NICE!!!
I really like this!
I'm not sure about security - but it seems fairly safe, since no real
system interaction is implemented... nice, real nice script - I'll have
some fun with it ;)
BUT, the logs will grow...
On Thu, 5 Feb 2004 15:46:55 -0500
Carl Fischer <[EMAIL PROTECTED]> wrote:
> I just put together this script to annoy script kiddies looking for
> cmd.exe on my Linux-based web server. Just wanted to know what people
> thought about its security. AFAIK, it's pretty safe. Also, new
> commands and responses are appreciated.
>
> - Carl
>
>
> #!/usr/bin/perl -T
> #
> # Written by Carl Fischer <[EMAIL PROTECTED]>
> #
> # GNU license.
> #
> # This is a web server CGI designed to pretend to be cmd.exe
> # I'm not an expert in perl scripting security, so no guarantees as
> to its # safety. I think it's pretty safe though.
> #
>
> print "Content-type: text/plain\n\n";
>
>
> if (defined $ARGV[0] == FALSE) {
> # This flushes STDOUT after every command (I hope).
> $|=1;
> # if no argument is given, make it look like we've hung at C:\>
> print <<EOF
> Microsoft(R) Windows NT(TM)
> (C) Copyright 1985-1996 Microsoft Corp.
>
> EOF
> ;
> print 'C:\> ';
> sleep 30;
> } else {
> if ($ARGV[0] =~ /\/c/i) {
> # Handle those obnoxious dir requests.
> if ($ARGV[1] eq 'dir') {
> $dir = 'C:\\';
>
> # If any other path to dir is specified, say we can't find it.
> unless ( (defined $ARGV[2] == FALSE) || ($ARGV[2] =~ /^C:.?$/i)
> ) {
> if ($ARGV[2] =~ /[ABD-Gabd-g]:/) {
> print "The device is not ready\n";
> } else {
> print "The system cannot find the file specified.\n\n";
> }
> } else {
> # if no path is given, produce this output.
> print <<EOF
> Volume in drive C is BAIT
> Volume Serial Number is A33B-666A
>
> Directory of $dir
>
> 06/02/01 12:02p <DIR> WINNT
> 09/23/03 12:43p <DIR> pdf995
> 06/02/01 12:04p <DIR> Program Files
> 06/02/01 12:05p 0 CONFIG.SYS
> 06/02/01 12:05p 0 AUTOEXEC.BAT
> 06/02/01 12:38p <DIR> Windows Update Setup Files
> 09/23/03 02:03p <DIR> My Documents
> 01/16/04 04:26a 333 GatorPdpPlg.log
> 09/17/03 11:57p <DIR> Users
> 09/19/03 02:33p <DIR> My Downloads
> 06/02/01 05:57p 0 temp.ps
> 02/03/04 02:14p 278,921,216 pagefile.sys
> 09/11/01 04:45p <DIR> My Music
> 02-05-04 8:30a 0 You Are a LUSER now go away.txt
> 14 File(s) 2,138,598 bytes
> 20,101,311,488 bytes free
> EOF
> ;
> }
> } elsif ($ARGV[1] eq 'type' ) {
> # the next logical thing to do is type a file.
> if (defined $ARGV[2]) {
> print "The system cannot find the file specified\n";
> } else {
> print "The syntax of the command is incorrect.\n";
> }
> } elsif ($ARGV[1] eq 'copy' ) {
> if (defined $ARGV[3]) {
> print " 1 file(s) copied.\n\n";
> } else {
> print "The syntax of the command is incorrect.\n";
> }
> } elsif ($ARGV[1] eq 'tftp') {
> print "Sorry. Haven't implemented bullshit response for tftp
> yet.\n";
> } elsif ($ARGV[1] eq 'echo') {
> print $ARGV[2]."\n" unless ( join(' ', @ARGV) =~ />/ );
> } elsif ($ARGV[1] eq 'move' ) {
> print " 1 file(s) moved.\n\n";
> } elsif ($ARGV[1] eq 'del' ) {
> print "You're one nasty little son of a bitch, aren't you?!\n";
> print "I think I'll just keep those files.\n";
> print "Now, go play with someone else's web server\n\n";
> }
> # If we haven't thought of it, it's a bad command.
> else {
> print <<EOF
> The name specified is not recognized as an
> internal or external command, operable program or batch file.
> EOF
> ;
> }
> } elsif ($ARGV[0] eq '/?') {
> print <<'EOF'
> Starts a new instance of the Windows/NT command interpreter
>
> CMD [/X | /Y] [/A | /U] [/Q] [[/C | /K] string]
>
> /C Carries out the command specified by string and then
> terminates/K Carries out the command specified by string but
> remains/Q Turns the echo off
> /A Causes the output of internal commands to a pipe or file to be
> ANSI/U Causes the output of internal commands to a pipe or file
> to be Unicode/T:fg Sets the foreground/background colors (see COLOR
> /? for more info)/X Enable extensions to the Windows NT version
> of CMD.EXE/Y Disable extensions to the Windows NT version of
> CMD.EXE
>
> Note that multiple commands separated by the command separator '&&'
> are accepted for string if surrounded by quotes
>
> Command Extensions are enabled by default. You may also disable
> extensions for all invocations of the command processor by setting the
> following value in the registry to 0
>
> HKEY_CURRENT_USER\Software\Microsoft\Command
> Processor\EnableExtensions
>
> The command extensions involve changes and/or additions to the
> following commands:
>
> DEL or ERASE
> COLOR
> CD or CHDIR
> MD or MKDIR
> PROMPT
> PUSHD
> POPD
> SET
> SETLOCAL
> ENDLOCAL
> IF
> FOR
> CALL
> SHIFT
> GOTO
> START (also includes changes to external command invocation)
> ASSOC
> FTYPE
>
> To get specific details, type HELP commandname to view the specifics.
> EOF
> ;
> }
> }
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> <http://learn.perl.org/> <http://learn.perl.org/first-response>
>
>
cheers,
Alex
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
