def onReady(self):
"""
@summary: Event use to inform state of server stack
First time this event is called is when human client is connected
Second time is after color depth nego, because color depth nego
restart a connection sequence
@see: rdp.RDPServerObserver.onReady
"""
if self._rssFile is None:
#compute which RSS file to keep
width, height = self._controller.getScreen()
size = width * height
rssFilePath = sorted(
self._rssFileSizeList,
key=lambda x: abs(x[0][0] * x[0][1] - size))[0][1]
log.info("select file (%s, %s) -> %s" %
(width, height, rssFilePath))
hpfeedslog.info("select file (%s, %s) -> %s" %
(width, height, rssFilePath))
self._rssFile = rss.createReader(rssFilePath)
domain, username, password = self._controller.getCredentials()
hostname = self._controller.getHostname()
log.info("\n%s,domain:%s,username:%s,password:%s,hostname:%s" %
(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
domain, username, password, hostname))
hpfeedslog.info(
"%s, domain:%s, username:%s, password:%s, hostname:%s " %
(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
domain, username, password, hostname))
self.start()
def onReady(self):
"""
@summary: Event use to inform state of server stack
First time this event is called is when human client is connected
Second time is after color depth nego, because color depth nego
restart a connection sequence
@see: rdp.RDPServerObserver.onReady
"""
if self._rssFile is None:
#compute which RSS file to keep
width, height = self._controller.getScreen()
size = width * height
rssFilePath = sorted(self._rssFileSizeList, key = lambda x: abs(x[0][0] * x[0][1] - size))[0][1]
log.info("select file (%s, %s) -> %s"%(width, height, rssFilePath))
self._rssFile = rss.createReader(rssFilePath)
domain, username, password = self._controller.getCredentials()
hostname = self._controller.getHostname()
log.info("""Credentials:
\tdomain : %s
\tusername : %s
\tpassword : %s
\thostname : %s
"""%(domain, username, password, hostname));
self.start()
def buildObserver(self, controller, addr):
"""
@param controller: {rdp.RDPServerController}
@param addr: destination address
@see: rdp.ServerFactory.buildObserver
"""
log.info("Connection from %s:%s"%(addr.host, addr.port))
return HoneyPotServer(controller, rss.createReader(self._rssFilePath))
def readSize(filePath):
"""
@summary: read size event in rss file
@param filePath: path of rss file
"""
r = rss.createReader(filePath)
while True:
e = r.nextEvent()
if e is None:
return None
elif e.type.value == rss.EventType.SCREEN:
return e.event.width.value, e.event.height.value
def readSize(filePath):
"""
@summary: read size event in rss file
@param filePath: path of rss file
"""
r = rss.createReader(filePath)
while True:
e = r.nextEvent()
if e is None:
return None
elif e.type.value == rss.EventType.SCREEN:
return e.event.width.value, e.event.height.value
def onReady(self):
"""
@summary: Event use to inform state of server stack
First time this event is called is when human client is connected
Second time is after color depth nego, because color depth nego
restart a connection sequence
@see: rdp.RDPServerObserver.onReady
"""
if self._rssFile is None:
# compute which RSS file to keep
width, height = self._controller.getScreen()
size = width * height
rssFilePath = sorted(
self._rssFileSizeList,
key=lambda x: abs(x[0][0] * x[0][1] - size))[0][1]
logging.info(
"%s --- select file (%s, %s) -> %s" %
(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'),
width, height, rssFilePath))
self._rssFile = rss.createReader(rssFilePath)
domain, username, password = self._controller.getCredentials()
hostname = self._controller.getHostname()
# logging.info("""%s --- Credentials: domain: %s username: %s password: %s hostname: %s""" % (datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), domain, username, password, hostname));
client = self._controller._tpktLayer.transport.client
session = md5.md5(client[0] + str(id(self))).hexdigest()
logging.info({
'event_id':
'rdpy.login.success',
'session':
session,
'hostname':
hostname,
'domain':
domain,
'username':
username,
'password':
password,
'src_ip':
client[0],
'src_port':
client[1],
'start_ts':
int(time.time()),
'transport_protocol':
str(self._controller._tpktLayer.transport),
})
self.start()
def __init__(self, config=None, logger=None):
ServerFactory.__init__(self, 16, None, None)
CanaryService.__init__(self, config, logger)
self.rssFile = self.resource_filename("login.rss")
reader = rss.createReader(self.rssFile)
self.rss = []
while True:
e = reader.nextEvent()
if e:
self.rss.append(e)
else:
break
self.port = config.getVal("rdp.port", 3389)
self.logtype = logger.LOG_RDP
def __init__(self, config=None, logger=None, instanceParams={}):
ServerFactory.__init__(self, 16, None, None)
CanaryService.__init__(self, config, logger)
if instanceParams:
self.port = instanceParams["rdp.port"]
self.maskpassword = instanceParams.get('rdp.maskpassword', True)
else:
self.port = config.getVal("rdp.port", 3389)
self.maskpassword = config.getVal('rdp.maskpassword', True)
self.rssFile = self.resource_filename("login.rss")
reader = rss.createReader(self.rssFile)
self.rss = []
while True:
e = reader.nextEvent()
if e:
self.rss.append(e)
else:
break
self.logtype = logger.LOG_RDP
elif nextEvent.type.value == rss.EventType.SCREEN:
widget.resize(nextEvent.event.width.value, nextEvent.event.height.value)
elif nextEvent.type.value == rss.EventType.INFO:
widget.drawInfos(nextEvent.event.domain.value, nextEvent.event.username.value, nextEvent.event.password.value, nextEvent.event.hostname.value)
elif nextEvent.type.value == rss.EventType.CLOSE:
widget.close()
return
e = rssFile.nextEvent()
QtCore.QTimer.singleShot(e.timestamp.value,lambda:loop(widget, rssFile, e))
if __name__ == '__main__':
try:
opts, args = getopt.getopt(sys.argv[1:], "h")
except getopt.GetoptError:
help()
for opt, arg in opts:
if opt == "-h":
help()
sys.exit()
filepath = args[0]
#create application
app = QtGui.QApplication(sys.argv)
widget = RssPlayerWidget(800, 600)
widget.show()
rssFile = rss.createReader(filepath)
start(widget, rssFile)
sys.exit(app.exec_())
nextEvent.event.username.value,
nextEvent.event.password.value,
nextEvent.event.hostname.value)
elif nextEvent.type.value == rss.EventType.CLOSE:
widget.close()
return
e = rssFile.nextEvent()
QtCore.QTimer.singleShot(e.timestamp.value,
lambda: loop(widget, rssFile, e))
if __name__ == '__main__':
try:
opts, args = getopt.getopt(sys.argv[1:], "h")
except getopt.GetoptError:
help()
for opt, arg in opts:
if opt == "-h":
help()
sys.exit()
filepath = args[0]
#create application
app = QtGui.QApplication(sys.argv)
widget = RssPlayerWidget(800, 600)
widget.show()
rssFile = rss.createReader(filepath)
start(widget, rssFile)
sys.exit(app.exec_())
