]

On Mon, Apr 25, 2005 at 02:59:53PM +0200, David Halsband wrote:
>    Hi everyone,
>    I am a student who is working for a university-honeypot-project in
>    Germany.
>    My honeyd itself runs without any problem. All emulated services are
>    working, but I have difficulties with the script cmdexe.pl.
>    This is a part of my honeyd-configuration file:
>    ### Windows computers
>    create windows
>    set windows personality "Microsoft Windows XP Professional"
>    set windows default tcp action reset
>    set windows default udp action reset
>    set windows default icmp action open
>    [...]
>    add windows tcp port 4444 "/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl
>    -p winxp -l //etc/honeyd/scripts/cmdexe-1.06/log"
>    [...]
>    set windows uid 77811 gid 31553
>    set windows uptime 1244462
>    bind [1]172.16.0.233 windows
>    When I am trying to connect to this honeyd host to port 4444, I get
>    the following:
>    # telnet [2]172.16.0.233 4444
>    Trying 172.16.0.233...
>    Connected to [3]172.16.0.233.
>    Escape character is '^]'.
>    Connection closed by foreign host.
>    Honeyd displays the following error information:
>    cmd_fork: execv(/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl)
>    ..
>    Permission denied
>    Any idea of what I am doing wrong? Cmdexe.pl has all file access
>    permissions.
>    Any help would be appreciated.

Dear David,

not that I know anything about the script mentioned, or much at all, but
have you checked the permissions on the perl binary? I'm not sure, but
that would be my guess.

Failing that, check for noexec mounts, kernel patches that require
trusted path execution or somesuch, and so on.

Good luck!

                Joachim