Looking for a cnd.exe logger. Not something that hooks the keyboard but something that can record everything entered at a dos prompt even if it's remote, as in a shell.

Every thing I've found so far is for old dos and terminates when I close the dos emulator. There must be something that runs as a service on 2k that does this

ComLog

http://iquebec.ifrance.com/securit/download.html
http://packetstormsecurity.org/Win2k/ComLog.pl
http://packetstormsecurity.org/Win/comlog105free.zip

Yeah i was about to say create a wrapper..
by forking the stdout and just move the cmd.exe file sumwhere else
But hey sum1 already made a program ^^ i made a bash logger like that and sh for when i was in my honeypot stage

thanks guys for your response! ive already tried comlog.pl. first downloaded it from packetstorm. had to correct all the # signs that got misplaced in the comments by the formatting and still got:

Can't open session log file at _main.pl line 252

line 252 = open (HISTORY, ">>".$history) || die "Can't open session log file";

a couple other versions gave me "expected &&" at the same line

d/ld the com105 exe and pl script, thinking that if the errors i was still getting were caused because he used an older version of perl the right mods would be packed in the executable. same thing

hummm sounds good this little prog !
thanks for our knowledge share !

I find that using cmd.exe itself to log itself usually works. Its something like cmd.exe cmd.exe > log.txt you dont get a echo but it still logs all output.

Hi all, my first post in GSO... I started to make a honeypot in a virtual computer using VMware and found myself ComLog on iquebec but after having installed it correctly, I'm getting some kinds of bugs using the cmd.exe modified, like when I type : cd c:\winnt\system32\spool\prtprocs\

It prompts me that ** error :

---------------
Microsoft Windows 2000 [Version 5.00.2195]
© Copyright 1985-1999 Microsoft Corp.

C:\>cd c:\winnt\system32\spool\prtprocs\
The filename, directory name, or volume label syntax is incorrect.
The filename, directory name, or volume label syntax is incorrect.

>
The filename, directory name, or volume label syntax is incorrect.
-------------------

and can't get out of it... Anyone got problems like that using ComLog ?

Perhaps, after looking at the .pl file, I found that it was emulating command prompt... and getting a slower execution of commands passed into it...

It should be much better if, as Blackknight said, it was redirecting anything going into it to the real cmd.exe after having logged commands... So anyone could help me creating a proggie like that or maybe sending me a program already coded to do it ?

thx

why is that usefull?