Tuesday, July 15, 2008

From Aachen to Mannheim

Well, it seems the Germanians did pretty good job on the lightweight honeypot. I just stumbled to the Thorltz's blog, and it seems that I missed something. Yet another honeypot.. amun!

Download here

Written in Python, I just got it work in seconds, prior to that you've to install python-psycho module.

See, the verbose output:

.::[Amun - Decoder] compiling siegburg xor decoder ::.
.::[Amun - Decoder] compiling plain1 shellcode ::.
.::[Amun - Decoder] compiling plain2 shellcode ::.
.::[Amun - Main] ready for evil orders: ::.

Among the services (mixed with my valid ssh service)

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
42/tcp open nameserver
105/tcp open csnet-ns
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
587/tcp open submission
617/tcp open sco-dtmgr
623/tcp open unknown
631/tcp open ipp
1023/tcp open netvenuechat
1025/tcp open NFS-or-IIS
1521/tcp open oracle
1533/tcp open virtual-places
1900/tcp open UPnP
2105/tcp open eklogin
3268/tcp open globalcatLDAP
3306/tcp open mysql
3372/tcp open msdtc
5000/tcp open UPnP
5432/tcp open postgres
5900/tcp open vnc
6101/tcp open VeritasBackupExec
7100/tcp open font-service
8080/tcp open http-proxy
8118/tcp open privoxy
9050/tcp open tor-socksport
9999/tcp open abyss

All the best, luring malware ;-)

No comments: