Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfixes #6

Merged
merged 16 commits into from
Jan 17, 2024
Merged

Bugfixes #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
c995e89
fixed bug in dhcp server
jstucke Jan 15, 2024
c0d6ef0
fixed KeyError in helper module
jstucke Jan 15, 2024
f14b82f
fixed KeyError in http server
jstucke Jan 15, 2024
b3bda78
fixed 2 bugs in pjl server
jstucke Jan 15, 2024
f411308
fixed encoding error in redis server
jstucke Jan 15, 2024
818c117
fixed encoding error in snmp server
jstucke Jan 15, 2024
14963d6
handled error in ssh server
jstucke Jan 15, 2024
c86b802
fixed bugs in socks5 server connection handling/parsing
jstucke Jan 16, 2024
3cc61de
fixed decoding bugs in irc server
jstucke Jan 16, 2024
d8a1115
HTTPS server KeyError fix
jstucke Jan 16, 2024
71b6bfd
remove debugging artifact
jstucke Jan 16, 2024
25c8982
dns server: log more connections and fix for tcp bug
jstucke Jan 16, 2024
6194bd3
smtp server: log more connections
jstucke Jan 16, 2024
8a91d7b
dns server: add test case for tcp
jstucke Jan 16, 2024
285bcda
dns server test: check all responses
jstucke Jan 16, 2024
fd004e2
Merge remote-tracking branch 'origin/main' into bugfixes
jstucke Jan 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion honeypots/dhcp_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,6 @@ def datagramReceived(self, data, addr):
"data": data,
}
)
self.transport.loseConnection()

reactor.listenUDP(
port=self.port, protocol=CustomDatagramProtocolProtocol(), interface=self.ip
Expand Down
53 changes: 31 additions & 22 deletions honeypots/dns_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
// -------------------------------------------------------------
"""

from __future__ import annotations

from twisted.names import dns, error, client
from twisted.names.server import DNSServerFactory
from twisted.internet import defer, reactor
Expand Down Expand Up @@ -56,7 +58,7 @@ def __init__(self, **kwargs):
def dns_server_main(self):
_q_s = self

class CustomCilentResolver(client.Resolver):
class CustomClientResolver(client.Resolver):
def queryUDP(self, queries, timeout=2):
res = client.Resolver.queryUDP(self, queries, timeout)

Expand All @@ -68,36 +70,43 @@ def queryFailed(reason):

class CustomDNSServerFactory(DNSServerFactory):
def gotResolverResponse(self, response, protocol, message, address):
args = (self, response, protocol, message, address)
if address is None:
src_ip, src_port = "None", "None"
else:
src_ip, src_port = address
for items in response:
for item in items:
_q_s.logs.info(
{
"server": "dns_server",
"action": "query",
"src_ip": src_ip,
"src_port": src_port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return super().gotResolverResponse(response, protocol, message, address)

class CustomDnsUdpProtocol(dns.DNSDatagramProtocol):
def datagramReceived(self, data: bytes, addr: tuple[str, int]):
_q_s.logs.info(
{
"server": "dns_server",
"action": "connection",
"src_ip": address[0],
"src_port": address[1],
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": data.decode(errors="replace"),
}
)
with suppress(Exception):
for items in response:
for item in items:
_q_s.logs.info(
{
"server": "dns_server",
"action": "query",
"src_ip": address[0],
"src_port": address[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
"data": item.payload,
}
)
return DNSServerFactory.gotResolverResponse(*args)

self.resolver = CustomCilentResolver(servers=self.resolver_addresses)
super().datagramReceived(data, addr)

self.resolver = CustomClientResolver(servers=self.resolver_addresses)
self.factory = CustomDNSServerFactory(clients=[self.resolver])
self.protocol = dns.DNSDatagramProtocol(controller=self.factory)
self.protocol = CustomDnsUdpProtocol(controller=self.factory)
reactor.listenUDP(self.port, self.protocol, interface=self.ip)
reactor.listenTCP(self.port, self.factory, interface=self.ip)
reactor.run()
Expand Down
17 changes: 9 additions & 8 deletions honeypots/helper.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,14 @@ def is_privileged():


def set_up_error_logging():
_logger = logging.getLogger("simple_example")
_logger.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.INFO)
formatter = logging.Formatter("[%(levelname)s] %(message)s")
handler.setFormatter(formatter)
_logger.addHandler(handler)
_logger = logging.getLogger("honeypots.error")
if not _logger.handlers:
_logger.setLevel(logging.INFO)
handler = logging.StreamHandler(sys.stdout)
handler.setLevel(logging.INFO)
formatter = logging.Formatter("[%(levelname)s] %(message)s")
handler.setFormatter(formatter)
_logger.addHandler(handler)
return _logger


Expand All @@ -58,7 +59,7 @@ def set_local_vars(self, config):
if config:
with open(config) as f:
config_data = load(f)
honeypots = config_data["honeypots"]
honeypots = config_data.get("honeypots", [])
honeypot = self.__class__.__name__[1:-6].lower()
if honeypot and honeypot in honeypots:
for attr, value in honeypots[honeypot].items():
Expand Down
5 changes: 4 additions & 1 deletion honeypots/http_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,10 @@ def check_bytes(string):
headers=self.headers,
environ={
"REQUEST_METHOD": "POST",
"CONTENT_TYPE": self.headers[b"content-type"],
"CONTENT_TYPE": self.headers.get(
b"content-type",
b"application/x-www-form-urlencoded",
),
},
)
if "username" in form and "password" in form:
Expand Down
5 changes: 4 additions & 1 deletion honeypots/https_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,10 @@ def check_bytes(string):
headers=self.headers,
environ={
"REQUEST_METHOD": "POST",
"CONTENT_TYPE": self.headers[b"content-type"],
"CONTENT_TYPE": self.headers.get(
b"content-type",
b"application/x-www-form-urlencoded",
),
},
)
if "username" in form and "password" in form:
Expand Down
78 changes: 40 additions & 38 deletions honeypots/irc_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
get_free_port,
kill_server_wrapper,
server_arguments,
set_up_error_logging,
setup_logger,
set_local_vars,
check_if_server_is_running,
Expand All @@ -29,10 +30,12 @@


class QIRCServer:
NAME = "irc_server"

def __init__(self, **kwargs):
self.auto_disabled = None
self.process = None
self.uuid = "honeypotslogger" + "_" + __class__.__name__ + "_" + str(uuid4())[:8]
self.uuid = f"honeypotslogger_{__class__.__name__}_{str(uuid4())[:8]}"
self.config = kwargs.get("config", "")
if self.config:
self.logs = setup_logger(__class__.__name__, self.uuid, self.config)
Expand All @@ -57,6 +60,7 @@ def __init__(self, **kwargs):
or getenv("HONEYPOTS_OPTIONS", "")
or ""
)
self.logger = set_up_error_logging()

def irc_server_main(self):
_q_s = self
Expand All @@ -65,7 +69,7 @@ class CustomIRCProtocol(service.IRCUser):
def connectionMade(self):
_q_s.logs.info(
{
"server": "irc_server",
"server": _q_s.NAME,
"action": "connection",
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
Expand All @@ -75,45 +79,36 @@ def connectionMade(self):
)

def handleCommand(self, command, prefix, params):
def check_bytes(string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

with suppress(Exception):
if "capture_commands" in _q_s.options:
_q_s.logs.info(
{
"server": "irc_server",
"action": "command",
"data": {
"command": check_bytes(command),
"prefix": check_bytes(prefix),
"params": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
if "capture_commands" in _q_s.options:
_q_s.logs.info(
{
"server": _q_s.NAME,
"action": "command",
"data": {
"command": check_bytes(command),
"prefix": check_bytes(prefix),
"params": check_bytes(params),
},
"src_ip": self.transport.getPeer().host,
"src_port": self.transport.getPeer().port,
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
service.IRCUser.handleCommand(self, command, prefix, params)

def dataReceived(self, data):
# _q_s.logs.info({'server': 'irc_server', 'action': 'command', 'data': check_bytes(data), 'src_ip': self.transport.getPeer().host, 'src_port': self.transport.getPeer().port, 'dest_ip': _q_s.ip, 'dest_port': _q_s.port})
service.IRCUser.dataReceived(self, data)
def dataReceived(self, data: bytes):
try:
service.IRCUser.dataReceived(self, data)
except UnicodeDecodeError:
_q_s.logger.debug(
f"[{_q_s.NAME}]: Could not decode data as utf-8: {data.hex(' ')}"
)

def irc_unknown(self, prefix, command, params):
pass

def irc_NICK(self, prefix, params):
def check_bytes(string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

status = False
username = check_bytes("".join(params))
password = check_bytes(self.password)
Expand All @@ -122,7 +117,7 @@ def check_bytes(string):
status = True
_q_s.logs.info(
{
"server": "irc_server",
"server": _q_s.NAME,
"action": "login",
"status": status,
"src_ip": self.transport.getPeer().host,
Expand Down Expand Up @@ -174,7 +169,7 @@ def run_server(self, process=False, auto=False):

self.logs.info(
{
"server": "irc_server",
"server": self.NAME,
"action": "process",
"status": status,
"src_ip": self.ip,
Expand All @@ -193,11 +188,11 @@ def run_server(self, process=False, auto=False):
self.irc_server_main()

def close_port(self):
ret = close_port_wrapper("irc_server", self.ip, self.port, self.logs)
ret = close_port_wrapper(self.NAME, self.ip, self.port, self.logs)
return ret

def kill_server(self):
ret = kill_server_wrapper("irc_server", self.uuid, self.process)
ret = kill_server_wrapper(self.NAME, self.uuid, self.process)
return ret

def test_server(self, ip=None, port=None, username=None, password=None):
Expand All @@ -218,6 +213,13 @@ def test_server(self, ip=None, port=None, username=None, password=None):
c.close()


def check_bytes(string):
if isinstance(string, bytes):
return string.decode(errors="replace")
else:
return str(string)


if __name__ == "__main__":
parsed = server_arguments()
if parsed.docker or parsed.aws or parsed.custom:
Expand Down
4 changes: 2 additions & 2 deletions honeypots/pjl_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ class Custompjlrotocol(Protocol):

def check_bytes(self, string):
if isinstance(string, bytes):
return string.decode()
return string.decode(errors="replace")
else:
return str(string)

Expand Down Expand Up @@ -109,7 +109,7 @@ def dataReceived(self, data):
self.transport.write(prodinfo.encode("utf-8") + b"\x1b")
_q_s.logs.info(
{
"server": "ntp_server",
"server": "pjl_server",
"action": "query",
"status": "success",
"src_ip": self.transport.getPeer().host,
Expand Down
2 changes: 1 addition & 1 deletion honeypots/redis_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ def dataReceived(self, data):
self.parse_data(c, data)
self.transport.write(b"-ERR invalid password\r\n")
else:
self.transport.write(b'-ERR unknown command "{}"\r\n'.format(command))
self.transport.write(f'-ERR unknown command "{command}"\r\n'.encode())
self.transport.loseConnection()

factory = Factory()
Expand Down
28 changes: 13 additions & 15 deletions honeypots/smtp_server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,17 +62,10 @@ def smtp_server_main(self):
_q_s = self

class CustomSMTPChannel(SMTPChannel):
def check_bytes(self, string):
if isinstance(string, bytes):
return string.decode()
else:
return str(string)

def found_terminator(self):
with suppress(Exception):
if "capture_commands" in _q_s.options:
line = self._emptystring.join(self.received_lines).decode()
command = None
arg = None
data = None
if line.find(" ") < 0:
Expand Down Expand Up @@ -122,14 +115,12 @@ def smtp_AUTH(self, arg):
with suppress(Exception):
if arg.startswith("PLAIN "):
_, username, password = (
b64decode(arg.split(" ")[1].strip()).decode("utf-8").split("\0")
b64decode(arg.split(" ")[1].strip())
.decode("utf-8", errors="replace")
.split("\0")
)
username = self.check_bytes(username)
password = self.check_bytes(password)
status = "failed"
if username == _q_s.username and password == _q_s.password:
username = _q_s.username
password = _q_s.password
status = "success"
_q_s.logs.info(
{
Expand All @@ -151,16 +142,23 @@ def __getattr__(self, name):
self.smtp_QUIT(0)

class CustomSMTPServer(SMTPServer):
def __init__(self, localaddr, remoteaddr):
SMTPServer.__init__(self, localaddr, remoteaddr)

def process_message(
self, peer, mailfrom, rcpttos, data, mail_options=None, rcpt_options=None
):
return

def handle_accept(self):
conn, addr = self.accept()
_q_s.logs.info(
{
"server": "smtp_server",
"action": "connection",
"src_ip": addr[0],
"src_port": addr[1],
"dest_ip": _q_s.ip,
"dest_port": _q_s.port,
}
)
CustomSMTPChannel(self, conn, addr)

CustomSMTPServer((self.ip, self.port), None)
Expand Down
Loading