def authenticateBackend(self, tried_username=None, tried_password=None):
"""
This is called when the frontend is authenticated, so as to give us the option to authenticate with the
username and password given by the attacker.
"""
# we keep these here in case frontend has authenticated and backend hasn't established the secure channel yet;
# in that case, tried credentials are stored to be used whenever usearauth with backend can be performed
if tried_username and tried_password:
self.frontendTriedUsername = tried_username
self.frontendTriedPassword = tried_password
# do nothing if frontend is not authenticated, or backend has not established a secure channel
if not self.factory.server.frontendAuthenticated or not self.canAuth:
return
# we authenticate with the backend using the credentials provided
# TODO create the account in the backend before (contact the pool of VMs for example)
# so these credentials from the config may not be needed after all
username = CowrieConfig.get("proxy", "backend_user").encode()
password = CowrieConfig.get("proxy", "backend_pass").encode()
log.msg(f"Will auth with backend: {username}/{password}")
self.sendPacket(5, bin_string_to_hex(b"ssh-userauth"))
payload = (
bin_string_to_hex(username)
+ string_to_hex("ssh-connection")
+ string_to_hex("password")
+ b"\x00"
+ bin_string_to_hex(password)
)
self.sendPacket(50, payload)
self.factory.server.backendConnected = True
# send packets from the frontend that were waiting to go to the backend
for packet in self.factory.server.delayedPackets:
self.factory.server.sshParse.parse_packet("[SERVER]", packet[0], packet[1])
self.factory.server.delayedPackets = []
# backend auth is done, attackers will now be connected to the backend
self.authDone = True
def authenticateBackend(self, tried_username=None, tried_password=None):
"""
This is called when the frontend is authenticated, so as to give us the option to authenticate with the
username and password given by the attacker.
"""
# we keep these here in case frontend has authenticated and backend hasn't established the secure channel yet;
# in that case, tried credentials are stored to be used whenever usearauth with backend can be performed
if tried_username and tried_password:
self.frontendTriedUsername = tried_username
self.frontendTriedPassword = tried_password
# do nothing if frontend is not authenticated, or backend has not established a secure channel
if not self.factory.server.frontendAuthenticated or not self.canAuth:
return
# we authenticate with the backend using the credentials provided
# TODO create the account in the backend before (contact the pool of VMs for example)
# so these credentials from the config may not be needed after all
username = CowrieConfig().get('proxy', 'backend_user').encode()
password = CowrieConfig().get('proxy', 'backend_pass').encode()
log.msg('Will auth with backend: {0}/{1}'.format(username, password))
self.sendPacket(5, bin_string_to_hex(b'ssh-userauth'))
payload = bin_string_to_hex(username) + \
string_to_hex('ssh-connection') + \
string_to_hex('password') + \
b'\x00' + \
bin_string_to_hex(password)
self.sendPacket(50, payload)
self.factory.server.backendConnected = True
# send packets from the frontend that were waiting to go to the backend
for packet in self.factory.server.delayedPackets:
self.factory.server.sshParse.parse_packet('[SERVER]', packet[0],
packet[1])
self.factory.server.delayedPackets = []