CGI Script to annoy script kiddies.

[Carl Fischer]

I just put together this script to annoy script kiddies looking for cmd.exe on
my Linux-based web server.  Just wanted to know what people thought about its
security.  AFAIK, it's pretty safe.  Also, new commands and responses are
appreciated.

 - Carl


#!/usr/bin/perl -T
#
#  Written by Carl Fischer <[EMAIL PROTECTED]>
#
#  GNU license.
#
#  This is a web server CGI designed to pretend to be cmd.exe
#  I'm not an expert in perl scripting security, so no guarantees as to its 
#  safety.  I think it's pretty safe though.  
#

print "Content-type: text/plain\n\n";


if (defined $ARGV[0] == FALSE) {
  # This flushes STDOUT after every command (I hope).
  $|=1;
  # if no argument is given, make it look like we've hung at C:\>
  print <<EOF
 Microsoft(R) Windows NT(TM)
 (C) Copyright 1985-1996 Microsoft Corp.

EOF
  ; 
  print 'C:\>  '; 
  sleep 30;
} else {
  if ($ARGV[0] =~ /\/c/i) {
    # Handle those obnoxious dir requests.
    if ($ARGV[1] eq 'dir') {
      $dir = 'C:\\';

      # If any other path to dir is specified, say we can't find it.
      unless ( (defined $ARGV[2] == FALSE) || ($ARGV[2] =~ /^C:.?$/i) ) {
        if ($ARGV[2] =~ /[ABD-Gabd-g]:/) {
          print "The device is not ready\n";
        } else {
          print "The system cannot find the file specified.\n\n";
        }
      } else {
      # if no path is given, produce this output.
      print <<EOF
 Volume in drive C is BAIT
 Volume Serial Number is A33B-666A

 Directory of $dir

06/02/01  12:02p        <DIR>          WINNT
09/23/03  12:43p        <DIR>          pdf995
06/02/01  12:04p        <DIR>          Program Files
06/02/01  12:05p                     0 CONFIG.SYS
06/02/01  12:05p                     0 AUTOEXEC.BAT
06/02/01  12:38p        <DIR>          Windows Update Setup Files
09/23/03  02:03p        <DIR>          My Documents
01/16/04  04:26a                   333 GatorPdpPlg.log
09/17/03  11:57p        <DIR>          Users
09/19/03  02:33p        <DIR>          My Downloads
06/02/01  05:57p                     0 temp.ps
02/03/04  02:14p           278,921,216 pagefile.sys
09/11/01  04:45p        <DIR>          My Music
02-05-04  8:30a                      0 You Are a LUSER now go away.txt
              14 File(s)      2,138,598 bytes
                         20,101,311,488 bytes free
EOF
; 
      }
    } elsif ($ARGV[1] eq 'type' ) {
    # the next logical thing to do is type a file.
      if (defined $ARGV[2]) {
        print "The system cannot find the file specified\n";
      } else {
        print "The syntax of the command is incorrect.\n";
      }
    } elsif ($ARGV[1] eq 'copy' ) {
      if (defined $ARGV[3]) {
        print "        1 file(s) copied.\n\n";
      } else {
        print "The syntax of the command is incorrect.\n";
      }
    } elsif ($ARGV[1] eq 'tftp') {
      print "Sorry.  Haven't implemented bullshit response for tftp yet.\n";
    } elsif ($ARGV[1] eq 'echo') {
      print $ARGV[2]."\n" unless ( join(' ', @ARGV) =~ />/ );
    } elsif ($ARGV[1] eq 'move' ) {
      print "        1 file(s) moved.\n\n"; 
    } elsif ($ARGV[1] eq 'del' ) {
      print "You're one nasty little son of a bitch, aren't you?!\n";
      print "I think I'll just keep those files.\n";
      print "Now, go play with someone else's web server\n\n";
    }
    # If we haven't thought of it, it's a bad command.
    else {
  print <<EOF
The name specified is not recognized as an
internal or external command, operable program or batch file.
EOF
;
  }
  } elsif ($ARGV[0] eq '/?') {
    print <<'EOF'  
Starts a new instance of the Windows/NT command interpreter

CMD [/X | /Y] [/A | /U] [/Q] [[/C | /K] string]

/C      Carries out the command specified by string and then terminates
/K      Carries out the command specified by string but remains
/Q      Turns the echo off
/A      Causes the output of internal commands to a pipe or file to be ANSI
/U      Causes the output of internal commands to a pipe or file to be Unicode
/T:fg   Sets the foreground/background colors (see COLOR /? for more info)
/X      Enable extensions to the Windows NT version of CMD.EXE
/Y      Disable extensions to the Windows NT version of CMD.EXE

Note that multiple commands separated by the command separator '&&'
are accepted for string if surrounded by quotes

Command Extensions are enabled by default.  You may also disable
extensions for all invocations of the command processor by setting the
following value in the registry to 0

    HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions

The command extensions involve changes and/or additions to the following
commands:

    DEL or ERASE
    COLOR
    CD or CHDIR
    MD or MKDIR
    PROMPT
    PUSHD
    POPD
    SET
    SETLOCAL
    ENDLOCAL
    IF
    FOR
    CALL
    SHIFT
    GOTO
    START (also includes changes to external command invocation)
    ASSOC
    FTYPE

To get specific details, type HELP commandname to view the specifics.
EOF
;
  } 
}

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>