Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ssh server fix #59

Merged
merged 12 commits into from
Mar 4, 2024
Merged

Ssh server fix #59

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
00045b8
deactivate paramiko logging
jstucke Feb 1, 2024
da7ae8a
ssh server: fix interactive timeout error
jstucke Feb 1, 2024
e64ab1b
ssh server: fix timeout, support more commands, refactoring
jstucke Feb 1, 2024
b61722b
vnc: fixed pw decode bug, wordlist loading
jstucke Feb 2, 2024
f2b9861
refactoring: new logging function in base class
jstucke Feb 2, 2024
0d4e716
test bug fix
jstucke Feb 2, 2024
78e4844
test fixes
jstucke Feb 6, 2024
9efce38
ssh server: fix for ctrl+D press during interactive session
jstucke Feb 7, 2024
7c5823b
Merge remote-tracking branch 'origin/main' into ssh-server
jstucke Feb 14, 2024
6a86fb8
Merge remote-tracking branch 'origin/main' into ssh-server
jstucke Feb 14, 2024
0e6f1a2
ssh: bug fixes + refactoring
jstucke Feb 22, 2024
7164ad5
Merge remote-tracking branch 'upstream/main' into ssh-server-fix
jstucke Mar 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 5 additions & 11 deletions honeypots/base_http_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,11 @@ def __init__(self, **kwargs):
)

class MainResource(Resource):
isLeaf = True
isLeaf = True # noqa: N815
home_file = load_template("home.html")
login_file = load_template("login.html")

def __init__(self, *args, hp_server=None, **kwargs):
def __init__(self, *args, hp_server: BaseHttpServer = None, **kwargs):
super().__init__(*args, **kwargs)
self.hp_server = hp_server
self.headers = {}
Expand All @@ -53,30 +53,24 @@ def render(self, request):

with suppress(Exception):
log_data = {
"server": self.hp_server.NAME,
"action": "connection",
"src_ip": client_ip,
"src_port": request.getClientAddress().port,
"dest_ip": self.hp_server.ip,
"dest_port": self.hp_server.port,
}
if "capture_commands" in self.hp_server.options:
log_data["data"] = headers
self.hp_server.logs.info(log_data)
self.hp_server.log(log_data)

if self.hp_server.mocking_server != "":
request.responseHeaders.removeHeader("Server")
request.responseHeaders.addRawHeader("Server", self.hp_server.mocking_server)

if request.method in (b"GET", b"POST"):
self.hp_server.logs.info(
self.hp_server.log(
{
"server": self.hp_server.NAME,
"action": request.method.decode(),
"src_ip": client_ip,
"src_port": request.getClientAddress().port,
"dest_ip": self.hp_server.ip,
"dest_port": self.hp_server.port,
}
)

Expand Down Expand Up @@ -115,7 +109,7 @@ def render(self, request):
if "username" in form and "password" in form:
username = check_bytes(form["username"].value)
password = check_bytes(form["password"].value)
self.hp_server.log_login(
self.hp_server.check_login(
username, password, client_ip, request.getClientAddress().port
)

Expand Down
24 changes: 15 additions & 9 deletions honeypots/base_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from os import getenv
from shlex import split
from subprocess import Popen
from typing import Any
from uuid import uuid4

from honeypots.helper import (
Expand Down Expand Up @@ -96,15 +97,12 @@ def run_server(self, process: bool = False, auto: bool = False) -> bool | None:
if self.process.poll() is None and check_if_server_is_running(self.uuid):
status = "success"

self.logs.info(
self.log(
{
"server": self.NAME,
"action": "process",
"status": status,
"src_ip": self.ip,
"src_port": self.port,
"dest_ip": self.ip,
"dest_port": self.port,
}
)

Expand All @@ -113,21 +111,29 @@ def run_server(self, process: bool = False, auto: bool = False) -> bool | None:
self.kill_server()
return False

def log_login(self, username: str, password: str, ip: str, port: int):
def check_login(self, username: str, password: str, ip: str, port: int) -> bool:
status = "success" if self._login_is_correct(username, password) else "failed"
self.logs.info(
self.log(
{
"server": self.NAME,
"action": "login",
"status": status,
"src_ip": ip,
"src_port": port,
"username": username,
"password": password,
"dest_ip": self.ip,
"dest_port": self.port,
}
)
return status == "success"

def _login_is_correct(self, username: str, password: str) -> bool:
return username == self.username and password == self.password

def log(self, log_data: dict[str, Any]):
log_data.update(
{
"server": self.NAME,
"dest_ip": self.ip,
"dest_port": self.port,
}
)
self.logs.info(log_data)
10 changes: 2 additions & 8 deletions honeypots/dhcp_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,7 @@
from twisted.internet.protocol import DatagramProtocol

from honeypots.base_server import BaseServer
from honeypots.helper import (
server_arguments,
check_bytes,
)
from honeypots.helper import check_bytes, server_arguments


class QDHCPServer(BaseServer):
Expand Down Expand Up @@ -96,15 +93,12 @@ def datagramReceived(self, data, addr):
mac_address = "None"
data = self.parse_options(data[240:])
data.update({"mac_address": mac_address})
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"status": "success",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data,
}
)
Expand Down
10 changes: 2 additions & 8 deletions honeypots/dns_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,29 +53,23 @@ def gotResolverResponse(self, response, protocol, message, address):
src_ip, src_port = address
for items in response:
for item in items:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"src_ip": src_ip,
"src_port": src_port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return super().gotResolverResponse(response, protocol, message, address)

class CustomDnsUdpProtocol(dns.DNSDatagramProtocol):
def datagramReceived(self, data: bytes, addr: tuple[str, int]):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data.decode(errors="replace"),
}
)
Expand Down
34 changes: 7 additions & 27 deletions honeypots/elastic_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,15 +44,12 @@ def _dump_headers(self):
for item, value in dict(self.headers).items():
headers.update({check_bytes(item): check_bytes(value)})

_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "dump",
"data": check_bytes(self.raw_requestline),
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"headers": headers,
}
)
Expand Down Expand Up @@ -109,15 +106,12 @@ def do_GET(self):

key = self.server.get_auth_key()
if self.headers.get("Authorization") is None:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "failed",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
Expand All @@ -129,18 +123,14 @@ def do_GET(self):
"root_cause": [
{
"type": "security_exception",
"reason": "unable to authenticate user [{}] for REST request [/]".format(
username
),
"reason": f"unable to authenticate user [{username}] for REST request [/]",
"header": {
"WWW-Authenticate": 'Basic realm="security" charset="UTF-8"'
},
}
],
"type": "security_exception",
"reason": "unable to authenticate user [{}] for REST request [/]".format(
username
),
"reason": f"unable to authenticate user [{username}] for REST request [/]",
"header": {
"WWW-Authenticate": 'Basic realm="security" charset="UTF-8"'
},
Expand All @@ -152,16 +142,12 @@ def do_GET(self):
)
self.wfile.write(self._set_response_gzip_auth(auth_paylaod, 401))
elif self.headers.get("Authorization") == "Basic " + str(key):
extracted = ""
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "success",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": _q_s.username,
"password": _q_s.password,
}
Expand Down Expand Up @@ -336,15 +322,12 @@ def do_GET(self):
authorization_string = self.headers.get("Authorization").split(" ")
basic = b64decode(authorization_string[1]).decode("utf-8")
username, password = basic.split(":")
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "login",
"status": "failed",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
Expand Down Expand Up @@ -387,14 +370,11 @@ def log_message(self, format, *args):
return

def handle_one_request(self):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.client_address[0],
"src_port": self.client_address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
return SimpleHTTPRequestHandler.handle_one_request(self)
Expand Down
30 changes: 4 additions & 26 deletions honeypots/ftp_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,21 +80,16 @@ def requestAvatarId(self, credentials):
username = check_bytes(credentials.username)
password = check_bytes(credentials.password)
if username == _q_s.username and password == _q_s.password:
username = _q_s.username
password = _q_s.password
return defer.succeed(credentials.username)
return defer.fail(UnauthorizedLogin())

class CustomFTPProtocol(FTP):
def connectionMade(self):
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
self.state = self.UNAUTH
Expand All @@ -104,41 +99,24 @@ def connectionMade(self):
def processCommand(self, cmd, *params):
with suppress(Exception):
if "capture_commands" in _q_s.options:
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "command",
"data": {
"cmd": check_bytes(cmd.upper()),
"args": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
return super().processCommand(cmd, *params)

def ftp_PASS(self, password):
username = check_bytes(self._user)
password = check_bytes(password)
status = "failed"
if username == _q_s.username and password == _q_s.password:
status = "success"
_q_s.logs.info(
{
"server": _q_s.NAME,
"action": "login",
"status": status,
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"username": username,
"password": password,
}
)
peer = self.transport.getPeer()
_q_s.check_login(username, password, ip=peer.host, port=peer.port)

if self.factory.allowAnonymous and self._user == self.factory.userAnonymous:
creds = credentials.Anonymous()
Expand Down
10 changes: 2 additions & 8 deletions honeypots/http_proxy_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,29 +62,23 @@ def resolve_domain(self, request_string):
_, parsed_request = request_string.split(b"\r\n", 1)
headers = BytesParser().parsebytes(parsed_request)
host = headers["host"].split(":")
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "query",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": host[0],
}
)
return dsnquery(host[0], "A")[0].address
return None

def dataReceived(self, data): # noqa: N802
_q_s.logs.info(
_q_s.log(
{
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
ip = self.resolve_domain(data)
Expand Down
Loading
Loading