/configure ??“enable-debug-logging
Now that you have Nepenthes installed, youmay tweak it by editing the nepenthes.conf
file.
BT nepenthes-0.2.0 # vi /opt/nepenthes/etc/nepenthes/nepenthes.conf
Make the following changes: uncomment the submit-norman plug-in. This plug-in will
e-mail any captured samples to the Norman Sandbox and the Nepenthes Sandbox
(explained later).
// submission handler
"submitfile.so", "submit-file.conf", "" // save to disk
"submitnorman.so", "submit-norman.conf", ""
// "submitnepenthes.so", "submit-nepenthes.conf", "" // send to downloadnepenthes
Now you need to add your e-mail address to the submit-norman.conf file:
BT nepenthes-0.2.0 # vi /opt/nepenthes/etc/nepenthes/submit-norman.conf
as follows:
submit-norman
{
// this is the address where norman sandbox reports will be sent
email "youraddresshere@yourdomain.com";
Chapter 20: Collecting Malware and Initial Analysis
509
Gray Hat Hacking: The Ethical Hacker??™s Handbook
510
urls ("http://sandbox.norman.no/live_4.html",
"http://luigi.informatik.uni-mannheim.de/submit.php?action=
verify");
};
Finally, you may start Nepenthes.
BT nepenthes-0.2.0 # cd /opt/nepenthes/bin
BT nepenthes-0.2.0 # ./nepenthes
...ASCII art truncated for brevity.
Pages:
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888