def global_tcpip_forward(self, data): local, remote = forwarding.unpackOpen_direct_tcpip(data) hostToBind, portToBind = local log.msg("forward requested %s:%s" %( hostToBind, portToBind)) log.msg(remote) try: listener = reactor.listenTCP( portToBind, forwarding.SSHListenForwardingFactory( self.conn, (hostToBind, portToBind), forwarding.SSHListenServerForwardingChannel), interface = hostToBind) listener.remote_host = remote[0] listener.remote_port = remote[1] except: return 0 else: generated=False if portToBind == 0: portToBind = listener.getHost()[2] # the port print "generating port number", portToBind generated=True self.listeners[(hostToBind, portToBind)] = listener if generated: return 1, struct.pack('>L', portToBind) else: return 1
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ This function will redirect an SSH forward request to another address or will log the request and do nothing """ remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) log.msg(eventid='cowrie.direct-tcpip.request', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) # Forward redirect redirectEnabled = CONFIG.getboolean('ssh', 'forward_redirect', fallback=False) if redirectEnabled: redirects = {} items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_redirect_'): destPort = i[0].split('_')[-1] redirectHP = i[1].split(':') redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1])) if remoteHP[1] in redirects: remoteHPNew = redirects[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.redirect', format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' + 'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) # TCP tunnel tunnelEnabled = CONFIG.getboolean('ssh', 'forward_tunnel', fallback=False) if tunnelEnabled: tunnels = {} items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_tunnel_'): destPort = i[0].split('_')[-1] tunnelHP = i[1].split(':') tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1])) if remoteHP[1] in tunnels: remoteHPNew = tunnels[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.tunnel', format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' + 'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return TCPTunnelForwardingChannel(remoteHPNew, remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
def openSSHChannel(configuration, remoteWindow, remoteMaxPacket, data, avatar): twunnel.logger.log(3, "trace: openSSHChannel") remoteAddressPort, localAddressPort = forwarding.unpackOpen_direct_tcpip(data) sshChannel = SSHChannel(remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar) sshChannel.configuration = configuration sshChannel.remoteAddress = remoteAddressPort[0] sshChannel.remotePort = remoteAddressPort[1] return sshChannel
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ This function will redirect an SSH forward request to a another address or will log the request and do nothing """ remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) log.msg(eventid='cowrie.direct-tcpip.request', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) cfg = avatar.cfg try: if cfg.getboolean('honeypot', 'ssh_forward_redirect') == True: redirectEnabled = True else: redirectEnabled = False except: redirectEnabled = False if redirectEnabled: redirects = {} items = cfg.items('honeypot') for i in items: if i[0].startswith('forward_redirect'): destPort = i[0].split('_')[-1] redirectHP = i[1].split(':') redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1])) if remoteHP[1] in redirects: remoteHPNew = redirects[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.redirect', format='redirecting direct-tcp connection request %(src_ip)s:%(src_port)d->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar) return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar)
def openSSHChannel(remoteWindow, remoteMaxPacket, data, avatar): remoteAdressPort, localAddressPort = forwarding.unpackOpen_direct_tcpip(data) return SSHChannel(remoteAdressPort, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ This function will redirect an SSH forward request to another address or will log the request and do nothing """ remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) log.msg( eventid='cowrie.direct-tcpip.request', format= 'direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) # Forward redirect try: if CONFIG.getboolean('ssh', 'forward_redirect') == True: redirectEnabled = True else: redirectEnabled = False except: redirectEnabled = False if redirectEnabled: redirects = {} items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_redirect_'): destPort = i[0].split('_')[-1] redirectHP = i[1].split(':') redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1])) if remoteHP[1] in redirects: remoteHPNew = redirects[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.redirect', format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' + \ 'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) # TCP tunnel try: if CONFIG.getboolean('ssh', 'forward_tunnel') == True: tunnelEnabled = True else: tunnelEnabled = False except: tunnelEnabled = False if tunnelEnabled: tunnels = {} items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_tunnel_'): destPort = i[0].split('_')[-1] tunnelHP = i[1].split(':') tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1])) if remoteHP[1] in tunnels: remoteHPNew = tunnels[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.tunnel', format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' + \ 'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return TCPTunnelForwardingChannel(remoteHPNew, remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ This function will redirect an SSH forward request to another address or will log the request and do nothing """ remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) log.msg( eventid="cowrie.direct-tcpip.request", format= "direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s", dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1], ) # Forward redirect redirectEnabled = CowrieConfig.getboolean("ssh", "forward_redirect", fallback=False) if redirectEnabled: redirects = {} items = CowrieConfig.items("ssh") for i in items: if i[0].startswith("forward_redirect_"): destPort = i[0].split("_")[-1] redirectHP = i[1].split(":") redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1])) if remoteHP[1] in redirects: remoteHPNew = redirects[remoteHP[1]] log.msg( eventid="cowrie.direct-tcpip.redirect", format= "redirected direct-tcp connection request from %(src_ip)s:%(src_port)" + "d to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d", new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1], ) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) # TCP tunnel tunnelEnabled = CowrieConfig.getboolean("ssh", "forward_tunnel", fallback=False) if tunnelEnabled: tunnels = {} items = CowrieConfig.items("ssh") for i in items: if i[0].startswith("forward_tunnel_"): destPort = i[0].split("_")[-1] tunnelHP = i[1].split(":") tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1])) if remoteHP[1] in tunnels: remoteHPNew = tunnels[remoteHP[1]] log.msg( eventid="cowrie.direct-tcpip.tunnel", format= "tunneled direct-tcp connection request %(src_ip)s:%(src_port)" + "d->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d", new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1], ) return TCPTunnelForwardingChannel( remoteHPNew, remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, ) return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)
def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ This function will redirect an SSH forward request to another address or will log the request and do nothing """ remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) log.msg(eventid='cowrie.direct-tcpip.request', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) # Forward redirect redirectEnabled = CONFIG.getboolean('ssh', 'forward_redirect', fallback=False) if redirectEnabled: redirects = {} dst_network_lst = [] items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_redirect_'): if re.match('ext\d{1,}', i[0].split('_')[-1]): destPort = i[0].split('_')[-2] redirectParam = i[1].split(':') dest_targetIPnet = netaddr.IPNetwork(redirectParam[0]) dst_network_lst.append(dest_targetIPnet) redirects[str(dest_targetIPnet.cidr) + ":" + destPort] = (redirectParam[1], int(redirectParam[2])) else: destPort = i[0].split('_')[-1] redirectHP = i[1].split(':') redirects[int(destPort)] = (redirectHP[0], int(redirectHP[1])) remoteAddr = netaddr.IPAddress(remoteHP[0]) for dst_network in dst_network_lst: if remoteAddr in dst_network and (str(dst_network.cidr) + ":" + destPort) in redirects: remoteHPNew = redirects[str(dst_network.cidr) + ":" + destPort ] log.msg(eventid='cowrie.direct-tcpip.redirect', format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' + 'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) if remoteHP[1] in redirects: remoteHPNew = redirects[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.redirect', format='redirected direct-tcp connection request from %(src_ip)s:%(src_port)' + 'd to %(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) # TCP tunnel tunnelEnabled = CONFIG.getboolean('ssh', 'forward_tunnel', fallback=False) if tunnelEnabled: tunnels = {} items = CONFIG.items('ssh') for i in items: if i[0].startswith('forward_tunnel_'): destPort = i[0].split('_')[-1] tunnelHP = i[1].split(':') tunnels[int(destPort)] = (tunnelHP[0], int(tunnelHP[1])) if remoteHP[1] in tunnels: remoteHPNew = tunnels[remoteHP[1]] log.msg(eventid='cowrie.direct-tcpip.tunnel', format='tunneled direct-tcp connection request %(src_ip)s:%(src_port)' + 'd->%(dst_ip)s:%(dst_port)d to %(new_ip)s:%(new_port)d', new_ip=remoteHPNew[0], new_port=remoteHPNew[1], dst_ip=remoteHP[0], dst_port=remoteHP[1], src_ip=origHP[0], src_port=origHP[1]) return TCPTunnelForwardingChannel(remoteHPNew, remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket) return FakeForwardingChannel(remoteHP, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket)