Author Topic: p0ke's Honeyd  (Read 4806 times)

0 Members and 1 Guest are viewing this topic.

August 21, 2007, 05:27:01 pm
Read 4806 times

sowhat-x

  • Guest
...this tool seems to have been released in public two years ago or so...
it's author,p0ke,is probably more widely-known for coding usually packers,
and other...let's just say "not exactly legitimate" apps,he-he,you get the point...  ;)

This one though,is a quite nice exception to the rule...from the ReadMe.txt:

This tool simulates (creates fake versions) of known viruses and worms (such as beagle, mydoom, etc),
to attract other bots/viruses.
Example, it opens port 2745 (beagle a/b) on the system,and if a bot tries to upload itself to your ip,
the honeyd will start a filetransfer, and catch the uploaded file.
However this application will NOT in any way execute the uploaded malwares,
and it will NOT place them in other directories then the created one
(usually %current directory%\Catched Malwares\ ).
Honeyd is script-based, so you can easily (with lesser then 10 lines),
create a own script for a own port/exploit.
And the script language aint hard to learn either (its just some commands actully).


Archive in attachment below...(no precompiled binary,only Delphi sources included)  8)