def connectionMade(self):
recvline.HistoricRecvLine.connectionMade(self)
self.displayMOTD()
self.cmdstack = [HoneyPotShell(self)]
transport = self.terminal.transport.session.conn.transport
transport.factory.sessions[transport.transport.sessionno] = self
self.realClientIP = transport.transport.getPeer().host
self.clientVersion = transport.otherVersionString
self.logintime = transport.logintime
self.ttylog_file = transport.ttylog_file
# source IP of client in user visible reports (can be fake or real)
cfg = config()
if cfg.has_option('honeypot', 'fake_addr'):
self.clientIP = cfg.get('honeypot', 'fake_addr')
else:
self.clientIP = self.realClientIP
self.keyHandlers.update({
'\x04': self.handle_CTRL_D,
'\x15': self.handle_CTRL_U,
'\x03': self.handle_CTRL_C,
'\x09': self.handle_TAB,
})
def connectionMade(self):
recvline.HistoricRecvLine.connectionMade(self)
self.displayMOTD()
self.cmdstack = [HoneyPotShell(self)]
transport = self.terminal.transport.session.conn.transport
transport.factory.sessions[transport.transport.sessionno] = self
self.realClientIP = transport.transport.getPeer().host
self.clientVersion = transport.otherVersionString
self.logintime = transport.logintime
self.ttylog_file = transport.ttylog_file
# source IP of client in user visible reports (can be fake or real)
cfg = config()
if cfg.has_option('honeypot', 'fake_addr'):
self.clientIP = cfg.get('honeypot', 'fake_addr')
else:
self.clientIP = self.realClientIP
self.keyHandlers.update({
'\x04': self.handle_CTRL_D,
'\x15': self.handle_CTRL_U,
'\x03': self.handle_CTRL_C,
'\x09': self.handle_TAB,
})
def load(self):
'''load the user db'''
userdb_file = '%s/userdb.txt' % \
(config().get('honeypot', 'data_path'),)
f = open(userdb_file, 'r')
while True:
line = f.readline()
if not line:
break
line = string.strip(line)
if not line:
continue
(login, uid_str, passwd) = line.split(':', 2)
uid = 0
try:
uid = int(uid_str)
except ValueError:
uid = 1001
self.userdb.append((login, uid, passwd))
f.close()
def load(self):
'''load the user db'''
userdb_file = '%s/userdb.txt' % \
(config().get('honeypot', 'data_path'),)
f = open(userdb_file, 'r')
while True:
line = f.readline()
if not line:
break
line = string.strip(line)
if not line:
continue
(login, uid_str, passwd) = line.split(':', 2)
uid = 0
try:
uid = int(uid_str)
except ValueError:
uid = 1001
self.userdb.append((login, uid, passwd))
f.close()
def save(self):
'''save the user db'''
userdb_file = '%s/userdb.txt' % \
(config().get('honeypot', 'data_path'),)
# Note: this is subject to races between rassh instances, but hey ...
f = open(userdb_file, 'w')
for (login, uid, passwd) in self.userdb:
f.write('%s:%d:%s\n' % (login, uid, passwd))
f.close()
def __init__(self):
self.cfg = config()
self.commands = {}
import rassh.commands
for c in rassh.commands.__all__:
module = __import__('rassh.commands.%s' % c, globals(), locals(),
['commands'])
#print c, module.commands
self.commands.update(module.commands)
self.fs = pickle.load(
file(self.cfg.get('honeypot', 'filesystem_file'), 'rb'))
def __init__(self):
self.cfg = config()
self.commands = {}
import rassh.commands
for c in rassh.commands.__all__:
module = __import__('rassh.commands.%s' % c,
globals(), locals(), ['commands'])
#print c, module.commands
self.commands.update(module.commands)
self.fs = pickle.load(file(
self.cfg.get('honeypot', 'filesystem_file'), 'rb'))
def save(self):
'''save the user db'''
userdb_file = '%s/userdb.txt' % \
(config().get('honeypot', 'data_path'),)
# Note: this is subject to races between rassh instances, but hey ...
f = open(userdb_file, 'w')
for (login, uid, passwd) in self.userdb:
f.write('%s:%d:%s\n' % (login, uid, passwd))
f.close()
def connectionMade(self):
transport = self.transport.session.conn.transport
transport.ttylog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
print 'Opening TTY log: %s' % transport.ttylog_file
ttylog.ttylog_open(transport.ttylog_file, time.time())
transport.ttylog_open = True
insults.ServerProtocol.connectionMade(self)
def connectionMade(self):
transport = self.transport.session.conn.transport
transport.ttylog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
print 'Opening TTY log: %s' % transport.ttylog_file
ttylog.ttylog_open(transport.ttylog_file, time.time())
transport.ttylog_open = True
insults.ServerProtocol.connectionMade(self)
def __init__(self, user, env):
self.user = user
self.env = env
self.hostname = self.env.cfg.get('honeypot', 'hostname')
self.fs = fs.HoneyPotFilesystem(deepcopy(self.env.fs))
if self.fs.exists(user.home):
self.cwd = user.home
else:
self.cwd = '/'
# commands is also a copy so we can add stuff on the fly
self.commands = copy(self.env.commands)
self.password_input = False
self.cmdstack = []
self.DB = DB(config())
def __init__(self, user, env):
self.user = user
self.env = env
self.hostname = self.env.cfg.get('honeypot', 'hostname')
self.fs = fs.HoneyPotFilesystem(deepcopy(self.env.fs))
if self.fs.exists(user.home):
self.cwd = user.home
else:
self.cwd = '/'
# commands is also a copy so we can add stuff on the fly
self.commands = copy(self.env.commands)
self.password_input = False
self.cmdstack = []
self.DB = DB(config())
def file_contents(self, target, count = 0):
if count > 10:
raise TooManyLevels
path = self.resolve_path(target, os.path.dirname(target))
print '%s resolved into %s' % (target, path)
if not path or not self.exists(path):
raise FileNotFound
f = self.getfile(path)
if f[A_TYPE] == T_LINK:
return self.file_contents(f[A_TARGET], count + 1)
realfile = self.realfile(f, '%s/%s' % \
(config().get('honeypot', 'contents_path'), path))
if realfile:
return file(realfile, 'rb').read()
def file_contents(self, target, count=0):
if count > 10:
raise TooManyLevels
path = self.resolve_path(target, os.path.dirname(target))
print '%s resolved into %s' % (target, path)
if not path or not self.exists(path):
raise FileNotFound
f = self.getfile(path)
if f[A_TYPE] == T_LINK:
return self.file_contents(f[A_TARGET], count + 1)
realfile = self.realfile(f, '%s/%s' % \
(config().get('honeypot', 'contents_path'), path))
if realfile:
return file(realfile, 'rb').read()
def call(self):
fn = '%s/lastlog.txt' % (config().get('honeypot', 'data_path'), )
if not os.path.exists(fn):
return
l = list(self.args)
numlines = 25
while len(l):
arg = l.pop(0)
if not arg.startswith('-'):
continue
elif arg[1:].isdigit():
numlines = int(arg[1:])
elif arg == '-n' and len(l) and l[0].isdigit():
numlines = int(l.pop(0))
data = utils.tail(file(fn), numlines)
self.writeln(''.join(data))
def call(self):
fn = '%s/lastlog.txt' % (config().get('honeypot', 'data_path'),)
if not os.path.exists(fn):
return
l = list(self.args)
numlines = 25
while len(l):
arg = l.pop(0)
if not arg.startswith('-'):
continue
elif arg[1:].isdigit():
numlines = int(arg[1:])
elif arg == '-n' and len(l) and l[0].isdigit():
numlines = int(l.pop(0))
data = utils.tail(file(fn), numlines)
self.writeln(''.join(data))
def __init__(self):
cfg = config()
# protocol^Wwhatever instances are kept here for the interact feature
self.sessions = {}
# for use by the uptime command
self.starttime = time.time()
# convert old pass.db root passwords
passdb_file = '%s/pass.db' % (cfg.get('honeypot', 'data_path'),)
if os.path.exists(passdb_file):
userdb = UserDB()
print 'pass.db deprecated - copying passwords over to userdb.txt'
if os.path.exists('%s.bak' % (passdb_file,)):
print 'ERROR: %s.bak already exists, skipping conversion!' % \
(passdb_file,)
else:
passdb = anydbm.open(passdb_file, 'c')
for p in passdb:
userdb.adduser('root', 0, p)
passdb.close()
os.rename(passdb_file, '%s.bak' % (passdb_file,))
print 'pass.db backed up to %s.bak' % (passdb_file,)
# load db loggers
self.dbloggers = []
for x in cfg.sections():
if not x.startswith('database_'):
continue
engine = x.split('_')[1]
dbengine = 'database_' + engine
lcfg = ConfigParser.ConfigParser()
lcfg.add_section(dbengine)
for i in cfg.options(x):
lcfg.set(dbengine, i, cfg.get(x, i))
lcfg.add_section('honeypot')
for i in cfg.options('honeypot'):
lcfg.set('honeypot', i, cfg.get('honeypot', i))
print 'Loading dblog engine: %s' % (engine,)
dblogger = __import__(
'rassh.dblog.%s' % (engine,),
globals(), locals(), ['dblog']).DBLogger(lcfg)
log.startLoggingWithObserver(dblogger.emit, setStdout=False)
self.dbloggers.append(dblogger)
def sendBanner(self):
if self.bannerSent:
return
cfg = config()
if not cfg.has_option('honeypot', 'banner_file'):
return
try:
data = file(cfg.get('honeypot', 'banner_file')).read()
except IOError:
print 'Banner file %s does not exist!' % \
cfg.get('honeypot', 'banner_file')
return
if not data or not len(data.strip()):
return
data = '\r\n'.join(data.splitlines() + [''])
self.transport.sendPacket(userauth.MSG_USERAUTH_BANNER,
NS(data) + NS('en'))
self.bannerSent = True
def sendBanner(self):
if self.bannerSent:
return
cfg = config()
if not cfg.has_option('honeypot', 'banner_file'):
return
try:
data = file(cfg.get('honeypot', 'banner_file')).read()
except IOError:
print 'Banner file %s does not exist!' % \
cfg.get('honeypot', 'banner_file')
return
if not data or not len(data.strip()):
return
data = '\r\n'.join(data.splitlines() + [''])
self.transport.sendPacket(
userauth.MSG_USERAUTH_BANNER, NS(data) + NS('en'))
self.bannerSent = True
def __init__(self):
cfg = config()
# protocol^Wwhatever instances are kept here for the interact feature
self.sessions = {}
# for use by the uptime command
self.starttime = time.time()
# convert old pass.db root passwords
passdb_file = '%s/pass.db' % (cfg.get('honeypot', 'data_path'), )
if os.path.exists(passdb_file):
userdb = UserDB()
print 'pass.db deprecated - copying passwords over to userdb.txt'
if os.path.exists('%s.bak' % (passdb_file, )):
print 'ERROR: %s.bak already exists, skipping conversion!' % \
(passdb_file,)
else:
passdb = anydbm.open(passdb_file, 'c')
for p in passdb:
userdb.adduser('root', 0, p)
passdb.close()
os.rename(passdb_file, '%s.bak' % (passdb_file, ))
print 'pass.db backed up to %s.bak' % (passdb_file, )
# load db loggers
self.dbloggers = []
for x in cfg.sections():
if not x.startswith('database_'):
continue
engine = x.split('_')[1]
dbengine = 'database_' + engine
lcfg = ConfigParser.ConfigParser()
lcfg.add_section(dbengine)
for i in cfg.options(x):
lcfg.set(dbengine, i, cfg.get(x, i))
lcfg.add_section('honeypot')
for i in cfg.options('honeypot'):
lcfg.set('honeypot', i, cfg.get('honeypot', i))
print 'Loading dblog engine: %s' % (engine, )
dblogger = __import__('rassh.dblog.%s' % (engine, ), globals(),
locals(), ['dblog']).DBLogger(lcfg)
log.startLoggingWithObserver(dblogger.emit, setStdout=False)
self.dbloggers.append(dblogger)
def getRSAKeys():
cfg = config()
public_key = cfg.get('honeypot', 'public_key')
private_key = cfg.get('honeypot', 'private_key')
if not (os.path.exists(public_key) and os.path.exists(private_key)):
# generate a RSA keypair
print "Generating RSA keypair..."
from Crypto.PublicKey import RSA
from twisted.python import randbytes
KEY_LENGTH = 1024
rsaKey = RSA.generate(KEY_LENGTH, randbytes.secureRandom)
publicKeyString = keys.Key(rsaKey).public().toString('openssh')
privateKeyString = keys.Key(rsaKey).toString('openssh')
# save keys for next time
file(public_key, 'w+b').write(publicKeyString)
file(private_key, 'w+b').write(privateKeyString)
print "done."
else:
publicKeyString = file(public_key).read()
privateKeyString = file(private_key).read()
return publicKeyString, privateKeyString
def getRSAKeys():
cfg = config()
public_key = cfg.get('honeypot', 'public_key')
private_key = cfg.get('honeypot', 'private_key')
if not (os.path.exists(public_key) and os.path.exists(private_key)):
# generate a RSA keypair
print "Generating RSA keypair..."
from Crypto.PublicKey import RSA
from twisted.python import randbytes
KEY_LENGTH = 1024
rsaKey = RSA.generate(KEY_LENGTH, randbytes.secureRandom)
publicKeyString = keys.Key(rsaKey).public().toString('openssh')
privateKeyString = keys.Key(rsaKey).toString('openssh')
# save keys for next time
file(public_key, 'w+b').write(publicKeyString)
file(private_key, 'w+b').write(privateKeyString)
print "done."
else:
publicKeyString = file(public_key).read()
privateKeyString = file(private_key).read()
return publicKeyString, privateKeyString
def addToLastlog(message):
f = file('%s/lastlog.txt' % config().get('honeypot', 'data_path'), 'a')
f.write('%s\n' % (message, ))
f.close()