Beispiel #1
0
    def loginSuccessful(self, username, password):
        self.passwordTried = True
        self.loginSuccess = True
        dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
        self.makeSessionFolder()
        if self.cfg.get('txtlog', 'enabled') == 'true':
            txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
            txtlog.log(self.txtlog_file, self.connectionString)
            txtlog.log(self.txtlog_file, '[SSH  ] Login Successful: ' + username + ':' + password)
 
        if self.cfg.get('email', 'login') == 'true':
            threads.deferToThread(self.email, self.sensorName + ' - Login Successful', self.txtlog_file)
        
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleLoginSucceeded(username, password)
            self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort, self.sensorName)
            self.dbLog.handleClientVersion(self.sessionID, self.version)
                    
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleLoginSucceeded(username, password)
            self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.honeyIP, self.honeyPort)
            self.hpLog.handleClientVersion(self.version)
            
        if self.cfg.has_option('app_hooks', 'login_successful'):
            if self.cfg.get('app_hooks', 'login_successful') != '':
                cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
                threads.deferToThread(self.runCommand, cmdString)
Beispiel #2
0
 def connectionLost(self):
     dt = self.getDateTime()
     log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
     if not self.passwordTried:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             txtlog.authLog(dt, self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
         
     if self.loginSuccess:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             if os.path.exists(self.txtlog_file):
                 txtlog.log(dt, self.txtlog_file, '[SSH  ] Lost Connection with ' + self.endIP)
                 
         if self.cfg.get('database_mysql', 'enabled') == 'true':
             self.dbLog.handleConnectionLost(dt, self.sessionID)
         if self.cfg.get('hpfeeds', 'enabled') == 'true':
             self.hpLog.handleConnectionLost(dt)
         if self.cfg.get('email', 'attack') == 'true':
             threads.deferToThread(self.email, self.sensorName + ' - Attack logged', self.txtlog_file, self.ttyFiles)
     
     if self.cfg.has_option('app_hooks', 'connection_lost'):
         if self.cfg.get('app_hooks', 'connection_lost') != '':
             cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
             threads.deferToThread(self.runCommand, cmdString)
         
     self.connections.delConn(self.sensorName, self.endIP, self.endPort)
Beispiel #3
0
    def loginSuccessful(self, username, password):
        self.passwordTried = True
        self.loginSuccess = True
        dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
        self.makeSessionFolder()
        if self.cfg.get('txtlog', 'enabled') == 'true':
            txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, True)
            txtlog.log(self.txtlog_file, self.connectionString)
            txtlog.log(self.txtlog_file, '[SSH  ] Login Successful: ' + username + ':' + password)
 
        if self.cfg.get('email', 'login') == 'true':
            threads.deferToThread(self.email, 'HonSSH - Login Successful', self.txtlog_file)
        
        if self.cfg.get('database_mysql', 'enabled') == 'true':
            self.dbLog.handleLoginSucceeded(username, password)
            self.dbLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
            self.dbLog.handleClientVersion(self.sessionID, self.version)
                    
        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            self.hpLog.handleLoginSucceeded(username, password)
            self.hpLog.createSession(self.sessionID, self.endIP, self.endPort, self.cfg.get('honeypot', 'ssh_addr'), self.cfg.get('honeypot', 'ssh_port'))
            self.hpLog.handleClientVersion(self.version)
            
        if self.cfg.has_option('app_hooks', 'login_successful'):
            if self.cfg.get('app_hooks', 'login_successful') != '':
                cmdString = self.cfg.get('app_hooks', 'login_successful') + " LOGIN_SUCCESSFUL " + dt + " " + self.endIP + " " + username + " " + password
                threads.deferToThread(self.runCommand, cmdString)
Beispiel #4
0
 def loginFailed(self, username, password):
     self.passwordTried = True
     dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, False)
     
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.handleLoginFailed(username, password)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.handleLoginFailed(username, password)
         
     if self.cfg.has_option('app_hooks', 'login_failed'):
         if self.cfg.get('app_hooks', 'login_failed') != '':
             cmdString = self.cfg.get('app_hooks', 'login_failed') + " LOGIN_FAILED " + dt + " " + self.endIP + " " + username + " " + password
             threads.deferToThread(self.runCommand, cmdString)
Beispiel #5
0
 def loginFailed(self, username, password):
     self.passwordTried = True
     dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
     if self.cfg.get('txtlog', 'enabled') == 'true':
         txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, username, password, False)
     
     if self.cfg.get('database_mysql', 'enabled') == 'true':
         self.dbLog.handleLoginFailed(username, password)
         
     if self.cfg.get('hpfeeds', 'enabled') == 'true':
         self.hpLog.handleLoginFailed(username, password)
         
     if self.cfg.has_option('app_hooks', 'login_failed'):
         if self.cfg.get('app_hooks', 'login_failed') != '':
             cmdString = self.cfg.get('app_hooks', 'login_failed') + " LOGIN_FAILED " + dt + " " + self.endIP + " " + username + " " + password
             threads.deferToThread(self.runCommand, cmdString)
Beispiel #6
0
 def connectionLost(self):
     log.msg("[OUTPUT] Lost Connection with the attacker: %s" % self.endIP)
     if not self.passwordTried:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             txtlog.authLog(self.cfg.get('folders', 'log_path') + "/" + datetime.datetime.now().strftime("%Y%m%d"), self.endIP, '', '', False)
         
     if self.loginSuccess:
         if self.cfg.get('txtlog', 'enabled') == 'true':
             if os.path.exists(self.txtlog_file):
                 txtlog.log(self.txtlog_file, '[SSH  ] Lost Connection with ' + self.endIP)
                 
         if self.cfg.get('database_mysql', 'enabled') == 'true':
             self.dbLog.handleConnectionLost(self.sessionID)
         if self.cfg.get('hpfeeds', 'enabled') == 'true':
             self.hpLog.handleConnectionLost()
         if self.cfg.get('email', 'attack') == 'true':
             threads.deferToThread(self.email, 'HonSSH - Attack logged', self.txtlog_file, self.ttyFiles)
     
     dt = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
     if self.cfg.has_option('app_hooks', 'connection_lost'):
         if self.cfg.get('app_hooks', 'connection_lost') != '':
             cmdString = self.cfg.get('app_hooks', 'connection_lost') + " CONNECTION_LOST " + dt + " " + self.endIP
             threads.deferToThread(self.runCommand, cmdString)