cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

reverse activation logging for port mapping

Browse Source
This commit is contained in:
Michel Oosterhof
2016-06-15 13:58:14 +04:00
parent 9ffeba80ec
commit 663ab926af
2 changed files with 20 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cowrie/core/avatar.py
View File

@ -32,7 +32,7 @@ class CowrieUser(avatar.ConchUser):
self.channelLookup.update( self.channelLookup.update(
{"session": session.HoneyPotSSHSession, {"session": session.HoneyPotSSHSession,
"direct-tcpip": forwarding.CowrieOpenConnectForwardingClient}) "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient})
try: try:
pwentry = pwd.Passwd(self.cfg).getpwnam(self.username) pwentry = pwd.Passwd(self.cfg).getpwnam(self.username)

24
cowrie/ssh/forwarding.py
View File

@ -2,30 +2,34 @@
# See the COPYRIGHT file for more information # See the COPYRIGHT file for more information
""" """
This module contains ... This module contains code for handling SSH forwarding requests
""" """
import twisted
from twisted.conch.ssh import forwarding
from twisted.python import log from twisted.python import log
from twisted.conch.ssh import forwarding
def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar):
""" """
This function will redirect an SSH forward request to a another address
or will log the request and do nothing
""" """
cfg = avatar.cfg cfg = avatar.cfg
if cfg.has_option('forward_mapping', 'ports') and \ if cfg.has_option('forward_mapping', 'ports') and \
cfg.get('forward_mapping', 'ports').lower() not in \ cfg.get('forward_mapping', 'ports').lower() in \
('false', 'no'): ('true', 'yes'):
mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',') mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',')
mappedPorts = [int(x.strip()) for x in mappedPortsComma] mappedPorts = [int(x.strip()) for x in mappedPortsComma]
else: else:
mappedPorts = [] mappedPorts = []
remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data)
remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data)
log.msg(eventid='cowrie.direct-tcpip.request', log.msg(eventid='cowrie.direct-tcpip.request',
format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s',
dst_ip=remoteHP[0], dst_port=remoteHP[1], dst_ip=remoteHP[0], dst_port=remoteHP[1],
src_ip=origHP[0], src_port=origHP[1]) src_ip=origHP[0], src_port=origHP[1])
portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1]) portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1])
if remoteHP[1] in mappedPorts \ if remoteHP[1] in mappedPorts \
and cfg.has_option('forward_mapping', portRule): and cfg.has_option('forward_mapping', portRule):
@ -33,8 +37,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
newIp = newAddr.split(':')[0].strip() newIp = newAddr.split(':')[0].strip()
newPort = int(newAddr.split(':')[1].strip()) newPort = int(newAddr.split(':')[1].strip())
remoteHPNew = (newIp, newPort) remoteHPNew = (newIp, newPort)
log.msg(eventid='cowrie.direct-tcpip.request', log.msg(eventid='cowrie.direct-tcpip.redirect',
format='found custom port, forwarding to %(new_ip)s:%(new_port)s', format='found custom port, redirecting to %(new_ip)s:%(new_port)s',
new_ip=newIp, new_port=newPort) new_ip=newIp, new_port=newPort)
return forwarding.SSHConnectForwardingChannel(remoteHPNew, return forwarding.SSHConnectForwardingChannel(remoteHPNew,
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
@ -44,6 +48,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata
remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket,
avatar=avatar) avatar=avatar)
class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel): class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel):
""" """
""" """