Navigation

← Previous Changeset
Next Changeset →

Changeset 167

Timestamp:

01/19/07 16:27:58 (2 years ago)

Author:

kindlund

Message:

Finished initial integration testing.

Files:

honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager.pm (modified) (5 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager.pm

r166	r167
163	163	use HoneyClient::Manager::VM qw();
164	164
	165	# Include DB Utility Library
	166	# TODO: Include unit tests.
	167	use HoneyClient::Manager::DB;
	168
165	169	# XXX: Remove this, eventually.
166	170	use Data::Dumper;
…	…
218	222	# XXX: May want to change this format/usage, eventually.
219	223	our $STATE_FILE = getVar(name => "manager_state");
	224
	225	# Global Database Parameters
	226	# XXX: Will eventually go away.
	227	our $DB_PARAMS = {
	228	dsn=>'DBI:mysql:mysql;host=192.168.0.130',
	229	username=>'root',
	230	password=>''
	231	};
	232
	233	# Global Database Handle
	234	our $DB;
	235
220	236
221	237	#######################################################################
…	…
440	456	my $agentState = undef;
441	457
	458	# Connect to remote database.
	459	$DB = new HoneyClient::Manager::DB($DB_PARAMS);
	460	if ($DB->deploy()) {
	461	print "Database connection succeeded.\n";
	462
	463	$DB_PARAMS = {
	464	dsn=>'DBI:mysql:HoneyClient;host=192.168.0.130',
	465	username=>'root',
	466	password=>''
	467	};
	468	$DB = new HoneyClient::Manager::DB($DB_PARAMS);
	469	}
	470
442	471	for (;;) {
443	472	print "Starting new session...\n";
…	…
452	481	#print Dumper(thaw(decode_base64($agentState)));
453	482	}
	483
	484	# XXX: Be sure to DROP the HoneyClient table, after every Manager->run() call.
	485	# XXX: This will eventually be removed.
	486	$DB->{dbh}->do("DROP DATABASE HoneyClient");
454	487	}
455	488
…	…
657	690	HoneyClient::Manager::VM->destroy();
658	691	$vmCompromised = 1;
	692
	693	# Insert Compromised Fingerprint into DB.
	694	# XXX: For now, we do a blanket insert; eventually, we'll need to
	695	# check if this fingerprint already exists in the DB.
	696	my (@Files, @RegKeys, @Procs);
	697
	698	push @Files, {
	699	path => 'c:\windows\system32',
	700	name => 'calc.exe',
	701	content => {
	702	md5 => '82da9a561687f841a61e752e401471d2',
	703	sha1 => '7552ad083713e6d6b79539b64d598d4dcadfba35',
	704	size => 114688,
	705	type => 'MS-DOS executable (EXE), OS/2 or MS Windows'
	706	}
	707	};
	708	push @Files, {
	709	path => 'c:\windows\system32',
	710	name => 'msgina.dll',
	711	content => {
	712	md5 => 'bab513fc028515389eb6b2ad16e35ad2',
	713	sha1 => 'c5597928b22d2c49a41510d6ab11d8f19bfab0af',
	714	size => 994304,
	715	type => 'MS-DOS executable (EXE), OS/2 or MS Windows'
	716	}
	717	};
	718	push @Files, {
	719	path => 'c:\windows\system32',
	720	name => 'drwatson.exe',
	721	content => {
	722	md5 => '37564f065866fa7215453e72f1264f4b',
	723	sha1 => '7144ee8b57f3fcae6870f452b140365f75b5265c',
	724	size => 28112,
	725	type => 'MS-DOS executable (EXE), OS/2 or MS Windows'
	726	}
	727	};
	728	push @RegKeys, {
	729	key_name => 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run',
	730	status => 1,
	731	entries => [
	732	{
	733	name => 'QuickTime Task',
	734	new_val => '"C:\Program Files\QuickTime\qttask.exe" -atboottime'
	735	}
	736	]
	737	};
	738	push @Procs, {
	739	name => 'calc'
	740	};
	741	push @Procs, {
	742	name => 'drwatson'
	743	};
	744
	745	my $exploit1 = {
	746	Files => \@Files,
	747	RegKeys => \@RegKeys,
	748	Procs => \@Procs
	749	};
	750	$exploit1->{vmid} = 'VMTest1';
	751	my $exploit2 = {
	752	Files => [ $Files[0],$Files[1] ],
	753	RegKeys => \@RegKeys,
	754	Procs => [ $Procs[0] ]
	755	};
	756
	757	if ($DB->Insert($exploit1,'Fingerprints')) {
	758	print "Database insert successful.\n";
	759	}
	760
659	761	return; # Return out of eval block.
660	762	} else {

Navigation

Changeset 167

Legend:

honeyclient/branches/exp/mbriggs-db/lib/HoneyClient/Manager.pm

Download in other formats: