if 'root' in username: ps1a = 'root@localhost:~# ' ps1b = 'sh-4.3# ' else: ps1a = '{}@localhost:~$ '.format(username) ps1b = 'sh-4.3$ ' socket.send("Password: "******"\n\nSuccessfully logged in. Log in successful.\n") socket.send("Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n") socket.send("Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a)) process_commandline(socket, readline(socket, True, 10).strip()) interactive_shell(socket, ps1b, 10) except Exception as err: #print(traceback.format_exc()) pass try: print("-- TELNET TRANSPORT CLOSED --") socket.close() except: pass if __name__ == "__main__": testrun.run_tcp(2323, 23, handle_tcp_telnet)
return True def handle_tcp_ssh(socket, dstport): try: t = paramiko.Transport(socket) t.local_version = 'SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2' t.load_server_moduli() # It can be safely commented out if it does not work on your system t.add_server_key(host_key_rsa) t.add_server_key(host_key_dss) server = Server(socket.getpeername()) t.start_server(server=server) t.join() except Exception as err: #print(traceback.format_exc()) pass try: print("-- SSH TRANSPORT CLOSED --") t.close() except: pass socket.close() if __name__ == "__main__": testrun.run_tcp(2200, 22, handle_tcp_ssh)
yield buff def handle_tcp_hexdump(socket, dstport): FILTER = ''.join([(len(repr(chr(x))) == 3) and chr(x) or '.' for x in range(256)]) length = 16 c = 0 for chars in recv_and_split_blocks(socket, length): hexstr = ' '.join(["%02x" % ord(x) for x in chars]) printable = ''.join(["%s" % ((ord(x) <= 127 and FILTER[ord(x)]) or '.') for x in chars]) print colored("%04x %-*s %-*s" % (c, length*3, hexstr, length, printable), 'red', 'on_yellow') c += len(chars) print colored("%04x" % c, 'red', 'on_yellow') try: print("-- TCP TRANSPORT CLOSED --") socket.close() except: pass def handle_tcp_hexdump_ssl(socket, dstport): socket = switchtossl(socket) if socket: handle_tcp_hexdump(socket, dstport) else: print("SSL handshake failed") if __name__ == "__main__": #testrun.run_tcp(8888, 8888, handle_tcp_hexdump) testrun.run_tcp(8889, 8889, handle_tcp_hexdump_ssl)
elif header.upper().startswith('USER-AGENT: '): user_agent = header[len('USER-AGENT: '):] session_token = uuid.uuid4().hex log_append('tcp_http_requests', socket.getpeername()[0], dstport, verb, url, user_agent, session_token) socket.send("HTTP/1.0 200 OK\nServer: microhttpd (MontaVista/2.4, i386-uClibc)\nSet-Cookie: sessionToken={}; Expires={}\nContent-Type: text/html\nContent-Length: 38\nConnection: {}\n\nmicrohttpd on Linux 2.4, it works!\n\n".format(session_token, __getexpdate(5 * 365 * 24 * 60 * 60), "keep-alive" if keep_alive else "close")) except ssl.SSLError as err: print("SSL error: {}".format(err.reason)) pass except Exception as err: #print(traceback.format_exc()) pass try: print("-- HTTP TRANSPORT CLOSED --") socket.close() except: pass def handle_tcp_https(socket, dstport): plaintext_socket = switchtossl(socket) if plaintext_socket: handle_tcp_http(plaintext_socket, dstport) else: socket.close() if __name__ == "__main__": #testrun.run_tcp(8080, 80, handle_tcp_http) testrun.run_tcp(8443, 443, handle_tcp_https)
else: ps1a = '{}@localhost:~$ '.format(username) ps1b = 'sh-4.3$ ' socket.send("Password: "******"\n\nSuccessfully logged in. Log in successful.\n") socket.send( "Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n") socket.send( "Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a)) process_commandline(socket, readline(socket, True, 10).strip()) interactive_shell(socket, ps1b, 10) except Exception as err: #print(traceback.format_exc()) pass try: print("-- TELNET TRANSPORT CLOSED --") socket.close() except: pass if __name__ == "__main__": testrun.run_tcp(2323, 23, handle_tcp_telnet)
msg_contents = receive_data(socket) msg_id = uuid.uuid4().hex store_email(plaintext_socket.getpeername()[0], msg_id, msg_contents, msg_from, msg_to) socket.send( "250 Message received: {}@localhost\n".format(msg_id)) elif cmdupper.startswith('MAIL FROM:') or cmdupper.startswith( 'SEND FROM:') or cmdupper.startswith( 'SOML FROM:') or cmdupper.startswith('SAML FROM:'): msg_from = cmd[len('MAIL FROM:'):].strip() socket.send("250 Sender: {} Ok\n".format(msg_from)) elif cmdupper.startswith('RCPT TO:'): recipient = cmd[len('RCPT TO:'):].strip() msg_to.append(recipient) socket.send("250 Recipient: {} Ok\n".format(recipient)) else: socket.send("502 Command not implemented\n") except Exception as err: #print(traceback.format_exc()) pass try: print("-- SMTP TRANSPORT CLOSED --") socket.close() except: pass if __name__ == "__main__": testrun.run_tcp(2525, 25, handle_tcp_smtp)
socket.send( "HTTP/1.0 200 Connection established\nProxy-agent: Netscape-Proxy/1.1\n\n" ) else: socket.send( "HTTP/1.0 407 Proxy authentication required\nProxy-agent: Netscape-Proxy/1.1\n\n" ) port_num = None except Exception as err: #print(traceback.format_exc()) port_num = None if port_num: print("Forwarding intruder to fake port {}/tcp".format(port_num)) tcp_handler(origsocket, port_num) else: socket.close() print("-- HTTP TRANSPORT CLOSED --") return handle_tcp_httpproxy if __name__ == "__main__": def dummy_tcp_handler(socket, dstport): TextChannel(socket).send("Request for port {}/tcp\n".format(dstport)) socket.close() testrun.run_tcp(8118, 8118, make_tcp_httpproxy_handler(dummy_tcp_handler))
c = 0 for chars in recv_and_split_blocks(socket, length): hexstr = ' '.join(["%02x" % ord(x) for x in chars]) printable = ''.join([ "%s" % ((ord(x) <= 127 and FILTER[ord(x)]) or '.') for x in chars ]) print colored( "%04x %-*s %-*s" % (c, length * 3, hexstr, length, printable), 'red', 'on_yellow') c += len(chars) print colored("%04x" % c, 'red', 'on_yellow') try: print("-- TCP TRANSPORT CLOSED --") socket.close() except: pass def handle_tcp_hexdump_ssl(socket, dstport): socket = switchtossl(socket) if socket: handle_tcp_hexdump(socket, dstport) else: print("SSL handshake failed") if __name__ == "__main__": #testrun.run_tcp(8888, 8888, handle_tcp_hexdump) testrun.run_tcp(8889, 8889, handle_tcp_hexdump_ssl)
msg_from = '' msg_to = [] socket.send("250 Reset Ok\n") elif cmdupper.startswith('DATA'): socket.send("354 Ok Send data ending with <CRLF>.<CRLF>\n") msg_contents = receive_data(socket) msg_id = uuid.uuid4().hex store_email(plaintext_socket.getpeername()[0], msg_id, msg_contents, msg_from, msg_to) socket.send("250 Message received: {}@localhost\n".format(msg_id)) elif cmdupper.startswith('MAIL FROM:') or cmdupper.startswith('SEND FROM:') or cmdupper.startswith('SOML FROM:') or cmdupper.startswith('SAML FROM:'): msg_from = cmd[len('MAIL FROM:'):].strip() socket.send("250 Sender: {} Ok\n".format(msg_from)) elif cmdupper.startswith('RCPT TO:'): recipient = cmd[len('RCPT TO:'):].strip() msg_to.append(recipient) socket.send("250 Recipient: {} Ok\n".format(recipient)) else: socket.send("502 Command not implemented\n") except Exception as err: #print(traceback.format_exc()) pass try: print("-- SMTP TRANSPORT CLOSED --") socket.close() except: pass if __name__ == "__main__": testrun.run_tcp(2525, 25, handle_tcp_smtp)
# Skip headers while readline(socket).strip() != '': pass log_append('tcp_httpproxy_connections', target, *origsocket.getpeername()) if port_num not in HTTP_CONNECT_FORBIDDEN_PORTS: socket.send("HTTP/1.0 200 Connection established\nProxy-agent: Netscape-Proxy/1.1\n\n") else: socket.send("HTTP/1.0 407 Proxy authentication required\nProxy-agent: Netscape-Proxy/1.1\n\n") port_num = None except Exception as err: #print(traceback.format_exc()) port_num = None if port_num: print("Forwarding intruder to fake port {}/tcp".format(port_num)) tcp_handler(origsocket, port_num) else: socket.close() print("-- HTTP TRANSPORT CLOSED --") return handle_tcp_httpproxy if __name__ == "__main__": def dummy_tcp_handler(socket, dstport): TextChannel(socket).send("Request for port {}/tcp\n".format(dstport)) socket.close() testrun.run_tcp(8118, 8118, make_tcp_httpproxy_handler(dummy_tcp_handler))
socket.send( "HTTP/1.0 200 OK\nServer: microhttpd (MontaVista/2.4, i386-uClibc)\nSet-Cookie: sessionToken={}; Expires={}\nContent-Type: text/html\nContent-Length: 38\nConnection: {}\n\nmicrohttpd on Linux 2.4, it works!\n\n" .format(session_token, __getexpdate(5 * 365 * 24 * 60 * 60), "keep-alive" if keep_alive else "close")) except ssl.SSLError as err: print("SSL error: {}".format(err.reason)) pass except Exception as err: #print(traceback.format_exc()) pass try: print("-- HTTP TRANSPORT CLOSED --") socket.close() except: pass def handle_tcp_https(socket, dstport): plaintext_socket = switchtossl(socket) if plaintext_socket: handle_tcp_http(plaintext_socket, dstport) else: socket.close() if __name__ == "__main__": #testrun.run_tcp(8080, 80, handle_tcp_http) testrun.run_tcp(8443, 443, handle_tcp_https)