Add HoneypotPasswordChecker which will log attempted passwords and allow

multiple passwords for one user git-svn-id: https://kippo.googlecode.com/svn/trunk@39 951d7100-d841-11de-b865-b3884708a8e2
2009-11-21 11:07:26 +00:00 · 2009-11-21 11:07:26 +00:00 · 9c93742f45
parent 536ec915d1
commit 9c93742f45
2 changed files with 30 additions and 11 deletions
--- a/core/honeypot.py
+++ b/core/honeypot.py
@ -1,14 +1,14 @@
 # Copyright (c) 2009 Upi Tamminen <desaster@gmail.com>
 # See the COPYRIGHT file for more information

-from twisted.cred import portal, checkers, credentials
-from twisted.conch import error, avatar, recvline, interfaces as conchinterfaces
+from twisted.cred import portal, checkers, credentials, error
+from twisted.conch import avatar, recvline, interfaces as conchinterfaces
 from twisted.conch.ssh import factory, userauth, connection, keys, session, common, transport
 from twisted.conch.insults import insults
 from twisted.application import service, internet
 from twisted.protocols.policies import TrafficLoggingFactory
-from twisted.internet import reactor, protocol
-from twisted.python import log
+from twisted.internet import reactor, protocol, defer
+from twisted.python import failure, log
 from zope.interface import implements
 from copy import deepcopy, copy
 import sys, os, random, pickle, time, stat, shlex
@ -352,10 +352,8 @@ class HoneyPotSSHFactory(factory.SSHFactory):
        }

    def buildProtocol(self, addr):
+        # FIXME: try to mimic something real 100%
        t = transport.SSHServerTransport()
-        #
-        # Fix for BUG 1463701 "NMap recognizes Kojoney as a Honeypot"
-        #
        t.ourVersionString = 'SSH-2.0-OpenSSH_5.1p1 Debian-5'
        t.supportedPublicKeys = self.privateKeys.keys()
        if not self.primes:
@ -365,6 +363,24 @@ class HoneyPotSSHFactory(factory.SSHFactory):
        t.factory = self
        return t

+class HoneypotPasswordChecker:
+    implements(checkers.ICredentialsChecker)
+
+    credentialInterfaces = (credentials.IUsernamePassword,)
+
+    def __init__(self, users):
+        self.users = users
+
+    def requestAvatarId(self, credentials):
+        if (credentials.username, credentials.password) in self.users:
+            print 'login attempt [%s/%s] succeeded' % \
+                (credentials.username, credentials.password)
+            return defer.succeed(credentials.username)
+        else:
+            print 'login attempt [%s/%s] failed' % \
+                (credentials.username, credentials.password)
+            return defer.fail(error.UnauthorizedLogin())
+
 def getRSAKeys():
    if not (os.path.exists('public.key') and os.path.exists('private.key')):
        # generate a RSA keypair
--- a/kippo.tac
+++ b/kippo.tac
@ -2,7 +2,7 @@
 # See the COPYRIGHT file for more information

 from twisted.application import internet, service
-from twisted.cred import portal, checkers
+from twisted.cred import portal
 from twisted.conch.ssh import factory, keys
 from core import honeypot
 import config
@ -11,9 +11,12 @@ factory = honeypot.HoneyPotSSHFactory()
 factory.portal = portal.Portal(honeypot.HoneyPotRealm())

 pubKeyString, privKeyString = honeypot.getRSAKeys()
-users = {'root': 'root'}
-factory.portal.registerChecker(
-    checkers.InMemoryUsernamePasswordDatabaseDontUse(**users))
+# Move this somewhere if we decide to use more passwords
+users = (
+    ('root', 'root'),
+    ('root', '1234'),
+    )
+factory.portal.registerChecker(honeypot.HoneypotPasswordChecker(users))
 factory.publicKeys = {'ssh-rsa': keys.Key.fromString(data=pubKeyString)}
 factory.privateKeys = {'ssh-rsa': keys.Key.fromString(data=privKeyString)}