def getManholeFactory(namespace): realm = manhole_ssh.TerminalRealm() def getManhole(_): return manhole.Manhole(namespace) realm.chainedProtocolFactory.protocolFactory = getManhole p = portal.Portal(realm) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='foobar')) f = manhole_ssh.ConchFactory(p) return f
def openSSHManhole(authorizedKeysFile, namespace, portNum=-1): from twisted.conch import manhole_ssh def makeProtocol(): return insults.ServerProtocol(manhole.Manhole, namespace) checker = SSHPublicKeyChecker(authorizedKeysFile) sshRealm = manhole_ssh.TerminalRealm() sshRealm.chainedProtocolFactory = makeProtocol sshPortal = portal.Portal(sshRealm, [checker]) sshFactory = manhole_ssh.ConchFactory(sshPortal) port = reactor.listenTCP(portNum, sshFactory, interface='localhost') return port
def __init__(self, portstr): service.MultiService.__init__(self) self.portstr = portstr self.users = {} # there's lots of stuff to set up for a PB connection! self.portal = portal.Portal(self) self.portal.registerChecker(self) self.serverFactory = pb.PBServerFactory(self.portal) self.serverFactory.unsafeTraceback = True self.serverPort = strports.service(portstr, self.serverFactory) self.serverPort.setServiceParent(self)
def setUp(self): """ Sets up a Realm, Portal, Factory, IRCUser, Transport, and Connection for our tests. """ self.wordsRealm = InMemoryWordsRealm("example.com") self.portal = portal.Portal(self.wordsRealm, [checkers.InMemoryUsernamePasswordDatabaseDontUse(john="pass")]) self.factory = IRCFactory(self.wordsRealm, self.portal) self.ircUser = self.factory.buildProtocol(None) self.stringTransport = proto_helpers.StringTransport() self.ircUser.makeConnection(self.stringTransport)
def makeService(self, options): """ Construct a TCPServer from a factory defined in Cowrie. """ if os.name == 'posix' and os.getuid() == 0: print 'ERROR: You must not run cowrie as root!' sys.exit(1) cfg = readConfigFile(options["config"]) if cfg.has_option('honeypot', 'listen_addr'): listen_addr = cfg.get('honeypot', 'listen_addr') else: listen_addr = '0.0.0.0' # preference: 1, option, 2, config, 3, default of 2222 if options['port'] != 0: listen_port = int(options["port"]) elif cfg.has_option('honeypot', 'listen_port'): listen_port = int(cfg.get('honeypot', 'listen_port')) else: listen_port = 2222 factory = core.ssh.HoneyPotSSHFactory(cfg) factory.portal = portal.Portal(core.ssh.HoneyPotRealm(cfg)) factory.portal.registerChecker(core.auth.HoneypotPublicKeyChecker(cfg)) factory.portal.registerChecker(core.auth.HoneypotPasswordChecker(cfg)) if cfg.has_option('honeypot', 'auth_none_enabled') and \ cfg.get('honeypot', 'auth_none_enabled').lower() in \ ('yes', 'true', 'on'): factory.portal.registerChecker(core.auth.HoneypotNoneChecker()) top_service = top_service = service.MultiService() for i in listen_addr.split(): svc = internet.TCPServer(listen_port, factory, interface=i) svc.setServiceParent(top_service) if cfg.has_option('honeypot', 'interact_enabled') and \ cfg.get('honeypot', 'interact_enabled').lower() in \ ('yes', 'true', 'on'): iport = int(cfg.get('honeypot', 'interact_port')) from cowrie.core import interact svc = internet.TCPServer(iport, interact.makeInteractFactory(factory)) svc.setServiceParent(top_service) application = service.Application('cowrie') top_service.setServiceParent(application) return top_service
def get_manhole_factory(namespace, **passwords): realm = manhole_ssh.TerminalRealm() def get_manhole(_): return manhole.ColoredManhole(namespace) realm.chainedProtocolFactory.protocolFactory = get_manhole p = portal.Portal(realm) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**passwords)) f = manhole_ssh.ConchFactory(p) return f
def run_in_thread(): checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(mb='mb') #checker = checkers.AllowAnonymousAccess() telnetRealm = _StupidRealm(telnet.TelnetBootstrapProtocol, insults.ServerProtocol, manhole.ColoredManhole, self.namespace) telnetPortal = portal.Portal(telnetRealm, [checker]) telnetFactory = protocol.ServerFactory() telnetFactory.protocol = makeTelnetProtocol(telnetPortal) port = reactor.listenTCP(self.port, telnetFactory) reactor.run(installSignalHandlers=False)
def getManholeFactory(namespace): realm = manhole_ssh.TerminalRealm() def getManhole(_): return manhole.Manhole(namespace) realm.chainedProtocolFactory.protocolFactory = getManhole p = portal.Portal(realm) checker = checkers.InMemoryUsernamePasswordDatabaseDontUse() checker.addUser(config.USERNAME, config.PASSWORD) p.registerChecker(checker) f = manhole_ssh.ConchFactory(p) return f
def run(host='127.0.0.1', port=2222): """ Run a pretend SSH server. """ sshFactory = factory.SSHFactory() sshFactory.portal = portal.Portal(PretendRealm()) sshFactory.portal.registerChecker(RecordPassAllCredentials()) sshFactory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=publicKey)} sshFactory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privateKey)} reactor.listenTCP(port, sshFactory, interface=host) reactor.run()
def getPortal(): con = MySQLdb.connect("localhost", "root", "password", "imap_db") coreMail = imapMailsMysql(con) realm = mailRealm(coreMail) myPortal = portal.Portal(realm) ###Mysql Credential Checking con = adbapi.ConnectionPool(DRIVER, **PARAM) checker = mysqlCredential.passwordCredentialChecker(con) myPortal.registerChecker(checker) return myPortal
def setUp(self): self.realm = service.InMemoryWordsRealm("realmname") self.checker = checkers.InMemoryUsernamePasswordDatabaseDontUse() self.portal = portal.Portal(self.realm, [self.checker]) self.serverFactory = pb.PBServerFactory(self.portal) self.serverFactory.protocol = self._protocolFactory self.serverFactory.unsafeTracebacks = True self.clientFactory = pb.PBClientFactory() self.clientFactory.unsafeTracebacks = True self.serverPort = reactor.listenTCP(0, self.serverFactory) self.clientConn = reactor.connectTCP("127.0.0.1", self.serverPort.getHost().port, self.clientFactory)
def getService(self): factory = HoneyPotSSHFactory(version=self.version, logger=self.logger) factory.canaryservice = self factory.portal = portal.Portal(HoneyPotRealm()) rsa_pubKeyString, rsa_privKeyString = getRSAKeys() dsa_pubKeyString, dsa_privKeyString = getDSAKeys() factory.portal.registerChecker(HoneypotPasswordChecker(logger=factory.logger)) factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_pubKeyString), 'ssh-dss': keys.Key.fromString(data=dsa_pubKeyString)} factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_privKeyString), 'ssh-dss': keys.Key.fromString(data=dsa_privKeyString)} return internet.TCPServer(self.port, factory)
def setUp(self): """ Starts a shelless SSH server. Subclasses need to specify realmFactory """ p = portal.Portal(self.realmFactory()) p.registerChecker(AlwaysAllow()) f = ConchFactory(p) #self.server = reactor.listenTCP(0, f) #self.port = self.server.getHost().port self.port = 2222 self.server = reactor.listenTCP(self.port, f) self.ssht = SSHTester()
def set_up_protected_resources(root_resource, provider, services_factory, checker=None, banner=None): if not checker: checker = LeapPasswordChecker(provider) session_checker = SessionChecker(services_factory) anonymous_resource = LoginResource(services_factory, disclaimer_banner=banner) realm = PixelatedRealm(root_resource, anonymous_resource) _portal = portal.Portal(realm, [checker, session_checker, AllowAnonymousAccess()]) protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, []) anonymous_resource.set_portal(_portal) root_resource.initialize(_portal, disclaimer_banner=banner) return protected_resource
def __init__(self, port, user="******", passwd="clientpw"): base.StatusReceiverMultiService.__init__(self) if type(port) is int: port = "tcp:%d" % port self.port = port self.cred = (user, passwd) p = portal.Portal(self) c = checkers.InMemoryUsernamePasswordDatabaseDontUse() c.addUser(user, passwd) p.registerChecker(c) f = pb.PBServerFactory(p) s = strports.service(port, f) s.setServiceParent(self)
def setUp(self): self.realm = service.InMemoryWordsRealm("realmname") self.checker = checkers.InMemoryUsernamePasswordDatabaseDontUse() self.portal = portal.Portal(self.realm, [self.checker]) self.factory = service.IRCFactory(self.realm, self.portal) c = [] for nick in self.STATIC_USERS: if isinstance(nick, bytes): nick = nick.decode("utf-8") c.append(self.realm.createUser(nick)) self.checker.addUser(nick, nick + "_password") return DeferredList(c)
def createResource(): realm = MyRealm() porta = portal.Portal(realm) myChecker = checkers.InMemoryUsernamePasswordDatabaseDontUse() myChecker.addUser("user", "password") myChecker.addUser("fred", "flintstone") porta.registerChecker(checkers.AllowAnonymousAccess(), credentials.IAnonymous) porta.registerChecker(myChecker) res = guard.SessionWrapper(porta) return res
def createPortal(enamel): """ createPortal Constructs our guarded realm and portal @param enamel: C{Enamel} instance """ realm = Realm(enamel) porta = portal.Portal(realm) porta.registerChecker(checkers.AllowAnonymousAccess(), credentials.IAnonymous) porta.registerChecker(enamel.authenticator(enamel)) return porta
def create_auth_session(root): pw_path = os.path.join(conf.settings['data_dir'], ".api_keys") initialize_api_key_file(pw_path) checker = PasswordChecker.load_file(pw_path) realm = HttpPasswordRealm(root) portal_to_realm = portal.Portal(realm, [ checker, ]) factory = guard.BasicCredentialFactory('Login to lbrynet api') _lbrynet_server = guard.HTTPAuthSessionWrapper(portal_to_realm, [ factory, ]) return _lbrynet_server
def main(): c = checkers.InMemoryUsernamePasswordDatabaseDontUse(user="******") p = portal.Portal(Realm(), [c]) server = pb.PBServerFactory(p) server.unsafeTracebacks = True client = pb.PBClientFactory() login = client.login(credentials.UsernamePassword("user", "pass")) login.addCallback(cbLogin).addErrback(ebLogin).addBoth(lambda: reactor.stop()) from twisted.internet import reactor p = reactor.listenTCP(0, server) c = reactor.connectTCP('127.0.0.1', p.getHost().port, client) reactor.run()
def make_service(args): checker = DjangoSuperuserCredChecker() def chainProtocolFactory(): return insults.ServerProtocol(args['protocol_factory'], *args.get('protocol_args', ()), **args.get('protocol_kwargs', {})) realm = TerminalRealm() realm.chainedProtocolFactory = chainProtocolFactory ptl = portal.Portal(realm, [checker]) f = ConchFactory(ptl) return internet.TCPServer(args['ssh_port'], f)
def startService(self): components.registerAdapter(SSHSession, SSHAvatar, session.ISession) portal = ptl.Portal(SSHRealm()) passwdDB = InMemoryUsernamePasswordDatabaseDontUse() passwdDB.addUser(b'user', b'password') sshDB = SSHPublicKeyChecker( InMemorySSHKeyDB({b'user': [keys.Key.fromFile(CLIENT_RSA_PUBLIC)]})) portal.registerChecker(passwdDB) portal.registerChecker(sshDB) SSHServerFactory.portal = portal self.endpoint = TCP4ServerEndpoint(reactor, 2222) self.endpoint.listen(SSHServerFactory())
def getChild(self, conversation_key, request): if conversation_key: res = self.resource_class(self.worker, conversation_key) checker = ConversationAccessChecker(self.worker, conversation_key) realm = ConversationRealm(res) p = portal.Portal(realm, [checker]) factory = BasicCredentialFactory("Conversation Realm") protected_resource = HTTPAuthSessionWrapper(p, [factory]) return protected_resource else: return resource.NoResource()
def __init__(self, logfile=None, dburl=None): PotFactory.__init__(self, logfile, dburl) self.portal = portal.Portal(MockRealm(), (MockChecker(), )) self.protocol.ourVersionString = random.choice([ b'SSH-2.0-OpenSSH_5.5p1 Debian-6', b'SSH-2.0-OpenSSH_6.4p1-hpn14v2 FreeBSD-openssh-portable-6.4.p1,1', b'SSH-2.0-OpenSSH', b'SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u4', b'SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10', b'SSH-2.0-dropbear_0.52', b'SSH-1.99-Cisco-1.25', ])
def __init__(self, pipe_conn, in_address, in_port, in_home_workspace_dir): """ 初始化Twisted Http Server """ log.debug_info(u"init") BasePIPEChildControl.__init__(self, pipe_conn) #开启和关闭用户权限验证标示 self.enable_check_authorization_flag = False #开启和关闭状态码响应模块标示 self.enable_response_status_code_flag = False #保存指定响应状态码 self.response_status_code_data = 200 #----------------------------------------------------- #add by wangjun 20131119 #设置客户端认证模式Basic/Digest self.authorization_type = 'Basic' #设置客户端上传模式POST/PUT/BOTH self.client_upload_type_string = 'BOTH' #----------------------------------------------------- #保存用户账户信息 self.users = {} self.passwords = {} self.http_factory = None #监听的端口号 self.http_address = in_address self.http_port = int(in_port) #权限控制 self.http_portal = portal.Portal(TestRealm(self.users)) self.http_portal.registerChecker(PasswordDictChecker(self.passwords)) #服务工厂 #set portal self.http_factory = MyHttpFactory() self.http_factory.portal = self.http_portal #set site render_page_handle = MyRenderPage(in_home_workspace_dir) self.http_factory.site = render_page_handle #保存对象句柄到MyHttpFactory对象中 self.http_factory.set_callback_app_handle(self)
def makeContext(config): """ Constructs an initialized context from the config values. Returns: A dict mapping keys to available resources, including the original config values. """ ctx = ConfigStore() # if user specified a configuration file # overwrite defaults with values from file if config.get('config') is not None: stream = open(config.get('config'), 'r') del config['config'] # yaml.load turns a file into an object/dictionary conFile = yaml.load(stream) stream.close() for option in conFile: ctx[option] = conFile.get(option) # if user specified any values via command line # overwrite existing values for option in config: if not ctx.get(option, None): ctx[option] = config.get(option) elif (config.defaults.get(option) and config.get(option) != config.defaults.get(option)): ctx[option] = config.get(option) ctx['realm'] = ShardedRealm(ctx, ctx['hostname']) cred_checker = cred.DatabaseCredentialsChecker(ctx) ctx['portal'] = portal.Portal(ctx['realm'], [cred_checker]) ctx["db"] = database.IRCDDatabase(db=ctx["db"], host=ctx['rdb_host'], port=ctx['rdb_port']) ctx['server_info'] = dict( serviceName=ctx['realm'].name, serviceVersion=copyright.version, creationDate=ctime() ) ctx['remote_rw'] = RemoteReadWriter(ctx['nsqd_tcp_address'], ctx['lookupd_http_address'], ctx['hostname']) return ctx
def setUp(self): HttpServerTestCase.setUp(self) # Initiating config objects without any filename # will lead to setting defaults and that's what we # need to run the tests AMQPServiceConfigInstance = AmqpConfig() AMQPServiceConfigInstance.reconnectOnConnectionLoss = False # Launch AMQP Broker self.amqpBroker = AmqpFactory(AMQPServiceConfigInstance) self.amqpBroker.preConnect() self.amqpClient = reactor.connectTCP(AMQPServiceConfigInstance.host, AMQPServiceConfigInstance.port, self.amqpBroker) # Wait for AMQP Broker connection to get ready yield self.amqpBroker.getChannelReadyDeferred() # Add the broker to the RouterPB yield self.pbRoot_f.addAmqpBroker(self.amqpBroker) # Setup smpp client manager pb yield self.clientManager_f.addAmqpBroker(self.amqpBroker) p = portal.Portal(JasminPBRealm(self.clientManager_f)) p.registerChecker(AllowAnonymousAccess()) jPBPortalRoot = JasminPBPortalRoot(p) self.CManagerServer = reactor.listenTCP( 0, pb.PBServerFactory(jPBPortalRoot)) self.CManagerPort = self.CManagerServer.getHost().port # Start DLRThrower DLRThrowerConfigInstance = DLRThrowerConfig() self.DLRThrower = DLRThrower() self.DLRThrower.setConfig(DLRThrowerConfigInstance) yield self.DLRThrower.addAmqpBroker(self.amqpBroker) # Connect to redis server RedisForJasminConfigInstance = RedisForJasminConfig() self.redisClient = yield ConnectionWithConfiguration( RedisForJasminConfigInstance) # Authenticate and select db if RedisForJasminConfigInstance.password is not None: yield self.redisClient.auth(RedisForJasminConfigInstance.password) yield self.redisClient.select(RedisForJasminConfigInstance.dbid) # Connect CM with RC: self.clientManager_f.addRedisClient(self.redisClient) # Set a smpp client manager proxy instance self.SMPPClientManagerPBProxy = SMPPClientManagerPBProxy()
def makeService(self, options): """ Construct a server from a factory defined in myproject. """ endpoint_str = options['endpoint'] instance_config = options['instance-config'] realm = BindProxyWSRealm() checkers = options.get("credCheckers", None) if checkers is not None: prtl = portal.Portal(realm, checkers) else: prtl = None # Create the service. return BindProxyService(endpoint=endpoint_str, instance_config=instance_config, portal=prtl)
def getManholeFactory(**users): # Create a terminal realm = manhole_ssh.TerminalRealm() realm.chainedProtocolFactory.protocolFactory = PythonManhole users = {key: value.encode() for key, value in users.items()} p = portal.Portal(realm) p.registerChecker( checkers.InMemoryUsernamePasswordDatabaseDontUse(**users)) # Create a factory f = manhole_ssh.ConchFactory(p) f.publicKeys[b'ssh-rsa'] = keys.Key.fromString(public_rsa) f.privateKeys[b'ssh-rsa'] = keys.Key.fromString(private_rsa) return f
def main(): log.startLogging(sys.stdout) wordsRealm = service.InMemoryWordsRealm('twisted-playground.org') wordsRealm.createGroupOnRequest = True checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='admin') ircPortal = portal.Portal(wordsRealm, [checker]) factory = service.IRCFactory(wordsRealm, ircPortal) reactor.listenTCP(6666, factory) reactor.run()