Honeypots: forkcmdexe.pl

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Honeypots mailing list archives

forkcmdexe.pl

From: David Halsband <david.halsband () gmail com>
Date: Mon, 25 Apr 2005 14:59:53 +0200

Hi everyone,

I am a student who is working for a university-honeypot-project in Germany.

My honeyd itself runs without any problem. All emulated services are 
working, but I have difficulties with the script cmdexe.pl.

This is a part of my honeyd-configuration file:

### Windows computers
create windows
set windows personality "Microsoft Windows XP Professional"
set windows default tcp action reset
set windows default udp action reset
set windows default icmp action open
[...]
add windows tcp port 4444 "/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl -p 
winxp -l //etc/honeyd/scripts/cmdexe-1.06/log"
[...]
set windows uid 77811 gid 31553
set windows uptime 1244462
bind 172.16.0.233 <http://172.16.0.233> windows


When I am trying to connect to this honeyd host to port 4444, I get the 
following:

# telnet 172.16.0.233 <http://172.16.0.233> 4444
Trying 172.16.0.233...
Connected to 172.16.0.233 <http://172.16.0.233>.
Escape character is '^]'.
Connection closed by foreign host.


Honeyd displays the following error information:

cmd_fork: execv(/etc/honeyd/scripts/cmdexe-1.06/cmdexe.pl)
..
Permission denied


Any idea of what I am doing wrong? Cmdexe.pl has all file access 
permissions.
Any help would be appreciated.

David

By Date By Thread

Current thread:

forkcmdexe.pl David Halsband (Apr 25)
- Re: forkcmdexe.pl Jan Reister (Apr 26)
- Re: forkcmdexe.pl Joachim Schipper (Apr 27)
- Re: forkcmdexe.pl Laurent OUDOT (Apr 27)