def global_tcpip_forward(self, data):
local, remote = forwarding.unpackOpen_direct_tcpip(data)
hostToBind, portToBind = local
log.msg("forward requested %s:%s" %( hostToBind, portToBind))
log.msg(remote)
try:
listener = reactor.listenTCP(
portToBind,
forwarding.SSHListenForwardingFactory(
self.conn,
(hostToBind, portToBind),
forwarding.SSHListenServerForwardingChannel),
interface = hostToBind)
listener.remote_host = remote[0]
listener.remote_port = remote[1]
except:
return 0
else:
generated=False
if portToBind == 0:
portToBind = listener.getHost()[2] # the port
print "generating port number", portToBind
generated=True
self.listeners[(hostToBind, portToBind)] = listener
if generated:
return 1, struct.pack('>L', portToBind)
else:
return 1
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
"""
This function will redirect an SSH forward request to another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
# Forward redirect
redirectEnabled = CONFIG.getboolean('ssh', 'forward_redirect', fallback=False)
if redirectEnabled:
redirects = {}
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_redirect_'):
destPort = i[0].split('_')[-1]
redirectHP = i[1].split(':')
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.redirect',
format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' +
'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
# TCP tunnel
tunnelEnabled = CONFIG.getboolean('ssh', 'forward_tunnel', fallback=False)
if tunnelEnabled:
tunnels = {}
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_tunnel_'):
destPort = i[0].split('_')[-1]
tunnelHP = i[1].split(':')
tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1]))
if remoteHP[1] in tunnels:
remoteHPNew = tunnels[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.tunnel',
format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' +
'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return TCPTunnelForwardingChannel(remoteHPNew,
remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
def openSSHChannel(configuration, remoteWindow, remoteMaxPacket, data, avatar):
twunnel.logger.log(3, "trace: openSSHChannel")
remoteAddressPort, localAddressPort = forwarding.unpackOpen_direct_tcpip(data)
sshChannel = SSHChannel(remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar)
sshChannel.configuration = configuration
sshChannel.remoteAddress = remoteAddressPort[0]
sshChannel.remotePort = remoteAddressPort[1]
return sshChannel
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
"""
This function will redirect an SSH forward request to a another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
cfg = avatar.cfg
try:
if cfg.getboolean('honeypot', 'ssh_forward_redirect') == True:
redirectEnabled = True
else:
redirectEnabled = False
except:
redirectEnabled = False
if redirectEnabled:
redirects = {}
items = cfg.items('honeypot')
for i in items:
if i[0].startswith('forward_redirect'):
destPort = i[0].split('_')[-1]
redirectHP = i[1].split(':')
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.redirect',
format='redirecting direct-tcp connection request %(src_ip)s:%(src_port)d->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return SSHConnectForwardingChannel(remoteHPNew,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
return FakeForwardingChannel(remoteHP,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar)
def openSSHChannel(remoteWindow, remoteMaxPacket, data, avatar):
remoteAdressPort, localAddressPort = forwarding.unpackOpen_direct_tcpip(data)
return SSHChannel(remoteAdressPort, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data,
avatar):
"""
This function will redirect an SSH forward request to another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(
eventid='cowrie.direct-tcpip.request',
format=
'direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1])
# Forward redirect
try:
if CONFIG.getboolean('ssh', 'forward_redirect') == True:
redirectEnabled = True
else:
redirectEnabled = False
except:
redirectEnabled = False
if redirectEnabled:
redirects = {}
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_redirect_'):
destPort = i[0].split('_')[-1]
redirectHP = i[1].split(':')
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.redirect',
format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' + \
'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return SSHConnectForwardingChannel(remoteHPNew,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
# TCP tunnel
try:
if CONFIG.getboolean('ssh', 'forward_tunnel') == True:
tunnelEnabled = True
else:
tunnelEnabled = False
except:
tunnelEnabled = False
if tunnelEnabled:
tunnels = {}
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_tunnel_'):
destPort = i[0].split('_')[-1]
tunnelHP = i[1].split(':')
tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1]))
if remoteHP[1] in tunnels:
remoteHPNew = tunnels[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.tunnel',
format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' + \
'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return TCPTunnelForwardingChannel(remoteHPNew,
remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
return FakeForwardingChannel(remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data,
avatar):
"""
This function will redirect an SSH forward request to another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(
eventid="cowrie.direct-tcpip.request",
format=
"direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s",
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1],
)
# Forward redirect
redirectEnabled = CowrieConfig.getboolean("ssh",
"forward_redirect",
fallback=False)
if redirectEnabled:
redirects = {}
items = CowrieConfig.items("ssh")
for i in items:
if i[0].startswith("forward_redirect_"):
destPort = i[0].split("_")[-1]
redirectHP = i[1].split(":")
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(
eventid="cowrie.direct-tcpip.redirect",
format=
"redirected direct-tcp connection request from %(src_ip)s:%(src_port)"
+ "d to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d",
new_ip=remoteHPNew[0],
new_port=remoteHPNew[1],
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1],
)
return SSHConnectForwardingChannel(remoteHPNew,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
# TCP tunnel
tunnelEnabled = CowrieConfig.getboolean("ssh",
"forward_tunnel",
fallback=False)
if tunnelEnabled:
tunnels = {}
items = CowrieConfig.items("ssh")
for i in items:
if i[0].startswith("forward_tunnel_"):
destPort = i[0].split("_")[-1]
tunnelHP = i[1].split(":")
tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1]))
if remoteHP[1] in tunnels:
remoteHPNew = tunnels[remoteHP[1]]
log.msg(
eventid="cowrie.direct-tcpip.tunnel",
format=
"tunneled direct-tcp connection request %(src_ip)s:%(src_port)"
+ "d->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d",
new_ip=remoteHPNew[0],
new_port=remoteHPNew[1],
dst_ip=remoteHP[0],
dst_port=remoteHP[1],
src_ip=origHP[0],
src_port=origHP[1],
)
return TCPTunnelForwardingChannel(
remoteHPNew,
remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket,
)
return FakeForwardingChannel(remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
"""
This function will redirect an SSH forward request to another address
or will log the request and do nothing
"""
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
# Forward redirect
redirectEnabled = CONFIG.getboolean('ssh', 'forward_redirect', fallback=False)
if redirectEnabled:
redirects = {}
dst_network_lst = []
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_redirect_'):
if re.match('ext\d{1,}', i[0].split('_')[-1]):
destPort = i[0].split('_')[-2]
redirectParam = i[1].split(':')
dest_targetIPnet = netaddr.IPNetwork(redirectParam[0])
dst_network_lst.append(dest_targetIPnet)
redirects[str(dest_targetIPnet.cidr) + ":" + destPort] = (redirectParam[1], int(redirectParam[2]))
else:
destPort = i[0].split('_')[-1]
redirectHP = i[1].split(':')
redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1]))
remoteAddr = netaddr.IPAddress(remoteHP[0])
for dst_network in dst_network_lst:
if remoteAddr in dst_network and (str(dst_network.cidr) + ":" + destPort) in redirects:
remoteHPNew = redirects[str(dst_network.cidr) + ":" + destPort ]
log.msg(eventid='cowrie.direct-tcpip.redirect',
format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' +
'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
if remoteHP[1] in redirects:
remoteHPNew = redirects[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.redirect',
format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' +
'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
# TCP tunnel
tunnelEnabled = CONFIG.getboolean('ssh', 'forward_tunnel', fallback=False)
if tunnelEnabled:
tunnels = {}
items = CONFIG.items('ssh')
for i in items:
if i[0].startswith('forward_tunnel_'):
destPort = i[0].split('_')[-1]
tunnelHP = i[1].split(':')
tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1]))
if remoteHP[1] in tunnels:
remoteHPNew = tunnels[remoteHP[1]]
log.msg(eventid='cowrie.direct-tcpip.tunnel',
format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' +
'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d',
new_ip=remoteHPNew[0], new_port=remoteHPNew[1],
dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1])
return TCPTunnelForwardingChannel(remoteHPNew,
remoteHP,
remoteWindow=remoteWindow,
remoteMaxPacket=remoteMaxPacket)
return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
