	
	mimic v-1.0 -> The services imitator.

mimic sits in the background as a daemon and imitates particular services. So far it has the ability to imitate ftpd and telnetd servers. With a very limited knowledge of C, you can also teach mimic how to imitate other servers, such as sshd by writing to mimics scripting entry point. By using the users data structure and argument list, you can format replies based on what the user types, the users status and other information derived from the data structure.

mimic loves to laugh at people doing silly things and he records everything so that you can laugh too. If you mimic an ftp server, then clients connecting to your ftp server will see nothing wrong. To them it will seem just like any other ftp server. They will never be able to log in, but they can try. Everything they type will be logged and that's what makes mimic such a good way to catch intruders. If you know or suspect that you have been hacked and that the hacker exploited your ftp server for example, then you better take that ftp server down. Now, replace it with mimic-ftpd and the hacker will come to no avail when attempting to exploit your ftp server this time, and you will have all the logs you need to find out what exactly he did to your old ftp server.

Apart from being able to mimic ftpd and telnetd, mimic makes it simple for anyone with a limited knowledge of C to teach mimic new tricks. The program entry point for scripting will be in script.c. ftpd.c and telnetd.c are extensions of script.c and by perusing through them you will gain an understanding of how to create your own fake server.

Technical Information for scripting:

Users Data Structure (ud):
struct user
{
        int connfd; // connection file descriptor
        int bUser; // if true: client sent username
        int bAnon; // if true: client wants anonymous access
        int bIgnore; // if true: all data from client will be ignored
        int bInitTelnetd; // telnetd.c status (dont use)
        int nLines; // number of lines sent by client. alter at will.
        char line[MAXINPUT]; // the unparsed argument list
        char host[INET_ADDRSTRLEN]; // clients hostname
};

When scripting, these variables should concern you most:
struct user *ud; // users data structure, see above
char **args; // parsed argument list in the form args[0], args[1], etc.
int cargs; // number of arguments in argument list
char reply[256]; // servers(your) reply

The following is a reply formatting example:
(this will tell the client where he is from)

snprintf( reply, sizeof(reply), "you are connected from %s\r\n", ud->host );

That's it for scripting!

Apart from script.c there are 2 other important files you will need to work with when creating your own fake server: welcome.msg.servicename and servicename.conf

welcome.msg.servicename ::: telnetd example:

Red Hat Linux release 7.2 (Enigma)
Kernel `uname -r` on an `uname -m`
login: \n

This will be the message users receive when they connect to your telnet server.
Anything between apostrophes (``) will be interpreted as a command and will be replaced by the commands output. The \n means no-newline. This is so that when the user connects, he will begin typing on the same line as the word "login:".

welcome.msg.servicename ::: ftpd example:

220 `uname -n` FTP server (Version FTPD-2.1.4(1) `date "+%a %b%e %T %Z %Y"`) ready.

servicename.conf ::: telnetd example:

ListenPort 23;

LogFile /var/log/mimic-telnetd.log;

WelcomeFile welcome.msg.telnetd;

Options ECHO;


Everything here is self-explanatory except for the Options bit. The only option that is available is "ECHO". When set, your server will echo back every character it receives from the client, back to the client. As soon as the client connects it will also negotiate this echo option with the client by means of the telnet protocol.

servicename.conf ::: ftpd example:

ListenPort 21;

LogFile /var/log/mimic-ftpd.log;

WelcomeFile welcome.msg.ftpd;

Self-explanatory.

script.c is your entry point to scripting. It is the skeleton of your server. Your scripting directory is script/ where your welcome file and config files are kept. To compile your script, simply type: make myscript. This will compile your server to script/mimic-script. Your script.c skeleton includes one extra line which causes your script to act as an echo server. This demonstrates the simplicity of creating your own server. All I added to the skeleton was:
snprintf( reply, sizeof(reply), "%s\r\n", ud->line);
and, voila, a fully-functional echo server!


Final words :::

Have fun with ftpd and telnetd imitating. Explore the scripting functionality and email me when you've created a supercool services imitator and I might add it to the "collection".

- Written by ebbtepid <bozy@newmail.net>
