def start(self): """ Launches a new Telnet client session on the server taken from the `self.options` dict. This session always fails. :param my_ip: IP of this Client itself """ password = self.options['password'] server_host = self.options['server'] server_port = self.options['port'] honeypot_id = self.options['honeypot_id'] session = self.create_session(server_host, server_port, honeypot_id) self.sessions[session.id] = session logger.debug( 'Sending {0} bait session to {1}:{2}. (bait id: {3})'.format( 'vnc', server_host, server_port, session.id)) client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: client_socket.connect((server_host, int(server_port))) session.source_port = client_socket.getsockname()[1] except socket.error as e: logger.debug('Caught exception: {0} ({1})'.format(e, str(type(e)))) else: session.did_connect = True protocol_version = client_socket.recv(1024) client_socket.send(RFB_VERSION) supported_auth_methods = client_socket.recv(1024) # \x02 implies that VNC authentication method is to be used # Refer to http://tools.ietf.org/html/rfc6143#section-7.1.2 for more info. if '\x02' in supported_auth_methods: client_socket.send(VNC_AUTH) challenge = client_socket.recv(1024) # password limit for vnc in 8 chars aligned_password = (password + '\0' * 8)[:8] des = RFBDes(aligned_password) response = des.encrypt(challenge) client_socket.send(response) auth_status = client_socket.recv(1024) if auth_status == AUTH_SUCCESSFUL: session.add_auth_attempt('des_challenge', True, password=aligned_password) session.did_login = True else: session.add_auth_attempt('des_challenge', False, password=aligned_password) session.did_login = False session.did_complete = True finally: session.alldone = True session.end_session()
def start(self): """ Launches a new Telnet client session on the server taken from the `self.options` dict. This session always fails. :param my_ip: IP of this Client itself """ password = self.options['password'] server_host = self.options['server'] server_port = self.options['port'] honeypot_id = self.options['honeypot_id'] session = self.create_session(server_host, server_port, honeypot_id) self.sessions[session.id] = session logger.debug( 'Sending {0} bait session to {1}:{2}. (bait id: {3})'.format('vnc', server_host, server_port, session.id)) client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: client_socket.connect((server_host, int(server_port))) session.source_port = client_socket.getsockname()[1] except socket.error as e: logger.debug('Caught exception: {0} ({1})'.format(e, str(type(e)))) else: session.did_connect = True protocol_version = client_socket.recv(1024) client_socket.send(RFB_VERSION) supported_auth_methods = client_socket.recv(1024) # \x02 implies that VNC authentication method is to be used # Refer to http://tools.ietf.org/html/rfc6143#section-7.1.2 for more info. if '\x02' in supported_auth_methods: client_socket.send(VNC_AUTH) challenge = client_socket.recv(1024) # password limit for vnc in 8 chars aligned_password = (password + '\0' * 8)[:8] des = RFBDes(aligned_password) response = des.encrypt(challenge) client_socket.send(response) auth_status = client_socket.recv(1024) if auth_status == AUTH_SUCCESSFUL: session.add_auth_attempt('des_challenge', True, password=aligned_password) session.did_login = True else: session.add_auth_attempt('des_challenge', False, password=aligned_password) session.did_login = False session.did_complete = True finally: session.alldone = True session.end_session() if client_socket: client_socket.close()
def try_auth(self, _type, **kwargs): authenticated = False if _type == 'plaintext': if kwargs.get('username') in self.users: if self.users[kwargs.get('username')] == kwargs.get( 'password'): authenticated = True elif _type == 'cram_md5': def encode_cram_md5(challenge, user, password): response = user + ' ' + hmac.HMAC(password, challenge).hexdigest() return response if kwargs.get('username') in self.users: uname = kwargs.get('username') digest = kwargs.get('digest') s_pass = self.users[uname] challenge = kwargs.get('challenge') ideal_response = encode_cram_md5(challenge, uname, s_pass) _, ideal_digest = ideal_response.split() if ideal_digest == digest: authenticated = True elif _type == 'des_challenge': challenge = kwargs.get('challenge') response = kwargs.get('response') for valid_password in self.users.values(): aligned_password = (valid_password + '\0' * 8)[:8] des = RFBDes(aligned_password) expected_response = des.encrypt(challenge) if response == expected_response: authenticated = True kwargs['password'] = aligned_password break else: assert False if authenticated: self.authenticated = True self.add_auth_attempt(_type, True, **kwargs) else: self.add_auth_attempt(_type, False, **kwargs) if _type == 'des_challenge': kwargs['challenge'] = kwargs.get('challenge').encode('hex') kwargs['response'] = kwargs.get('response').encode('hex') self.send_log(Messages.SESSION_PART_HONEYPOT_AUTH.value, self.login_attempts[-1]) logger.debug( '{0} authentication attempt from {1}:{2}. Credentials: {3}'.format( self.protocol, self.source_ip, self.source_port, json.dumps(kwargs))) return authenticated
def try_auth(self, _type, **kwargs): authenticated = False if _type == 'plaintext': if kwargs.get('username') in self.users: if self.users[kwargs.get('username')] == kwargs.get('password'): authenticated = True elif _type == 'cram_md5': def encode_cram_md5(challenge, user, password): response = user + ' ' + hmac.HMAC(password, challenge).hexdigest() return response if kwargs.get('username') in self.users: uname = kwargs.get('username') digest = kwargs.get('digest') s_pass = self.users[uname] challenge = kwargs.get('challenge') ideal_response = encode_cram_md5(challenge, uname, s_pass) _, ideal_digest = ideal_response.split() if ideal_digest == digest: authenticated = True elif _type == 'des_challenge': challenge = kwargs.get('challenge') response = kwargs.get('response') for valid_password in self.users.values(): aligned_password = (valid_password + '\0' * 8)[:8] des = RFBDes(aligned_password) expected_response = des.encrypt(challenge) if response == expected_response: authenticated = True kwargs['password'] = aligned_password break else: assert False if authenticated: self.authenticated = True self.add_auth_attempt(_type, True, **kwargs) else: self.add_auth_attempt(_type, False, **kwargs) if _type == 'des_challenge': kwargs['challenge'] = kwargs.get('challenge').encode('hex') kwargs['response'] = kwargs.get('response').encode('hex') self.send_log(Messages.SESSION_PART_HONEYPOT_AUTH.value, self.login_attempts[-1]) logger.debug('{0} authentication attempt from {1}:{2}. Credentials: {3}'.format(self.protocol, self.source_ip, self.source_port, json.dumps(kwargs))) return authenticated
def try_auth(self, _type, **kwargs): authenticated = False if _type == 'plaintext': if kwargs.get('username') in self.users: if self.users[kwargs.get('username')] == kwargs.get( 'password'): authenticated = True elif _type == 'cram_md5': def encode_cram_md5(challenge, user, password): response = user + ' ' + hmac.HMAC(password, challenge).hexdigest() return response if kwargs.get('username') in self.users: uname = kwargs.get('username') digest = kwargs.get('digest') s_pass = self.users[uname] challenge = kwargs.get('challenge') ideal_response = encode_cram_md5(challenge, uname, s_pass) _, ideal_digest = ideal_response.split() if ideal_digest == digest: authenticated = True elif _type == 'des_challenge': challenge = kwargs.get('challenge') response = kwargs.get('response') for valid_password in self.users.values(): aligned_password = (valid_password + '\0' * 8)[:8] des = RFBDes(aligned_password) expected_response = des.encrypt(challenge) if response == expected_response: authenticated = True kwargs['password'] = aligned_password break else: assert False if authenticated: self.authenticated = True self.add_auth_attempt(_type, True, **kwargs) else: self.add_auth_attempt(_type, False, **kwargs) logger.debug('Authentication attempt {0}'.format( 'successfull' if authenticated else 'unsuccessfull')) return authenticated
def try_auth(self, _type, **kwargs): authenticated = False if _type == 'plaintext': if kwargs.get('username') in self.users: if self.users[kwargs.get('username')] == kwargs.get('password'): authenticated = True elif _type == 'cram_md5': def encode_cram_md5(challenge, user, password): response = user + ' ' + hmac.HMAC(password, challenge).hexdigest() return response if kwargs.get('username') in self.users: uname = kwargs.get('username') digest = kwargs.get('digest') s_pass = self.users[uname] challenge = kwargs.get('challenge') ideal_response = encode_cram_md5(challenge, uname, s_pass) _, ideal_digest = ideal_response.split() if ideal_digest == digest: authenticated = True elif _type == 'des_challenge': challenge = kwargs.get('challenge') response = kwargs.get('response') for valid_password in self.users.values(): aligned_password = (valid_password + '\0' * 8)[:8] des = RFBDes(aligned_password) expected_response = des.encrypt(challenge) if response == expected_response: authenticated = True kwargs['password'] = aligned_password break else: assert False if authenticated: self.authenticated = True self.add_auth_attempt(_type, True, **kwargs) else: self.add_auth_attempt(_type, False, **kwargs) logger.debug('Authentication attempt {0}'.format('successfull' if authenticated else 'unsuccessfull')) return authenticated