Changeset 1737
- Timestamp:
- 08/14/08 13:54:57 (4 months ago)
- Files:
-
- honeyclient/branches/exp/bhenderson-browser_automation/bin/UpdateBundleChecksum.pl (modified) (1 diff)
- honeyclient/branches/exp/bhenderson-browser_automation/etc/honeyclient.xml (modified) (2 diffs)
- honeyclient/branches/exp/bhenderson-browser_automation/lib/HoneyClient/Manager/VM.pm (modified) (1 diff)
- honeyclient/branches/exp/bhenderson-browser_automation/lib/HoneyClient/Manager/VM/Clone.pm (modified) (1 diff)
- honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/FileMonitor.exl (modified) (3 diffs)
- honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/ProcessMonitor.exl (modified) (1 diff)
- honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/RegistryMonitor.exl (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
honeyclient/branches/exp/bhenderson-browser_automation/bin/UpdateBundleChecksum.pl
r1224 r1737 1 1 #!/usr/bin/perl 2 3 #Run like: 4 #./UpdateBundleChecksum.pl ../cpan/sources/authors/id/M/MI/MITREHC/ 2 5 3 6 use CPAN::Checksums qw(updatedir); honeyclient/branches/exp/bhenderson-browser_automation/etc/honeyclient.xml
r1649 r1737 213 213 <!-- TODO: Update this. --> 214 214 <url description="The URL of the local Ruby web service, which interfaces with the local HoneyClient database."> 215 http:// 172.16.164.1/hc_database/api215 http://drone/hc_database/api 216 216 </url> 217 217 <max_retry_count description="If the Manager is unable to contact the Ruby web service due to connectivity issues, then the Manager will retry up to the specified number of times before giving up." default="1800"> … … 319 319 <VM> 320 320 <master_vm_config description="The full absolute path to the VM configuration file on the host system that will be used by all subsequent cloned VMs."> 321 /vm/masters/Agent.Master-4 2-IE6/winXPPro.cfg321 /vm/masters/Agent.Master-44-IE6/winXPPro.cfg 322 322 </master_vm_config> 323 323 <port description="The TCP port number that the SOAP server of the VM daemon will listen on for requests. Note: This port should be unique and not already be used by other modules, services, or daemons running on the host system." default="7627"> honeyclient/branches/exp/bhenderson-browser_automation/lib/HoneyClient/Manager/VM.pm
r1649 r1737 3425 3425 /A file encapsulating the state of a virtual machine was discovered/ && 3426 3426 do { $choice = 0; last; }; # Choice 0: Discard. 3427 3428 # Error reading image (vmdk); go ahead and retry. 3429 /Operation on file \".*\" failed/ && 3430 do { $choice = 0; last; }; # Choice 0: Retry. 3427 3431 3428 3432 $LOG->warn("Encountered unknown question for VM ($args{'config'}). " . honeyclient/branches/exp/bhenderson-browser_automation/lib/HoneyClient/Manager/VM/Clone.pm
r1604 r1737 1544 1544 1545 1545 if ($args{'perform_archive'}) { 1546 $LOG->info("Thread ID (" . threads->tid() . "): Archiving clone VM (" . $vmConfig . ")."); 1546 1547 if ($argsExist && 1547 1548 exists($args{'snapshot_file'}) && honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/FileMonitor.exl
r1645 r1737 97 97 + Write C:\\Program Files\\Messenger\\msmsgs\.exe C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG 98 98 + Delete C:\\Program Files\\Messenger\\msmsgs\.exe C:\\Documents and Settings\\.+\\NTUSER.DAT.LOG 99 + Write C:\\Program Files\\Messenger\\msmsgs\.exe C:\\Documents and Settings\\.+\\NTUSER.DAT 99 100 + Write C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe E:\\\$LogFile 100 101 + Write C:\\WINDOWS\\system32\\wbem\\wmiprvse\.exe E:\\\$Directory … … 331 332 + Write C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe C:\\WINDOWS\\system32\\config\\system\.LOG 332 333 + Write C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe C:\\WINDOWS\\system32\\config\\system 334 + Write C:\\WINDOWS\\Microsoft\.NET\\Framework\\v3\.0\\Windows Communication Foundation\\infocard\.exe C:\\WINDOWS\\system32\\config 333 335 334 336 # IE7 - Exclusion … … 344 346 + Write C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+html 345 347 + Delete C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp 348 + Write C:\\Program Files\\Internet Explorer\\iexplore\.exe C:\\WINDOWS\\.+tmp 349 350 # System Log Files - IE7 351 + Write C:\\WINDOWS\\system32\\services\.exe C:\\WINDOWS\\Debug\\UserMode\\userenv\.log 352 353 # IE6 Crashing 354 + Write C:\\WINDOWS\\system32\\drwtsn32\.exe C:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Dr Watson\\.* honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/ProcessMonitor.exl
r1647 r1737 54 54 # IE - Random Crashing Due To Poor Application Coding 55 55 + drwtsn32.exe .* C:\\WINDOWS\\system32\\drwtsn32\.exe 56 57 # IE - MSN Messenger Autostart 58 + msmsgs.exe .* C:\\Program Files\\Messenger\\msmsgs\.exe honeyclient/branches/exp/bhenderson-browser_automation/thirdparty/capture-mod/RegistryMonitor.exl
r1648 r1737 114 114 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+ 115 115 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+ 116 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport \\.+116 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport.* 117 117 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+ 118 118 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+ … … 160 160 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache.+ 161 161 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Cache.+ 162 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport \\.+162 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Passport.* 163 163 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\.+ 164 164 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\Direct3D.+ … … 186 186 + SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MSMSGS 187 187 + SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+ 188 + SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders \\.+188 + SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders.* 189 189 + SetValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+ 190 190 + SetValueKey C:\\WINDOWS\\system32\\svchost\.exe HKLM\\SOFTWARE\\Microsoft\\EventSystem\\.+\\Subscriptions\\.+ … … 202 202 + DeleteValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\MSMSGS 203 203 + DeleteValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+ 204 + DeleteValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders \\.+204 + DeleteValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders.* 205 205 + DeleteValueKey C:\\Program Files\\Messenger\\msmsgs\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\.+ 206 206 + DeleteValueKey C:\\WINDOWS\\system32\\svchost\.exe HKLM\\SOFTWARE\\Microsoft\\EventSystem\\.+\\Subscriptions\\.+ … … 290 290 + SetValueKey C:\\Program Files\\Windows Media Player\\wmplayer\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap 291 291 #### HONEYCLIENT AUTO EXCLUDE SCRIPT 292 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Macromedia\\FlashPlayerUpdate 292 293 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Macromedia\\FlashPlayer 293 294 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Macromedia\\FlashPlayer … … 407 408 # IE - Random Crashing Due To Poor Application Coding 408 409 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.* 410 + DeleteValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKLM\\SOFTWARE\\Microsoft\\PCHealth\\ErrorReporting\\.* 411 412 # IE - Dr Watson IE 6 Crashing 413 + SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders.* 414 + SetValueKey C:\\WINDOWS\\system32\\drwtsn32\.exe HKLM\\SOFTWARE\\Microsoft\\DrWatson.* 415 416 # Benign Explorer Activity 417 + SetValueKey C:\\WINDOWS\\explorer\.exe HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar.* 418 + SetValueKey C:\\WINDOWS\\explorer\.exe HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings.* 419 420 # Benign DirectX Activity 421 + SetValueKey C:\\Program Files\\Internet Explorer\\iexplore\.exe HKCU\\Software\\Microsoft\\Multimedia\\msacm.msgsm610.*
