Testing Nepenthes Works

To check that Nepenthes actually works, and more importantly that any server side applications that rely on it receive data correctly it’s useful to test whether Nepenthes works.

Firstly enable the following lines in nepenthes.conf

//  "x1.so",                       "x-1.conf",                     "",
//  "x2.so",                       "x-2.conf",                     "",

This enables us to connect to the x-2 example module, that provides a simple shell and the x-3 example module that adds a file-handler that reads data from /dev/urandom.

Start Nepenthes and using netcat connect on the port specified in x-2.conf. This is 10002 by default.

You should have a prompt now:

joe@nepenthes ~ $ nc 127.0.0.1 10002
Welcome to dong Shell

Enter download file://127.0.0.1:53421//dev/urandom and hit return.

In the nepenthes log file should see something close to the following:

[23072008 01:57:18 crit module] Downloading file from "file://127.0.0.1:53421//dev/urandom"
[23072008 01:57:18 info down mgr] Handler urandom download handler will download file://127.0.0.1:53421//dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 debug info fixme] read 2048 bytes from /dev/urandom
[23072008 01:57:18 info mgr submit] File 4a05e1a3a5658274c04409ea5b1a3227 has type data
[23072008 01:57:27 debug info fixme] File info submitted (4a05e1a3a5658274c04409ea5b1a3227, file://127.0.0.1:53421//dev/urandom)
[23072008 01:57:27 debug info fixme] File upload requested (4a05e1a3a5658274c04409ea5b1a3227, file://127.0.0.1:53421//dev/urandom)
[23072008 01:57:31 debug info fixme] Submitted file 4a05e1a3a5658274c04409ea5b1a3227 to sandbox http://www.norman.com/microsites/nsic/Submit/Special/45773/
[23072008 01:57:31 debug info fixme] Submitted file 4a05e1a3a5658274c04409ea5b1a3227 to sandbox http://luigi.informatik.uni-mannheim.de/submit.php?action=verify

Check your filesystem if using the submit-file module or your logging system!

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

July 22nd, 2008
By Joe | filed under Honeypot, Nepenthes | No Comments »