Skip to content

Commit

Permalink
Merge pull request #59 from fkie-cad/ssh-server-fix
Browse files Browse the repository at this point in the history 
Ssh server fix
  • Loading branch information
@giga-a
giga-a authored Mar 4, 2024
2 parents 89c8b21 + 7164ad5 commit d927b3b
Show file tree
Hide file tree
Showing 36 changed files with 394 additions and 646 deletions.
16 changes: 5 additions & 11 deletions honeypots/base_http_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ def __init__(self, **kwargs):
)

class MainResource(Resource):
isLeaf = True
isLeaf = True # noqa: N815
home_file = load_template("home.html")
login_file = load_template("login.html")

def __init__(self, *args, hp_server=None, **kwargs):
def __init__(self, *args, hp_server: BaseHttpServer = None, **kwargs):
super().__init__(*args, **kwargs)
self.hp_server = hp_server
self.headers = {}
Expand All @@ -53,30 +53,24 @@ def render(self, request):

with suppress(Exception):
log_data = {
"server": self.hp_server.NAME,
"action": "connection",
"src_ip": client_ip,
"src_port": request.getClientAddress().port,
"dest_ip": self.hp_server.ip,
"dest_port": self.hp_server.port,
}
if "capture_commands" in self.hp_server.options:
log_data["data"] = headers
self.hp_server.logs.info(log_data)
self.hp_server.log(log_data)

if self.hp_server.mocking_server != "":
request.responseHeaders.removeHeader("Server")
request.responseHeaders.addRawHeader("Server", self.hp_server.mocking_server)

if request.method in (b"GET", b"POST"):
self.hp_server.logs.info(
self.hp_server.log(
{
"server": self.hp_server.NAME,
"action": request.method.decode(),
"src_ip": client_ip,
"src_port": request.getClientAddress().port,
"dest_ip": self.hp_server.ip,
"dest_port": self.hp_server.port,
}
)

Expand Down Expand Up @@ -115,7 +109,7 @@ def render(self, request):
if "username" in form and "password" in form:
username = check_bytes(form["username"].value)
password = check_bytes(form["password"].value)
self.hp_server.log_login(
self.hp_server.check_login(
username, password, client_ip, request.getClientAddress().port
)

Expand Down
24 changes: 15 additions & 9 deletions honeypots/base_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from os import getenv
from shlex import split
from subprocess import Popen
from typing import Any
from uuid import uuid4

from honeypots.helper import (
Expand Down Expand Up @@ -96,15 +97,12 @@ def run_server(self, process: bool = False, auto: bool = False) -> bool | None:
if self.process.poll() is None and check_if_server_is_running(self.uuid):
status = "success"

self.logs.info(
self.log(
{
"server": self.NAME,
"action": "process",
"status": status,
"src_ip": self.ip,
"src_port": self.port,
"dest_ip": self.ip,
"dest_port": self.port,
}
)

Expand All @@ -113,21 +111,29 @@ def run_server(self, process: bool = False, auto: bool = False) -> bool | None:
self.kill_server()
return False

def log_login(self, username: str, password: str, ip: str, port: int):
def check_login(self, username: str, password: str, ip: str, port: int) -> bool:
status = "success" if self._login_is_correct(username, password) else "failed"
self.logs.info(
self.log(
{
"server": self.NAME,
"action": "login",
"status": status,
"src_ip": ip,
"src_port": port,
"username": username,
"password": password,
"dest_ip": self.ip,
"dest_port": self.port,
}
)
return status == "success"

def _login_is_correct(self, username: str, password: str) -> bool:
return username == self.username and password == self.password

def log(self, log_data: dict[str, Any]):
log_data.update(
{
"server": self.NAME,
"dest_ip": self.ip,
"dest_port": self.port,
}
)
self.logs.info(log_data)
10 changes: 2 additions & 8 deletions honeypots/dhcp_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,7 @@
from twisted.internet.protocol import DatagramProtocol

from honeypots.base_server import BaseServer
from honeypots.helper import (
server_arguments,
check_bytes,
)
from honeypots.helper import check_bytes, server_arguments


class QDHCPServer(BaseServer):
Expand Down Expand Up @@ -96,15 +93,12 @@ def datagramReceived(self, data, addr):
mac_address = "None"
data = self.parse_options(data[240:])
data.update({"mac_address": mac_address})
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"status": "success",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data,
}
)
Expand Down
10 changes: 2 additions & 8 deletions honeypots/dns_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,29 +53,23 @@ def gotResolverResponse(self, response, protocol, message, address):
src_ip, src_port = address
for items in response:
for item in items:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"src_ip": src_ip,
"src_port": src_port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return super().gotResolverResponse(response, protocol, message, address)

class CustomDnsUdpProtocol(dns.DNSDatagramProtocol):
def datagramReceived(self, data: bytes, addr: tuple[str, int]):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data.decode(errors="replace"),
}
)
Expand Down
34 changes: 7 additions & 27 deletions honeypots/elastic_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,12 @@ def _dump_headers(self):
for item, value in dict(self.headers).items():
headers.update({check_bytes(item): check_bytes(value)})

_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "dump",
"data": check_bytes(self.raw_requestline),
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"headers": headers,
}
)
Expand Down Expand Up @@ -109,15 +106,12 @@ def do_GET(self):

key = self.server.get_auth_key()
if self.headers.get("Authorization") is None:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "failed",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
Expand All @@ -129,18 +123,14 @@ def do_GET(self):
"root_cause": [
{
"type": "security_exception",
"reason": "unable to authenticate user [{}] for REST request [/]".format(
username
),
"reason": f"unable to authenticate user [{username}] for REST request [/]",
"header": {
"WWW-Authenticate": 'Basic realm="security" charset="UTF-8"'
},
}
],
"type": "security_exception",
"reason": "unable to authenticate user [{}] for REST request [/]".format(
username
),
"reason": f"unable to authenticate user [{username}] for REST request [/]",
"header": {
"WWW-Authenticate": 'Basic realm="security" charset="UTF-8"'
},
Expand All @@ -152,16 +142,12 @@ def do_GET(self):
)
self.wfile.write(self._set_response_gzip_auth(auth_paylaod, 401))
elif self.headers.get("Authorization") == "Basic " + str(key):
extracted = ""
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "success",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": _q_s.username,
"password": _q_s.password,
}
Expand Down Expand Up @@ -336,15 +322,12 @@ def do_GET(self):
authorization_string = self.headers.get("Authorization").split(" ")
basic = b64decode(authorization_string[1]).decode("utf-8")
username, password = basic.split(":")
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "failed",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
Expand Down Expand Up @@ -387,14 +370,11 @@ def log_message(self, format, *args):
return

def handle_one_request(self):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
return SimpleHTTPRequestHandler.handle_one_request(self)
Expand Down
30 changes: 4 additions & 26 deletions honeypots/ftp_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,21 +80,16 @@ def requestAvatarId(self, credentials):
username = check_bytes(credentials.username)
password = check_bytes(credentials.password)
if username == _q_s.username and password == _q_s.password:
username = _q_s.username
password = _q_s.password
return defer.succeed(credentials.username)
return defer.fail(UnauthorizedLogin())

class CustomFTPProtocol(FTP):
def connectionMade(self):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
self.state = self.UNAUTH
Expand All @@ -104,41 +99,24 @@ def connectionMade(self):
def processCommand(self, cmd, *params):
with suppress(Exception):
if "capture_commands" in _q_s.options:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "command",
"data": {
"cmd": check_bytes(cmd.upper()),
"args": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
return super().processCommand(cmd, *params)

def ftp_PASS(self, password):
username = check_bytes(self._user)
password = check_bytes(password)
status = "failed"
if username == _q_s.username and password == _q_s.password:
status = "success"
_q_s.logs.info(
{
"server": _q_s.NAME,
"action": "login",
"status": status,
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
)
peer = self.transport.getPeer()
_q_s.check_login(username, password, ip=peer.host, port=peer.port)

if self.factory.allowAnonymous and self._user == self.factory.userAnonymous:
creds = credentials.Anonymous()
Expand Down
10 changes: 2 additions & 8 deletions honeypots/http_proxy_server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,29 +62,23 @@ def resolve_domain(self, request_string):
_, parsed_request = request_string.split(b"\r\n", 1)
headers = BytesParser().parsebytes(parsed_request)
host = headers["host"].split(":")
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": host[0],
}
)
return dsnquery(host[0], "A")[0].address
return None

def dataReceived(self, data): # noqa: N802
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
ip = self.resolve_domain(data)
Expand Down
Loading

0 comments on commit d927b3b

Please sign in to comment.