tinyhoneypot 0.4.6-10 / usr / sbin / thpot

This file is indexed.

/usr/sbin/thpot is in tinyhoneypot 0.4.6-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/usr/bin/perl -X

package thp;
# /usr/local/thp/logthis version 0.4.4
# A Perl script to log input from nonspecified tcp connections 
# that are managed by xinetd/inetd.  A component of the thp
# honeypot kit.
#
# Copyright George Bakos - alpinista@bigfoot.com
# July 29, 2002
# This is free software, released under the terms of the GNU General 
# Public License avaiable at http://www.fsf.org/licenses/gpl.txt

use POSIX qw(strftime);
use Getopt::Std;
# Options:
# - d  : debug
getopts('d');
$svcname = $ARGV[0];
$procid = $$;
$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
@nsdata = split(" ",`netstat -tnp 2>/dev/null | grep $procid/perl`);
($saddr, $sport) = split /:/,$nsdata[4];

# TODO, consider setting up debug if $sport or $saddr are undefined
# (calling from the command line)

# We create a new descriptor for debugging purposes
if ( $opt_d ) {
	*DEBUG = *STDOUT;
} else {
	open(DEBUG, ">/dev/null");
}
if ( defined ( $saddr ) && defined ( $sport ) ) {
	print DEBUG "DEBUG: Called with process id $procid (source address: $saddr, source port: $port), arguments: @ARGV\n";
} else {
	print DEBUG "DEBUG: Called with process id $procid (possibly from command line), with arguments: @ARGV\n";
}

$return = do "/etc/thpot/thp.conf";
# TODO: This error checking should be sent somewhere if not running
# from the CLI.
print DEBUG "DEBUG: Could not read the configuration file $file: $!\n"    unless defined $return;

# Define thpdir direclty:
$thpdir = "/usr/share/thpot";
# Use only for testing (locally) purposes:
#$thpdir=".";


foreach $file (<$thpdir/lib/*.pl>) { 
     $return = do $file;
     print DEBUG "DEBUG: Couldn't parse $file: $@\n" if $@;
# TODO: Should these be considered?
#           warn "couldn't do $file: $!"    unless defined $return;
#           warn "couldn't run $file"       unless $return;
}

alarm $timeout;

if ($allowftpdata == "0") {
	$thpaddr="127.0.0.1";
} elsif (!"$thpaddr") {
	$thpaddr = getip();
}

if ( ! $errfile ) {
	print DEBUG "DEBUG: Error file is not defined, aborting.\n";
	exit (1);
}
if ( ! $logfile ) {
	print DEBUG "DEBUG: Log file is not defined, aborting.\n";
	exit (1);
}

open(ERRLOG, ">>$errfile");
open(CAPLOG, ">>$logfile");
opncaplog();

# Redirect STDOUT to lessen the liklihood of an attacker fooling thp into
# returning something useful to him. 

open(NEWOUT, ">/dev/null") || die;
*STDOUT = *NEWOUT;

$null  = 0;
$error = "";
# Check if this is a known service ( there is a function with that
# name in the library)
print DEBUG "DEBUG: Will call service $svcname\n";
if ($svcname =~ /shell|ftp|http|mssql|smtp|pop3|ssh/ ) {
  if ( defined(&$svcname) ) {
	  &$svcname();
  } else {
      $error="Function $svcname is not defined, there might have occured an error loading the modules, will call nullresp()\n";
      $null = 1;
  }
} else {
	$null = 1 ;
}
if (!"$svcname") {
	$null = 1 ;
	$error = "Service is undefined\n";
}

# Call nullresponse if needed
if ( $null == 1 ) {
  print DEBUG "DEBUG: $error\n";
  print ERRORLOG "ERROR: $error\n";
  print DEBUG "DEBUG: Calling nullresponse\n";
  nullresp();
} 

# Close file descriptors in use
close NEWOUT;
close DEBUG;

clcaplog();
close(CAPLOG);
close(ERRLOG);
exit (0);

APT Browse - Built by Thomas Orozco.