Пример #1
0
def attempt_success(src, user, time):
    # send mail
    formatted_time = strftime("%a, %d %b %Y %H:%M:%S", localtime())
    body = "Successful attempt from %s on %s (user %s)" % (src, formatted_time, user)
    msg = MIMEText(body)
    msg['From'] = "%s <%s>" % (config().get('mailer', 'from'), config().get('mailer', 'envelope_from'))
    msg['Subject'] = "[Kippo] Successful login attempt by %s" % (src)

    smtp = smtplib.SMTP(config().get('mailer', 'smtp_server'))
    smtp.sendmail(config().get('mailer', 'envelope_from'), config().get('mailer', 'envelope_to'), msg.as_string())
Пример #2
0
    def __init__(self):
        cfg = config()

        # protocol^Wwhatever instances are kept here for the interact feature
        self.sessions = {}

        # for use by the uptime command
        self.starttime = time.time()

        # load db loggers
        self.dbloggers = []
        for x in cfg.sections():
            if not x.startswith('database_'):
                continue
            engine = x.split('_')[1]
            dbengine = 'database_' + engine
            lcfg = ConfigParser.ConfigParser()
            lcfg.add_section(dbengine)
            for i in cfg.options(x):
                lcfg.set(dbengine, i, cfg.get(x, i))
            lcfg.add_section('honeypot')
            for i in cfg.options('honeypot'):
                lcfg.set('honeypot', i, cfg.get('honeypot', i))
            print 'Loading dblog engine: %s' % (engine, )
            dblogger = __import__('kippo.dblog.%s' % (engine, ), globals(),
                                  locals(), ['dblog']).DBLogger(lcfg)
            log.startLoggingWithObserver(dblogger.emit, setStdout=False)
            self.dbloggers.append(dblogger)
Пример #3
0
    def load(self):
        '''load the user db'''

        userdb_file = '%s/userdb.txt' % \
            (config().get('honeypot', 'data_path'),)

        f = open(userdb_file, 'r')
        while True:
            line = f.readline()
            if not line:
                break

            line = string.strip(line)
            if not line:
                continue

            (login, uid_str, passwd) = line.split(':', 2)

            uid = 0
            try:
                uid = int(uid_str)
            except ValueError:
                uid = 1001

            self.userdb.append((login, uid, passwd))

        f.close()
Пример #4
0
    def connectionMade(self):
        transport = self.transport.session.conn.transport

        transport.ttylog_file = '%s/tty/%s-%s.log' % \
            (config().get('honeypot', 'log_path'),
            time.strftime('%Y%m%d-%H%M%S'), transport.transportId )
        log.msg('Opening TTY log: %s' % transport.ttylog_file)
        ttylog.ttylog_open(transport.ttylog_file, time.time())
        transport.ttylog_open = True

        transport.stdinlog_file = '%s/%s-%s-stdin.log' % \
            (config().get('honeypot', 'download_path'),
            time.strftime('%Y%m%d-%H%M%S'), transport.transportId )
        transport.stdinlog_open = False

        insults.ServerProtocol.connectionMade(self)
Пример #5
0
    def connectionMade(self):
        self.displayMOTD()

        transport = self.terminal.transport.session.conn.transport

        self.realClientIP = transport.transport.getPeer().host
        self.realClientPort = transport.transport.getPeer().port
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        if cfg.has_option('honeypot', 'internet_facing_ip'):
            self.kippoIP = cfg.get('honeypot', 'internet_facing_ip')
        else:
            # Hack to get ip
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8", 80))
            self.kippoIP = s.getsockname()[0]
            s.close()
Пример #6
0
    def connectionMade(self):
        self.displayMOTD()

        transport = self.terminal.transport.session.conn.transport

        self.realClientIP = transport.transport.getPeer().host
        self.realClientPort = transport.transport.getPeer().port
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        if cfg.has_option('honeypot', 'internet_facing_ip'):
            self.kippoIP = cfg.get('honeypot', 'internet_facing_ip')
        else:
            # Hack to get ip
            s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
            s.connect(("8.8.8.8",80))
            self.kippoIP = s.getsockname()[0]
            s.close()
Пример #7
0
def sendEmail(subject,  message):
    cfg = config()

    msg = MIMEText(message)
    msg['Subject'] = subject

    toEmail = cfg.get('smtp', 'email_to')
    msg['To'] = toEmail

    fromEmail = cfg.get('smtp', 'email_from')
    msg['From'] = fromEmail

    smtpHost = cfg.get('smtp', 'smtp_host')
    smtpPort = cfg.get('smtp', 'smtp_port')
    smtpUsername = cfg.get('smtp', 'smtp_username')
    smtpPassword = cfg.get('smtp', 'smtp_Password')
    smtpEnc = cfg.get('smtp', 'smtp_enc')

    s = smtplib.SMTP(smtpHost, smtpPort)
    if smtpEnc == 'ssl':
        s = smtplib.SMTP_SSL(smtpHost, smtpPort)
    elif smtpEnc == 'tls':
        s.starttls()
    s.login(smtpUsername, smtpPassword)
    s.sendmail(fromEmail, [toEmail], msg.as_string())
    s.quit()
Пример #8
0
    def load(self):
        '''load the user db'''

        userdb_file = '%s/userdb.txt' % \
            (config().get('honeypot', 'data_path'),)

        f = open(userdb_file, 'r')
        while True:
            line = f.readline()
            if not line:
                break

            line = string.strip(line)
            if not line:
                continue

            if line.startswith('#'):
                continue

            (login, uid_str, passwd) = line.split(':', 2)

            uid = 0
            try:
                uid = int(uid_str)
            except ValueError:
                uid = 1001

            self.userdb.append((login, uid, passwd))

        f.close()
Пример #9
0
    def __init__(self):
        cfg = config()

        # protocol^Wwhatever instances are kept here for the interact feature
        self.sessions = {}

        # for use by the uptime command
        self.starttime = time.time()

        # load db loggers
        self.dbloggers = []
        for x in cfg.sections():
            if not x.startswith('database_'):
                continue
            engine = x.split('_')[1]
            dbengine = 'database_' + engine
            lcfg = ConfigParser.ConfigParser()
            lcfg.add_section(dbengine)
            for i in cfg.options(x):
                lcfg.set(dbengine, i, cfg.get(x, i))
            lcfg.add_section('honeypot')
            for i in cfg.options('honeypot'):
                lcfg.set('honeypot', i, cfg.get('honeypot', i))
            print 'Loading dblog engine: %s' % (engine,)
            dblogger = __import__(
                'kippo.dblog.%s' % (engine,),
                globals(), locals(), ['dblog']).DBLogger(lcfg)
            log.startLoggingWithObserver(dblogger.emit, setStdout=False)
            self.dbloggers.append(dblogger)
Пример #10
0
    def connectionMade(self):
        recvline.HistoricRecvLine.connectionMade(self)
        self.displayMOTD()
        self.cmdstack = [HoneyPotShell(self)]

        transport = self.terminal.transport.session.conn.transport
        transport.factory.sessions[transport.transport.sessionno] = self

        self.realClientIP = transport.transport.getPeer().host
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file
        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        self.keyHandlers.update({
            '\x04':     self.handle_CTRL_D,
            '\x15':     self.handle_CTRL_U,
            '\x03':     self.handle_CTRL_C,
            '\x09':     self.handle_TAB,
            })

        if cfg.has_section('mailer'):
            mailer.attempt_success(self.realClientIP, self.user.username, self.logintime)
Пример #11
0
    def connectionMade(self):
        recvline.HistoricRecvLine.connectionMade(self)
        self.displayMOTD()
        self.cmdstack = [HoneyPotShell(self)]

        transport = self.terminal.transport.session.conn.transport

        # You are in a maze of twisty little passages, all alike
        p = transport.transport.getPeer()

        # real source IP of client
        self.realClientIP = p.host

        self.clientVersion = transport.otherVersionString

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        self.logintime = time.time()

        self.keyHandlers.update({
            '\x04': self.handle_CTRL_D,
            '\x15': self.handle_CTRL_U,
            '\x03': self.handle_CTRL_C,
            '\x09': self.handle_TAB,
        })
Пример #12
0
    def connectionMade(self):
        recvline.HistoricRecvLine.connectionMade(self)
        self.displayMOTD()
        self.cmdstack = [HoneyPotShell(self)]

        transport = self.terminal.transport.session.conn.transport
        transport.factory.sessions[transport.transport.sessionno] = self

        self.realClientIP = transport.transport.getPeer().host
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        if self.execcmd != None:
            print 'Running exec cmd "%s"' % self.execcmd
            self.cmdstack[0].lineReceived(self.execcmd)
            self.terminal.transport.session.conn.sendRequest(self.terminal.transport.session, 'exit-status', struct.pack('>L', 0))
            self.terminal.transport.session.conn.sendClose(self.terminal.transport.session)
            return
            # self.terminal.transport.session.conn.sendEOF(self)

        # key handlers after execcmd so they don't distrub binary stdin
        self.keyHandlers.update({
            '\x04':     self.handle_CTRL_D,
            '\x15':     self.handle_CTRL_U,
            '\x03':     self.handle_CTRL_C,
            '\x09':     self.handle_TAB,
            })
Пример #13
0
 def __init__(self, clientip):
     self.clientip = clientip
     
     performBruteforce = config().getboolean('dirtybastard',  'bruteforce_ssh_on_login')
     
     if performBruteforce:
         threading.Thread(target=self.bruteforceThread).start()
Пример #14
0
    def loginThread(self):
        client = SSHClient()
        client.set_missing_host_key_policy(AutoAddPolicy())
    
        loginDetailString = self.username + "@" + self.clientip +" (" + self.password + ")"
        print "Attempting login with",  loginDetailString
        
        try:
            client.connect(hostname=self.clientip,  username=self.username,  password=self.password)
        except:   
            print "Authentication failed for",  loginDetailString
            return
            
        sendEmail('New login success!',  
            "Successfully logged in to remote box: " + loginDetailString)
            
        configName = "not_root_command"
        if (self.username == "root"):
            configName = "root_command"

        command = config().get('dirtybastard',  configName)[1:-1] # Remove quotes
            
        print "SUCCESS! Running command: " + command
        stdin, stdout, stderr = client.exec_command(command)
    
        print "stdout:"
        stdoutString = ""
        for line in stdout.readlines():
            print line.strip()
            stdoutString = stdoutString + line.strip() + "\n"
            
        sendEmail('Output from command', 
            "stdout:\n" + stdoutString);
Пример #15
0
    def connectionMade(self):
        recvline.HistoricRecvLine.connectionMade(self)
        self.displayMOTD()
        self.cmdstack = [HoneyPotShell(self)]

        transport = self.terminal.transport.session.conn.transport
        transport.factory.sessions[transport.transport.sessionno] = self

        self.realClientIP = transport.transport.getPeer().host
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        self.keyHandlers.update({
            '\x04': self.handle_CTRL_D,
            '\x15': self.handle_CTRL_U,
            '\x03': self.handle_CTRL_C,
            '\x09': self.handle_TAB,
        })
Пример #16
0
    def buildProtocol(self, addr):

        _moduli = '/etc/ssh/moduli'
        cfg = config()

        # FIXME: try to mimic something real 100%
        t = HoneyPotTransport()

        if cfg.has_option('honeypot', 'ssh_version_string'):
            t.ourVersionString = cfg.get('honeypot','ssh_version_string')
        else:
            t.ourVersionString = "SSH-2.0-OpenSSH_5.1p1 Debian-5"

        t.supportedPublicKeys = self.privateKeys.keys()

        if ( os.path.exists( _moduli ) ):
            self.primes = primes.parseModuliFile( _moduli )
        if not self.primes:
            ske = t.supportedKeyExchanges[:]
            ske.remove('diffie-hellman-group-exchange-sha1')
            t.supportedKeyExchanges = ske

        # reorder supported ciphers to resemble current openssh more
        t.supportedCiphers = ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', '3des-cbc', 'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc' ]
        t.supportedPublicKeys = ['ssh-rsa', 'ssh-dss']
        t.supportedMACs = [ 'hmac-md5', 'hmac-sha1']

        t.factory = self
        return t
Пример #17
0
    def connectionMade(self):
        transport = self.transport.session.conn.transport

        transport.ttylog_file = '%s/tty/%s-%s.log' % \
            (config().get('honeypot', 'log_path'),
            time.strftime('%Y%m%d-%H%M%S'), transport.transportId )
        log.msg( 'Opening TTY log: %s' % transport.ttylog_file )
        ttylog.ttylog_open(transport.ttylog_file, time.time())
        transport.ttylog_open = True

        transport.stdinlog_file = '%s/%s-%s-stdin.log' % \
            (config().get('honeypot', 'download_path'),
            time.strftime('%Y%m%d-%H%M%S'), transport.transportId )
        transport.stdinlog_open = False

        insults.ServerProtocol.connectionMade(self)
Пример #18
0
    def connectionMade(self):
        recvline.HistoricRecvLine.connectionMade(self)
        self.displayMOTD()
        self.cmdstack = [HoneyPotShell(self)]

        transport = self.terminal.transport.session.conn.transport

        # You are in a maze of twisty little passages, all alike
        p = transport.transport.getPeer()

        # real source IP of client
        self.realClientIP = p.host

        self.clientVersion = transport.otherVersionString

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP

        self.logintime = time.time()

        self.keyHandlers.update({
            '\x04':     self.handle_CTRL_D,
            '\x15':     self.handle_CTRL_U,
            '\x03':     self.handle_CTRL_C,
            '\x09':     self.handle_TAB,
            })
Пример #19
0
 def __init__(self):
     #self.protocol = self.makeProtocol()
     cfg = config()
     
     self.protocol = lambda: TelnetTransport(TelnetBootstrapProtocol,
                                          insults.ServerProtocol,
                                          TelnetShell,
                                          #telnetShellArg,
                                          #telnetShellKWArg="zxcv"
                                          )
     self.dbloggers = []
     engine = 'mysql'
     
     dbengine = 'database_' + engine
     lcfg = ConfigParser.ConfigParser()
     lcfg.add_section(dbengine)
     for i in cfg.options(dbengine):
         lcfg.set(dbengine, i, cfg.get(dbengine, i))
     lcfg.add_section('honeypot')
     for i in cfg.options('honeypot'):
         lcfg.set('honeypot', i, cfg.get('honeypot', i))
     
     dbloggerModule = __import__(
         'kippo.dblog.%s' % (engine,),
         globals(), locals(), ['dblog']).dblog
     dblogger = dbloggerModule.mainLogger
     self.dbloggers.append(dblogger)
Пример #20
0
class HoneyPotTransport(transport.SSHServerTransport):

    hadVersion = False

    if config().has_section('packet_capture'):
        packetcapper = PacketCap()
        packetcapper.daemon = True
        packetcapper.start()

    def connectionMade(self):
        print 'New connection: %s:%s (%s:%s) [session: %d]' % \
            (self.transport.getPeer().host, self.transport.getPeer().port,
            self.transport.getHost().host, self.transport.getHost().port,
            self.transport.sessionno)
        self.interactors = []
        self.logintime = time.time()
        self.ttylog_open = False
        transport.SSHServerTransport.connectionMade(self)

    def sendKexInit(self):
        # Don't send key exchange prematurely
        if not self.gotVersion:
            return
        transport.SSHServerTransport.sendKexInit(self)

    def dataReceived(self, data):
        transport.SSHServerTransport.dataReceived(self, data)
        if config().has_section('packet_capture'):
            self.packetcapper.start_capture(self.transport.getPeer().host)
        # later versions seem to call sendKexInit again on their own
        if twisted.version.major < 11 and \
                not self.hadVersion and self.gotVersion:
            self.sendKexInit()
            self.hadVersion = True

    def ssh_KEXINIT(self, packet):
        print 'Remote SSH version: %s' % (self.otherVersionString, )
        return transport.SSHServerTransport.ssh_KEXINIT(self, packet)

    def lastlogExit(self):
        starttime = time.strftime('%a %b %d %H:%M',
                                  time.localtime(self.logintime))
        endtime = time.strftime('%H:%M', time.localtime(time.time()))
        duration = utils.durationHuman(time.time() - self.logintime)
        clientIP = self.transport.getPeer().host
        utils.addToLastlog('root\tpts/0\t%s\t%s - %s (%s)' % \
            (clientIP, starttime, endtime, duration))

    # this seems to be the only reliable place of catching lost connection
    def connectionLost(self, reason):
        for i in self.interactors:
            i.sessionClosed()
        if self.transport.sessionno in self.factory.sessions:
            del self.factory.sessions[self.transport.sessionno]
        self.lastlogExit()
        if self.ttylog_open:
            ttylog.ttylog_close(self.ttylog_file, time.time())
            self.ttylog_open = False
        transport.SSHServerTransport.connectionLost(self, reason)
Пример #21
0
 def connectionMade(self):
     self.ttylog_file = '%s/tty/%s-%s.log' % \
         (config().get('honeypot', 'log_path'),
         time.strftime('%Y%m%d-%H%M%S'),
         int(random.random() * 10000))
     print 'Opening TTY log: %s' % self.ttylog_file
     ttylog.ttylog_open(self.ttylog_file, time.time())
     self.ttylog_open = True
     insults.ServerProtocol.connectionMade(self)
Пример #22
0
 def connectionMade(self):
     self.ttylog_file = '%s/tty/%s-%s.log' % \
         (config().get('honeypot', 'log_path'),
         time.strftime('%Y%m%d-%H%M%S'),
         int(random.random() * 10000))
     print 'Opening TTY log: %s' % self.ttylog_file
     ttylog.ttylog_open(self.ttylog_file, time.time())
     self.ttylog_open = True
     insults.ServerProtocol.connectionMade(self)
Пример #23
0
 def dataReceived(self, data):
     transport.SSHServerTransport.dataReceived(self, data)
     if config().has_section('packet_capture'):
         self.packetcapper.start_capture(self.transport.getPeer().host)
     # later versions seem to call sendKexInit again on their own
     if twisted.version.major < 11 and \
             not self.hadVersion and self.gotVersion:
         self.sendKexInit()
         self.hadVersion = True
Пример #24
0
 def dataReceived(self, data):
     transport.SSHServerTransport.dataReceived(self, data)
     if config().has_section('packet_capture'):
         self.packetcapper.start_capture(self.transport.getPeer().host)
     # later versions seem to call sendKexInit again on their own
     if twisted.version.major < 11 and \
             not self.hadVersion and self.gotVersion:
         self.sendKexInit()
         self.hadVersion = True
Пример #25
0
 def __init__(self):
     self.cfg = config()
     self.commands = {}
     import kippo.commands
     for c in kippo.commands.__all__:
         module = __import__('kippo.commands.%s' % c,
             globals(), locals(), ['commands'])
         self.commands.update(module.commands)
     self.fs = pickle.load(file(
         self.cfg.get('honeypot', 'filesystem_file'), 'rb'))
Пример #26
0
 def __init__(self):
     self.cfg = config()
     self.commands = {}
     import kippo.commands
     for c in kippo.commands.__all__:
         module = __import__('kippo.commands.%s' % c, globals(), locals(),
                             ['commands'])
         self.commands.update(module.commands)
     self.fs = pickle.load(
         file(self.cfg.get('honeypot', 'filesystem_file'), 'rb'))
Пример #27
0
    def save(self):
        '''save the user db'''

        userdb_file = '%s/userdb.txt' % \
            (config().get('honeypot', 'data_path'),)

        # Note: this is subject to races between kippo instances, but hey ...
        f = open(userdb_file, 'w')
        for (login, uid, passwd) in self.userdb:
            f.write('%s:%d:%s\n' % (login, uid, passwd))
        f.close()
Пример #28
0
 def call(self):
     if len(self.args) and (self.args[0].strip() == '-a' or self.args[0].strip() == '--all'):
         cfg = config()
         self.system_version_string = '2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux'
         if cfg.has_option('honeypot', 'system_version_string'):
                 self.system_version_string = cfg.get('honeypot', 'system_version_string')
         self.writeln(
             'Linux %s %s' % \
             (self.honeypot.hostname, self.system_version_string))
     else:
         self.writeln('Linux')
Пример #29
0
    def execCommand(self, protocol, cmd):
        cfg = config()
        if cfg.has_option('honeypot', 'exec_enabled'):
            if ( cfg.get('honeypot', 'exec_enabled') != "true" ):
                print 'exec disabled not executing command: "%s"' % cmd
                raise os.OSError

        print 'Executing command: "%s"' % cmd
        serverProtocol = LoggingServerProtocol(HoneyPotProtocol, self, self.env, cmd)
        serverProtocol.makeConnection(protocol)
        protocol.makeConnection(session.wrapProtocol(serverProtocol))
Пример #30
0
    def save(self):
        '''save the user db'''

        userdb_file = '%s/userdb.txt' % \
            (config().get('honeypot', 'data_path'),)

        # Note: this is subject to races between kippo instances, but hey ...
        f = open(userdb_file, 'w')
        for (login, uid, passwd) in self.userdb:
            f.write('%s:%d:%s\n' % (login, uid, passwd))
        f.close()
Пример #31
0
 def call(self):
     if len(self.args) and (self.args[0].strip() == '-a'
                            or self.args[0].strip() == '--all'):
         cfg = config()
         self.system_version_string = '2.6.26-2-686 #1 SMP Wed Nov 4 20:45:37 UTC 2009 i686 GNU/Linux'
         if cfg.has_option('honeypot', 'system_version_string'):
             self.system_version_string = cfg.get('honeypot',
                                                  'system_version_string')
         self.writeln(
             'Linux %s %s' % \
             (self.honeypot.hostname, self.system_version_string))
     else:
         self.writeln('Linux')
Пример #32
0
 def sendBanner(self):
     if self.bannerSent:
         return
     cfg = config()
     if not cfg.has_option('honeypot', 'banner_file'):
         return
     data = file(cfg.get('honeypot', 'banner_file')).read()
     if not data or not len(data.strip()):
         return
     data = '\r\n'.join(data.splitlines() + [''])
     self.transport.sendPacket(userauth.MSG_USERAUTH_BANNER,
                               NS(data) + NS('en'))
     self.bannerSent = True
Пример #33
0
 def sendBanner(self):
     if self.bannerSent:
         return
     cfg = config()
     if not cfg.has_option('honeypot', 'banner_file'):
         return
     data = file(cfg.get('honeypot', 'banner_file')).read()
     if not data or not len(data.strip()):
         return
     data = '\r\n'.join(data.splitlines() + [''])
     self.transport.sendPacket(
         userauth.MSG_USERAUTH_BANNER, NS(data) + NS('en'))
     self.bannerSent = True
Пример #34
0
 def checkUserPass(self, username, password):
     cfg = config()
     if UserDB().checklogin(username, password):
         print 'login attempt [%s/%s] succeeded' % (username, password)
         if cfg.has_option('smtp', 'alert_login'):
             if cfg.get('smtp', 'alert_login') == 'true':
                 print 'Emailing about login notification (alert_login = true).'
                 emailMessage = 'There was a succesfully login (%s/%s).' % (username, password)
                 sendEmail('SSH Succesful Login',  emailMessage)
         return True
     else:
         print 'login attempt [%s/%s] failed' % (username, password)
         return False
Пример #35
0
    def file_contents(self, target, count=0):
        if count > 10:
            raise TooManyLevels
        path = self.resolve_path(target, os.path.dirname(target))
        print '%s resolved into %s' % (target, path)
        if not path or not self.exists(path):
            raise FileNotFound
        f = self.getfile(path)
        if f[A_TYPE] == T_LINK:
            return self.file_contents(f[A_TARGET], count + 1)

        realfile = self.realfile(f, '%s/%s' % \
            (config().get('honeypot', 'contents_path'), path))
        if realfile:
            return file(realfile, 'rb').read()
Пример #36
0
    def __init__(self, wget, fakeoutfile, url, outfile, headers=None):
        wget_version = 'Wget/1.11.4'
        cfg = config()
        if cfg.has_option('honeypot', 'wget_version_string'):
            wget_version = (cfg.get('honeypot', 'wget_version_string'), 0)

        client.HTTPDownloader.__init__(self, url, outfile, headers=headers,
            agent=wget_version)
        self.status = None
        self.wget = wget
        self.fakeoutfile = fakeoutfile
        self.lastupdate = 0
        self.started = time.time()
        self.proglen = 0
        self.nomore = False
Пример #37
0
    def file_contents(self, target, count = 0):
        if count > 10:
            raise TooManyLevels
        path = self.resolve_path(target, os.path.dirname(target))
        print '%s resolved into %s' % (target, path)
        if not path or not self.exists(path):
            raise FileNotFound
        f = self.getfile(path)
        if f[A_TYPE] == T_LINK:
            return self.file_contents(f[A_TARGET], count + 1)

        realfile = self.realfile(f, '%s/%s' % \
            (config().get('honeypot', 'contents_path'), path))
        if realfile:
            return file(realfile, 'rb').read()
Пример #38
0
    def execCommand(self, protocol, cmd):
        cfg = config()
        if not cfg.has_option('honeypot', 'exec_enabled') or \
                cfg.get('honeypot', 'exec_enabled').lower() not in \
                    ('yes', 'true', 'on'):
            print 'Exec disabled. Not executing command: "%s"' % cmd
            raise core.exceptions.NotEnabledException, \
                'exec_enabled not enabled in configuration file!'
            return

        print 'exec command: "%s"' % cmd
        serverProtocol = kippo.core.protocol.LoggingServerProtocol(
            kippo.core.protocol.HoneyPotExecProtocol, self, self.env, cmd)
        serverProtocol.makeConnection(protocol)
        protocol.makeConnection(session.wrapProtocol(serverProtocol))
Пример #39
0
    def execCommand(self, protocol, cmd):
        cfg = config()
        if not cfg.has_option('honeypot', 'exec_enabled') or \
                cfg.get('honeypot', 'exec_enabled').lower() not in \
                    ('yes', 'true', 'on'):
            print 'Exec disabled. Not executing command: "%s"' % cmd
            raise core.exceptions.NotEnabledException, \
                'exec_enabled not enabled in configuration file!'
            return

        print 'exec command: "%s"' % cmd
        serverProtocol = kippo.core.protocol.LoggingServerProtocol(
            kippo.core.protocol.HoneyPotExecProtocol, self, self.env, cmd)
        serverProtocol.makeConnection(protocol)
        protocol.makeConnection(session.wrapProtocol(serverProtocol))
Пример #40
0
    def connectionMade(self):
        self.displayMOTD()

        transport = self.terminal.transport.session.conn.transport

        self.realClientIP = transport.transport.getPeer().host
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP
Пример #41
0
 def sendBanner(self):
     if self.bannerSent:
         return
     cfg = config()
     try:
         honeyfs = cfg.get('honeypot', 'contents_path')
         issuefile = honeyfs + "/etc/issue.net"
         data = file(issuefile).read()
     except IOError:
         return
     if not data or not len(data.strip()):
         return
     data = '\r\n'.join(data.splitlines())
     self.transport.sendPacket(userauth.MSG_USERAUTH_BANNER,
                               NS(data) + NS('en'))
     self.bannerSent = True
Пример #42
0
 def call(self):
     fn = '%s/lastlog.txt' % (config().get('honeypot', 'data_path'),)
     if not os.path.exists(fn):
         return
     l = list(self.args)
     numlines = 25
     while len(l):
         arg = l.pop(0)
         if not arg.startswith('-'):
             continue
         elif arg[1:].isdigit():
             numlines = int(arg[1:])
         elif arg == '-n' and len(l) and l[0].isdigit():
             numlines = int(l.pop(0))
     data = utils.tail(file(fn), numlines)
     self.writeln(''.join(data))
Пример #43
0
 def sendBanner(self):
     if self.bannerSent:
         return
     cfg = config()
     try:
         honeyfs = cfg.get('honeypot', 'contents_path')
         issuefile = honeyfs + "/etc/issue.net"
         data = file( issuefile ).read()
     except IOError:
         return
     if not data or not len(data.strip()):
         return
     data = '\r\n'.join(data.splitlines() )
     self.transport.sendPacket(
         userauth.MSG_USERAUTH_BANNER, NS(data) + NS('en'))
     self.bannerSent = True
Пример #44
0
    def connectionMade(self):
        self.displayMOTD()

        transport = self.terminal.transport.session.conn.transport

        self.realClientIP = transport.transport.getPeer().host
        self.clientVersion = transport.otherVersionString
        self.logintime = transport.logintime
        self.ttylog_file = transport.ttylog_file

        # source IP of client in user visible reports (can be fake or real)
        cfg = config()
        if cfg.has_option('honeypot', 'fake_addr'):
            self.clientIP = cfg.get('honeypot', 'fake_addr')
        else:
            self.clientIP = self.realClientIP
Пример #45
0
 def connectionLost(self, reason):
     cfg = config()
     for i in self.interactors:
         i.sessionClosed()
     if self.transport.sessionno in self.factory.sessions:
         del self.factory.sessions[self.transport.sessionno]
     self.lastlogExit()
     if self.ttylog_open:
         ttylog.ttylog_close(self.ttylog_file, time.time())
         self.ttylog_open = False
     if cfg.has_option('smtp', 'alert_quit'):
         if cfg.get('smtp', 'alert_quit') == 'true':
             print 'Emailing about attack being over (alert_quit = true).'
             emailMessage = 'The attacker quit.\n\nPlease check the logs (%s)!' % (self.ttylog_file)
             sendEmail('SSH Attack Finished',  emailMessage)
     transport.SSHServerTransport.connectionLost(self, reason)
Пример #46
0
 def call(self):
     fn = "%s/lastlog.txt" % (config().get("honeypot", "data_path"),)
     if not os.path.exists(fn):
         return
     l = list(self.args)
     numlines = 25
     while len(l):
         arg = l.pop(0)
         if not arg.startswith("-"):
             continue
         elif arg[1:].isdigit():
             numlines = int(arg[1:])
         elif arg == "-n" and len(l) and l[0].isdigit():
             numlines = int(l.pop(0))
     data = utils.tail(file(fn), numlines)
     self.writeln("".join(data))
Пример #47
0
    def buildProtocol(self, addr):
        cfg = config()

        t = HoneyPotTransport()
        if cfg.has_option('honeypot', 'ssh_version_string'):
            t.ourVersionString = cfg.get('honeypot','ssh_version_string')
        else:
            t.ourVersionString = "SSH-2.0-OpenSSH_5.1p1 Debian-5"

        t.supportedPublicKeys = self.privateKeys.keys()
        if not self.primes:
            ske = t.supportedKeyExchanges[:]
            ske.remove('diffie-hellman-group-exchange-sha1')
            t.supportedKeyExchanges = ske

        t.factory = self
        return t
Пример #48
0
 def call(self):
     cfg = config()
     self.exit_jail = False
     if cfg.has_option('honeypot', 'exit_jail'):
         if (cfg.get('honeypot', 'exit_jail') == "true"):
             self.exit_jail = True
     if 'PuTTY' in self.honeypot.clientVersion or \
             'libssh' in self.honeypot.clientVersion or \
             'sshlib' in self.honeypot.clientVersion or \
             self.exit_jail is False:
         self.honeypot.terminal.loseConnection()
         return
     self.writeln('Connection to server closed.')
     self.honeypot.hostname = 'localhost'
     self.honeypot.cwd = '/root'
     if not self.fs.exists(self.honeypot.cwd):
         self.honeypot.cwd = '/'
Пример #49
0
    def buildProtocol(self, addr):
        cfg = config()

        t = HoneyPotTransport()
        if cfg.has_option('honeypot', 'ssh_version_string'):
            t.ourVersionString = cfg.get('honeypot', 'ssh_version_string')
        else:
            t.ourVersionString = "SSH-2.0-OpenSSH_5.1p1 Debian-5"

        t.supportedPublicKeys = self.privateKeys.keys()
        if not self.primes:
            ske = t.supportedKeyExchanges[:]
            ske.remove('diffie-hellman-group-exchange-sha1')
            t.supportedKeyExchanges = ske

        t.factory = self
        return t
Пример #50
0
 def call(self):
     cfg = config()
     self.exit_jail = False
     if cfg.has_option('honeypot', 'exit_jail'):
         if (cfg.get('honeypot', 'exit_jail') == "true"):
             self.exit_jail = True
     if 'PuTTY' in self.honeypot.clientVersion or \
             'libssh' in self.honeypot.clientVersion or \
             'sshlib' in self.honeypot.clientVersion or \
             self.exit_jail is False:
         self.honeypot.terminal.loseConnection()
         return
     self.writeln('Connection to server closed.')
     self.honeypot.hostname = 'localhost'
     self.honeypot.cwd = '/root'
     if not self.fs.exists(self.honeypot.cwd):
         self.honeypot.cwd = '/'
Пример #51
0
class HonsshServerFactory(factory.SSHFactory):
    cfg = config()
    otherVersionString = ''
    connections = connections.Connections()
    hpLog = None
    dbLog = None

    def __init__(self):
        clientFactory = client.HonsshSlimClientFactory()
        clientFactory.server = self

        reactor.connectTCP(self.cfg.get('honeypot', 'honey_addr'),
                           int(self.cfg.get('honeypot', 'honey_port')),
                           clientFactory)

        if self.cfg.get('hpfeeds', 'enabled') == 'true':
            hp = hpfeeds.HPLogger()
            self.hpLog = hp.start(self.cfg)

        if self.cfg.get('database_mysql', 'enabled') == 'true':
            db = mysql.DBLogger()
            self.dbLog = db.start(self.cfg)

        log.msg(
            '[SERVER] Acquiring SSH Version String from honey_addr:honey_port')

    def buildProtocol(self, addr):
        t = HonsshServerTransport()

        t.ourVersionString = self.ourVersionString
        t.factory = self
        t.supportedPublicKeys = self.privateKeys.keys()

        if not self.primes:
            ske = t.supportedKeyExchanges[:]
            ske.remove('diffie-hellman-group-exchange-sha1')
            t.supportedKeyExchanges = ske

        t.supportedCiphers = [
            'aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes128-cbc', '3des-cbc',
            'blowfish-cbc', 'cast128-cbc', 'aes192-cbc', 'aes256-cbc'
        ]
        t.supportedPublicKeys = ['ssh-rsa', 'ssh-dss']
        t.supportedMACs = ['hmac-md5', 'hmac-sha1']
        return t
Пример #52
0
    def __init__(self):
        cfg = config()

        # protocol^Wwhatever instances are kept here for the interact feature
        self.sessions = {}

        # for use by the uptime command
        self.starttime = time.time()

        # convert old pass.db root passwords
        passdb_file = '%s/pass.db' % (cfg.get('honeypot', 'data_path'),)
        if os.path.exists(passdb_file):
            userdb = UserDB()
            print 'pass.db deprecated - copying passwords over to userdb.txt'
            if os.path.exists('%s.bak' % (passdb_file,)):
                print 'ERROR: %s.bak already exists, skipping conversion!' % \
                    (passdb_file,)
            else:
                passdb = anydbm.open(passdb_file, 'c')
                for p in passdb:
                    userdb.adduser('root', 0, p)
                passdb.close()
                os.rename(passdb_file, '%s.bak' % (passdb_file,))
                print 'pass.db backed up to %s.bak' % (passdb_file,)

        # load db loggers
        self.dbloggers = []
        for x in cfg.sections():
            if not x.startswith('database_'):
                continue
            engine = x.split('_')[1]
            dbengine = 'database_' + engine
            lcfg = ConfigParser.ConfigParser()
            lcfg.add_section(dbengine)
            for i in cfg.options(x):
                lcfg.set(dbengine, i, cfg.get(x, i))
            lcfg.add_section('honeypot')
            for i in cfg.options('honeypot'):
                lcfg.set('honeypot', i, cfg.get('honeypot', i))
            print 'Loading dblog engine: %s' % (engine,)
            dblogger = __import__(
                'kippo.dblog.%s' % (engine,),
                globals(), locals(), ['dblog']).DBLogger(lcfg)
            log.startLoggingWithObserver(dblogger.emit, setStdout=False)
            self.dbloggers.append(dblogger)
Пример #53
0
 def connectionMade(self):
     cfg = config()
     print 'New connection: %s:%s (%s:%s) [session: %d]' % \
         (self.transport.getPeer().host, self.transport.getPeer().port,
         self.transport.getHost().host, self.transport.getHost().port,
         self.transport.sessionno)
     self.interactors = []
     self.logintime = time.time()
     self.ttylog_open = False
     if cfg.has_option('smtp', 'alert_probe'):
         if cfg.get('smtp', 'alert_probe') == 'true':
             print 'Emailing about SSH probe (alert_probe = true).'
             emailMessage = 'There was an SSH probe request.\nFrom: %s:%s.\nTo: %s:%s.\nKippo Session: %s.' % \
                 (self.transport.getPeer().host, self.transport.getPeer().port,
                 self.transport.getHost().host, self.transport.getHost().port,
                 self.transport.sessionno)
             sendEmail('SSH Probe',  emailMessage)
     transport.SSHServerTransport.connectionMade(self)
Пример #54
0
    def __init__(self, wget, fakeoutfile, url, outfile, headers=None):
        wget_version = 'Wget/1.11.4'
        cfg = config()
        if cfg.has_option('honeypot', 'wget_version_string'):
            wget_version = (cfg.get('honeypot', 'wget_version_string'), 0)

        client.HTTPDownloader.__init__(self,
                                       url,
                                       outfile,
                                       headers=headers,
                                       agent=wget_version)
        self.status = None
        self.wget = wget
        self.fakeoutfile = fakeoutfile
        self.lastupdate = 0
        self.started = time.time()
        self.proglen = 0
        self.nomore = False
Пример #55
0
 def sendBanner(self):  # 发送欢迎信息
     if self.bannerSent:
         return
     cfg = config()
     if not cfg.has_option('honeypot', 'banner_file'):
         return
     try:
         data = file(cfg.get('honeypot', 'banner_file')).read()
     except IOError:
         print 'Banner file %s does not exist!' % \
             cfg.get('honeypot', 'banner_file')
         return
     if not data or not len(data.strip()):
         return
     data = '\r\n'.join(data.splitlines() + [''])
     self.transport.sendPacket(userauth.MSG_USERAUTH_BANNER,
                               NS(data) + NS('en'))
     self.bannerSent = True