VULHUB ™

ManTrap, a commercial honeypot, can easily be identified and subverted. The process hiding can be detected by sending a signal to each PID, there are /proc inconsistancies, the first 4 processes always get hidden, the inode number is off, and the chroot can be broken via raw device access. Includes mantrap.c, a exploit which checks for the first 3 issues.

ManTrap, a commercial honeypot, can easily be identified and subverted. The process hiding can be detected by sending a signal to each PID, there are /proc inconsistancies, the first 4 processes always get hidden, the inode number is off, and the chroot can be broken via raw device access. Includes mantrap.c, a exploit which checks for the first 3 issues.