Try and prevent NMAP from detecting the honeypot as Kojoney

Add windowChanged git-svn-id: https://kippo.googlecode.com/svn/trunk@10 951d7100-d841-11de-b865-b3884708a8e2
2025-07-01 18:07:27 -04:00 · 2009-11-13 06:49:46 +00:00
parent 888b4bad3e
commit 51cc677153
2 changed files with 29 additions and 8 deletions
--- a/core/Kippo.py
+++ b/core/Kippo.py
@ -1,6 +1,6 @@
 from twisted.cred import portal, checkers, credentials
 from twisted.conch import error, avatar, recvline, interfaces as conchinterfaces
-from twisted.conch.ssh import factory, userauth, connection, keys, session, common
+from twisted.conch.ssh import factory, userauth, connection, keys, session, common, transport
 from twisted.conch.insults import insults
 from twisted.application import service, internet
 from twisted.protocols.policies import TrafficLoggingFactory
@ -13,8 +13,6 @@ import sys, os, random, pickle, time, stat, copy
 from core import ttylog
 from core.fstypes import *

-moi = 1
-
 class HoneyPotProtocol(recvline.HistoricRecvLine):
    def __init__(self, user, env):
        self.user = user
@ -98,10 +96,6 @@ class HoneyPotCommand(object):

 class LoggingServerProtocol(insults.ServerProtocol):
    def connectionMade(self):
-        print dir(self.transport.session)
-        #print self.transport.session.getHost()
-        #print self.transport.session.getPeer()
-        print self.transport.session.id
        self.ttylog_file = './log/tty/%s-%s.log' % \
            (time.strftime('%Y%m%d-%H%M%S'), int(random.random() * 10000))
        print 'Opening TTY log: %s' % self.ttylog_file
@ -135,6 +129,7 @@ class HoneyPotAvatar(avatar.ConchUser):
        protocol.makeConnection(session.wrapProtocol(serverProtocol))

    def getPty(self, terminal, windowSize, attrs):
+        self.windowSize = windowSize
        return None

    def execCommand(self, protocol, cmd):
@ -143,6 +138,9 @@ class HoneyPotAvatar(avatar.ConchUser):
    def closed(self):
        pass

+    def windowChanged(self, windowSize):
+        self.windowSize = windowSize
+
 class HoneyPotEnvironment(object):
    def __init__(self):
        from core.cmdl import cmdl
@ -216,6 +214,29 @@ class HoneyPotRealm:
        else:
            raise Exception, "No supported interfaces found."

+# As implemented by Kojoney
+class HoneyPotSSHFactory(factory.SSHFactory):
+    #publicKeys = {'ssh-rsa': keys.getPublicKeyString(data=publicKey)}
+    #privateKeys = {'ssh-rsa': keys.getPrivateKeyObject(data=privateKey)}
+    services = {
+        'ssh-userauth': userauth.SSHUserAuthServer,
+        'ssh-connection': connection.SSHConnection,
+        }
+
+    def buildProtocol(self, addr):
+        t = transport.SSHServerTransport()
+        #
+        # Fix for BUG 1463701 "NMap recognizes Kojoney as a Honeypot"
+        #
+        t.ourVersionString = 'SSH-2.0-OpenSSH_5.1p1 Debian-5'
+        t.supportedPublicKeys = self.privateKeys.keys()
+        if not self.primes:
+            ske = t.supportedKeyExchanges[:]
+            ske.remove('diffie-hellman-group-exchange-sha1')
+            t.supportedKeyExchanges = ske
+        t.factory = self
+        return t
+
 def getRSAKeys():
    if not (os.path.exists('public.key') and os.path.exists('private.key')):
        # generate a RSA keypair
--- a/kippo.py
+++ b/kippo.py
@ -9,7 +9,7 @@ from core import Kippo
 if __name__ == "__main__":
    log.startLogging(file('./log/kippo.log', 'a'))

-    sshFactory = factory.SSHFactory()
+    sshFactory = Kippo.HoneyPotSSHFactory()
    sshFactory.portal = portal.Portal(Kippo.HoneyPotRealm())

    users = {'root': 'root'}