def getManholeFactory(namespace):
realm = manhole_ssh.TerminalRealm()
def getManhole(_):
return manhole.Manhole(namespace)
realm.chainedProtocolFactory.protocolFactory = getManhole
p = portal.Portal(realm)
p.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='foobar'))
f = manhole_ssh.ConchFactory(p)
return f
def openSSHManhole(authorizedKeysFile, namespace, portNum=-1):
from twisted.conch import manhole_ssh
def makeProtocol():
return insults.ServerProtocol(manhole.Manhole, namespace)
checker = SSHPublicKeyChecker(authorizedKeysFile)
sshRealm = manhole_ssh.TerminalRealm()
sshRealm.chainedProtocolFactory = makeProtocol
sshPortal = portal.Portal(sshRealm, [checker])
sshFactory = manhole_ssh.ConchFactory(sshPortal)
port = reactor.listenTCP(portNum, sshFactory, interface='localhost')
return port
def __init__(self, portstr):
service.MultiService.__init__(self)
self.portstr = portstr
self.users = {}
# there's lots of stuff to set up for a PB connection!
self.portal = portal.Portal(self)
self.portal.registerChecker(self)
self.serverFactory = pb.PBServerFactory(self.portal)
self.serverFactory.unsafeTraceback = True
self.serverPort = strports.service(portstr, self.serverFactory)
self.serverPort.setServiceParent(self)
def setUp(self):
"""
Sets up a Realm, Portal, Factory, IRCUser, Transport, and Connection
for our tests.
"""
self.wordsRealm = InMemoryWordsRealm("example.com")
self.portal = portal.Portal(self.wordsRealm,
[checkers.InMemoryUsernamePasswordDatabaseDontUse(john="pass")])
self.factory = IRCFactory(self.wordsRealm, self.portal)
self.ircUser = self.factory.buildProtocol(None)
self.stringTransport = proto_helpers.StringTransport()
self.ircUser.makeConnection(self.stringTransport)
def makeService(self, options):
"""
Construct a TCPServer from a factory defined in Cowrie.
"""
if os.name == 'posix' and os.getuid() == 0:
print 'ERROR: You must not run cowrie as root!'
sys.exit(1)
cfg = readConfigFile(options["config"])
if cfg.has_option('honeypot', 'listen_addr'):
listen_addr = cfg.get('honeypot', 'listen_addr')
else:
listen_addr = '0.0.0.0'
# preference: 1, option, 2, config, 3, default of 2222
if options['port'] != 0:
listen_port = int(options["port"])
elif cfg.has_option('honeypot', 'listen_port'):
listen_port = int(cfg.get('honeypot', 'listen_port'))
else:
listen_port = 2222
factory = core.ssh.HoneyPotSSHFactory(cfg)
factory.portal = portal.Portal(core.ssh.HoneyPotRealm(cfg))
factory.portal.registerChecker(core.auth.HoneypotPublicKeyChecker(cfg))
factory.portal.registerChecker(core.auth.HoneypotPasswordChecker(cfg))
if cfg.has_option('honeypot', 'auth_none_enabled') and \
cfg.get('honeypot', 'auth_none_enabled').lower() in \
('yes', 'true', 'on'):
factory.portal.registerChecker(core.auth.HoneypotNoneChecker())
top_service = top_service = service.MultiService()
for i in listen_addr.split():
svc = internet.TCPServer(listen_port, factory, interface=i)
svc.setServiceParent(top_service)
if cfg.has_option('honeypot', 'interact_enabled') and \
cfg.get('honeypot', 'interact_enabled').lower() in \
('yes', 'true', 'on'):
iport = int(cfg.get('honeypot', 'interact_port'))
from cowrie.core import interact
svc = internet.TCPServer(iport,
interact.makeInteractFactory(factory))
svc.setServiceParent(top_service)
application = service.Application('cowrie')
top_service.setServiceParent(application)
return top_service
def get_manhole_factory(namespace, **passwords):
realm = manhole_ssh.TerminalRealm()
def get_manhole(_):
return manhole.ColoredManhole(namespace)
realm.chainedProtocolFactory.protocolFactory = get_manhole
p = portal.Portal(realm)
p.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(**passwords))
f = manhole_ssh.ConchFactory(p)
return f
def run_in_thread():
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(mb='mb')
#checker = checkers.AllowAnonymousAccess()
telnetRealm = _StupidRealm(telnet.TelnetBootstrapProtocol,
insults.ServerProtocol,
manhole.ColoredManhole, self.namespace)
telnetPortal = portal.Portal(telnetRealm, [checker])
telnetFactory = protocol.ServerFactory()
telnetFactory.protocol = makeTelnetProtocol(telnetPortal)
port = reactor.listenTCP(self.port, telnetFactory)
reactor.run(installSignalHandlers=False)
def getManholeFactory(namespace):
realm = manhole_ssh.TerminalRealm()
def getManhole(_):
return manhole.Manhole(namespace)
realm.chainedProtocolFactory.protocolFactory = getManhole
p = portal.Portal(realm)
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
checker.addUser(config.USERNAME, config.PASSWORD)
p.registerChecker(checker)
f = manhole_ssh.ConchFactory(p)
return f
def run(host='127.0.0.1', port=2222):
"""
Run a pretend SSH server.
"""
sshFactory = factory.SSHFactory()
sshFactory.portal = portal.Portal(PretendRealm())
sshFactory.portal.registerChecker(RecordPassAllCredentials())
sshFactory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=publicKey)}
sshFactory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privateKey)}
reactor.listenTCP(port, sshFactory, interface=host)
reactor.run()
def getPortal():
con = MySQLdb.connect("localhost", "root", "password", "imap_db")
coreMail = imapMailsMysql(con)
realm = mailRealm(coreMail)
myPortal = portal.Portal(realm)
###Mysql Credential Checking
con = adbapi.ConnectionPool(DRIVER, **PARAM)
checker = mysqlCredential.passwordCredentialChecker(con)
myPortal.registerChecker(checker)
return myPortal
def setUp(self):
self.realm = service.InMemoryWordsRealm("realmname")
self.checker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
self.portal = portal.Portal(self.realm, [self.checker])
self.serverFactory = pb.PBServerFactory(self.portal)
self.serverFactory.protocol = self._protocolFactory
self.serverFactory.unsafeTracebacks = True
self.clientFactory = pb.PBClientFactory()
self.clientFactory.unsafeTracebacks = True
self.serverPort = reactor.listenTCP(0, self.serverFactory)
self.clientConn = reactor.connectTCP("127.0.0.1",
self.serverPort.getHost().port,
self.clientFactory)
def getService(self):
factory = HoneyPotSSHFactory(version=self.version, logger=self.logger)
factory.canaryservice = self
factory.portal = portal.Portal(HoneyPotRealm())
rsa_pubKeyString, rsa_privKeyString = getRSAKeys()
dsa_pubKeyString, dsa_privKeyString = getDSAKeys()
factory.portal.registerChecker(HoneypotPasswordChecker(logger=factory.logger))
factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_pubKeyString),
'ssh-dss': keys.Key.fromString(data=dsa_pubKeyString)}
factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=rsa_privKeyString),
'ssh-dss': keys.Key.fromString(data=dsa_privKeyString)}
return internet.TCPServer(self.port, factory)
def setUp(self):
"""
Starts a shelless SSH server. Subclasses need to specify
realmFactory
"""
p = portal.Portal(self.realmFactory())
p.registerChecker(AlwaysAllow())
f = ConchFactory(p)
#self.server = reactor.listenTCP(0, f)
#self.port = self.server.getHost().port
self.port = 2222
self.server = reactor.listenTCP(self.port, f)
self.ssht = SSHTester()
def set_up_protected_resources(root_resource, provider, services_factory, checker=None, banner=None):
if not checker:
checker = LeapPasswordChecker(provider)
session_checker = SessionChecker(services_factory)
anonymous_resource = LoginResource(services_factory, disclaimer_banner=banner)
realm = PixelatedRealm(root_resource, anonymous_resource)
_portal = portal.Portal(realm, [checker, session_checker, AllowAnonymousAccess()])
protected_resource = PixelatedAuthSessionWrapper(_portal, root_resource, anonymous_resource, [])
anonymous_resource.set_portal(_portal)
root_resource.initialize(_portal, disclaimer_banner=banner)
return protected_resource
def __init__(self, port, user="******", passwd="clientpw"):
base.StatusReceiverMultiService.__init__(self)
if type(port) is int:
port = "tcp:%d" % port
self.port = port
self.cred = (user, passwd)
p = portal.Portal(self)
c = checkers.InMemoryUsernamePasswordDatabaseDontUse()
c.addUser(user, passwd)
p.registerChecker(c)
f = pb.PBServerFactory(p)
s = strports.service(port, f)
s.setServiceParent(self)
def setUp(self):
self.realm = service.InMemoryWordsRealm("realmname")
self.checker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
self.portal = portal.Portal(self.realm, [self.checker])
self.factory = service.IRCFactory(self.realm, self.portal)
c = []
for nick in self.STATIC_USERS:
if isinstance(nick, bytes):
nick = nick.decode("utf-8")
c.append(self.realm.createUser(nick))
self.checker.addUser(nick, nick + "_password")
return DeferredList(c)
def createResource():
realm = MyRealm()
porta = portal.Portal(realm)
myChecker = checkers.InMemoryUsernamePasswordDatabaseDontUse()
myChecker.addUser("user", "password")
myChecker.addUser("fred", "flintstone")
porta.registerChecker(checkers.AllowAnonymousAccess(),
credentials.IAnonymous)
porta.registerChecker(myChecker)
res = guard.SessionWrapper(porta)
return res
def createPortal(enamel):
""" createPortal
Constructs our guarded realm and portal
@param enamel: C{Enamel} instance
"""
realm = Realm(enamel)
porta = portal.Portal(realm)
porta.registerChecker(checkers.AllowAnonymousAccess(),
credentials.IAnonymous)
porta.registerChecker(enamel.authenticator(enamel))
return porta
def create_auth_session(root):
pw_path = os.path.join(conf.settings['data_dir'], ".api_keys")
initialize_api_key_file(pw_path)
checker = PasswordChecker.load_file(pw_path)
realm = HttpPasswordRealm(root)
portal_to_realm = portal.Portal(realm, [
checker,
])
factory = guard.BasicCredentialFactory('Login to lbrynet api')
_lbrynet_server = guard.HTTPAuthSessionWrapper(portal_to_realm, [
factory,
])
return _lbrynet_server
def main():
c = checkers.InMemoryUsernamePasswordDatabaseDontUse(user="******")
p = portal.Portal(Realm(), [c])
server = pb.PBServerFactory(p)
server.unsafeTracebacks = True
client = pb.PBClientFactory()
login = client.login(credentials.UsernamePassword("user", "pass"))
login.addCallback(cbLogin).addErrback(ebLogin).addBoth(lambda: reactor.stop())
from twisted.internet import reactor
p = reactor.listenTCP(0, server)
c = reactor.connectTCP('127.0.0.1', p.getHost().port, client)
reactor.run()
def make_service(args):
checker = DjangoSuperuserCredChecker()
def chainProtocolFactory():
return insults.ServerProtocol(args['protocol_factory'],
*args.get('protocol_args', ()),
**args.get('protocol_kwargs', {}))
realm = TerminalRealm()
realm.chainedProtocolFactory = chainProtocolFactory
ptl = portal.Portal(realm, [checker])
f = ConchFactory(ptl)
return internet.TCPServer(args['ssh_port'], f)
def startService(self):
components.registerAdapter(SSHSession, SSHAvatar, session.ISession)
portal = ptl.Portal(SSHRealm())
passwdDB = InMemoryUsernamePasswordDatabaseDontUse()
passwdDB.addUser(b'user', b'password')
sshDB = SSHPublicKeyChecker(
InMemorySSHKeyDB({b'user':
[keys.Key.fromFile(CLIENT_RSA_PUBLIC)]}))
portal.registerChecker(passwdDB)
portal.registerChecker(sshDB)
SSHServerFactory.portal = portal
self.endpoint = TCP4ServerEndpoint(reactor, 2222)
self.endpoint.listen(SSHServerFactory())
def getChild(self, conversation_key, request):
if conversation_key:
res = self.resource_class(self.worker, conversation_key)
checker = ConversationAccessChecker(self.worker, conversation_key)
realm = ConversationRealm(res)
p = portal.Portal(realm, [checker])
factory = BasicCredentialFactory("Conversation Realm")
protected_resource = HTTPAuthSessionWrapper(p, [factory])
return protected_resource
else:
return resource.NoResource()
def __init__(self, logfile=None, dburl=None):
PotFactory.__init__(self, logfile, dburl)
self.portal = portal.Portal(MockRealm(), (MockChecker(), ))
self.protocol.ourVersionString = random.choice([
b'SSH-2.0-OpenSSH_5.5p1 Debian-6',
b'SSH-2.0-OpenSSH_6.4p1-hpn14v2 FreeBSD-openssh-portable-6.4.p1,1',
b'SSH-2.0-OpenSSH',
b'SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u4',
b'SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.10',
b'SSH-2.0-dropbear_0.52',
b'SSH-1.99-Cisco-1.25',
])
def __init__(self, pipe_conn, in_address, in_port, in_home_workspace_dir):
"""
初始化Twisted Http Server
"""
log.debug_info(u"init")
BasePIPEChildControl.__init__(self, pipe_conn)
#开启和关闭用户权限验证标示
self.enable_check_authorization_flag = False
#开启和关闭状态码响应模块标示
self.enable_response_status_code_flag = False
#保存指定响应状态码
self.response_status_code_data = 200
#-----------------------------------------------------
#add by wangjun 20131119
#设置客户端认证模式Basic/Digest
self.authorization_type = 'Basic'
#设置客户端上传模式POST/PUT/BOTH
self.client_upload_type_string = 'BOTH'
#-----------------------------------------------------
#保存用户账户信息
self.users = {}
self.passwords = {}
self.http_factory = None
#监听的端口号
self.http_address = in_address
self.http_port = int(in_port)
#权限控制
self.http_portal = portal.Portal(TestRealm(self.users))
self.http_portal.registerChecker(PasswordDictChecker(self.passwords))
#服务工厂
#set portal
self.http_factory = MyHttpFactory()
self.http_factory.portal = self.http_portal
#set site
render_page_handle = MyRenderPage(in_home_workspace_dir)
self.http_factory.site = render_page_handle
#保存对象句柄到MyHttpFactory对象中
self.http_factory.set_callback_app_handle(self)
def makeContext(config):
"""
Constructs an initialized context from the config values.
Returns:
A dict mapping keys to available resources,
including the original config values.
"""
ctx = ConfigStore()
# if user specified a configuration file
# overwrite defaults with values from file
if config.get('config') is not None:
stream = open(config.get('config'), 'r')
del config['config']
# yaml.load turns a file into an object/dictionary
conFile = yaml.load(stream)
stream.close()
for option in conFile:
ctx[option] = conFile.get(option)
# if user specified any values via command line
# overwrite existing values
for option in config:
if not ctx.get(option, None):
ctx[option] = config.get(option)
elif (config.defaults.get(option)
and config.get(option) != config.defaults.get(option)):
ctx[option] = config.get(option)
ctx['realm'] = ShardedRealm(ctx, ctx['hostname'])
cred_checker = cred.DatabaseCredentialsChecker(ctx)
ctx['portal'] = portal.Portal(ctx['realm'], [cred_checker])
ctx["db"] = database.IRCDDatabase(db=ctx["db"],
host=ctx['rdb_host'],
port=ctx['rdb_port'])
ctx['server_info'] = dict(
serviceName=ctx['realm'].name,
serviceVersion=copyright.version,
creationDate=ctime()
)
ctx['remote_rw'] = RemoteReadWriter(ctx['nsqd_tcp_address'],
ctx['lookupd_http_address'],
ctx['hostname'])
return ctx
def setUp(self):
HttpServerTestCase.setUp(self)
# Initiating config objects without any filename
# will lead to setting defaults and that's what we
# need to run the tests
AMQPServiceConfigInstance = AmqpConfig()
AMQPServiceConfigInstance.reconnectOnConnectionLoss = False
# Launch AMQP Broker
self.amqpBroker = AmqpFactory(AMQPServiceConfigInstance)
self.amqpBroker.preConnect()
self.amqpClient = reactor.connectTCP(AMQPServiceConfigInstance.host,
AMQPServiceConfigInstance.port,
self.amqpBroker)
# Wait for AMQP Broker connection to get ready
yield self.amqpBroker.getChannelReadyDeferred()
# Add the broker to the RouterPB
yield self.pbRoot_f.addAmqpBroker(self.amqpBroker)
# Setup smpp client manager pb
yield self.clientManager_f.addAmqpBroker(self.amqpBroker)
p = portal.Portal(JasminPBRealm(self.clientManager_f))
p.registerChecker(AllowAnonymousAccess())
jPBPortalRoot = JasminPBPortalRoot(p)
self.CManagerServer = reactor.listenTCP(
0, pb.PBServerFactory(jPBPortalRoot))
self.CManagerPort = self.CManagerServer.getHost().port
# Start DLRThrower
DLRThrowerConfigInstance = DLRThrowerConfig()
self.DLRThrower = DLRThrower()
self.DLRThrower.setConfig(DLRThrowerConfigInstance)
yield self.DLRThrower.addAmqpBroker(self.amqpBroker)
# Connect to redis server
RedisForJasminConfigInstance = RedisForJasminConfig()
self.redisClient = yield ConnectionWithConfiguration(
RedisForJasminConfigInstance)
# Authenticate and select db
if RedisForJasminConfigInstance.password is not None:
yield self.redisClient.auth(RedisForJasminConfigInstance.password)
yield self.redisClient.select(RedisForJasminConfigInstance.dbid)
# Connect CM with RC:
self.clientManager_f.addRedisClient(self.redisClient)
# Set a smpp client manager proxy instance
self.SMPPClientManagerPBProxy = SMPPClientManagerPBProxy()
def makeService(self, options):
"""
Construct a server from a factory defined in myproject.
"""
endpoint_str = options['endpoint']
instance_config = options['instance-config']
realm = BindProxyWSRealm()
checkers = options.get("credCheckers", None)
if checkers is not None:
prtl = portal.Portal(realm, checkers)
else:
prtl = None
# Create the service.
return BindProxyService(endpoint=endpoint_str, instance_config=instance_config, portal=prtl)
def getManholeFactory(**users):
# Create a terminal
realm = manhole_ssh.TerminalRealm()
realm.chainedProtocolFactory.protocolFactory = PythonManhole
users = {key: value.encode() for key, value in users.items()}
p = portal.Portal(realm)
p.registerChecker(
checkers.InMemoryUsernamePasswordDatabaseDontUse(**users))
# Create a factory
f = manhole_ssh.ConchFactory(p)
f.publicKeys[b'ssh-rsa'] = keys.Key.fromString(public_rsa)
f.privateKeys[b'ssh-rsa'] = keys.Key.fromString(private_rsa)
return f
def main():
log.startLogging(sys.stdout)
wordsRealm = service.InMemoryWordsRealm('twisted-playground.org')
wordsRealm.createGroupOnRequest = True
checker = checkers.InMemoryUsernamePasswordDatabaseDontUse(admin='admin')
ircPortal = portal.Portal(wordsRealm, [checker])
factory = service.IRCFactory(wordsRealm, ircPortal)
reactor.listenTCP(6666, factory)
reactor.run()
