|
-
February 16th, 2004, 03:29 AM
#11
Member
phishphreek - thanks for the offer - I've got the CD, too, so I don't need to bother you for the files. I'll check through the other threads, too, for some faux services I may be interested in running.
l00p
-
February 16th, 2004, 03:39 AM
#12
Hey Hey,
I'll make one last addition to this thread, I've written some code for some simple things for tutorials, including an SMTP honeypot. I never released the full code (except maybe in addicts), but if it'll help ya out here ya go. It's written in Python and emulates a IIS SMTP Server. It's not very complex and just gives very basic responses, so they'll realize it own't send their mail, however it logs and timestamps the connections and the IP address they come from. With simple python knowledge you could make it write to a file, and adding two or three lines of code would also make it recieve the commands the user types in.
Code:
# Demonstrates various methods of importing modules.
from socket import *
import string
import time
import shlex
# create a socket of the basic type.
s = socket(AF_INET, SOCK_STREAM)
# Query the user for their IP Address and set that and the port
HOST = raw_input("Enter IP Address to bind socket to: ")
PORT = 250
s.bind((HOST, PORT)) # Bind the socket to an IP Address and Port
while 1:
s.listen(5) # Have the socket listen for a connection
(incomingsocket, address) = s.accept() # Accept an incoming connection
straddress = str(address) # Convert incoming address to a string
testlist = string.split(straddress, ",") # Split the tuple into lists
gethost = string.split(testlist[0], "'") # Split the host portion of the list
getaddr = string.split(testlist[1], ")") # Split the port portion of the list
host = gethost[1] # Remove just the address from the list
incomingport = int(getaddr[0]) # Remove just the port from the list
# define our responses
banner = "220 desktop Microsoft ESMTP MAIL Service, Version 6.0.2600.1106 ready at " + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + "\r\n"
error = "500 5.3.3 Unrecognized command"+ "\r\n"
help = "214-This server supports the following commands: \r\n 214 HELO EHLO STARTTLS RCPT DATA RSET MAIL QUIT HELP AUTH BDAT VRFY"+ "\r\n"
helo = "250 desktop Hello ["+ str(host)+"]"+ "\r\n"
invalidaddress = "501 5.5.4 Invalid Address"+ "\r\n"
ehlo = "250 desktop Hello ["+ str(host)+"] \r\n 250-SIZE 2097152 \r\n 250-PIPELINING\r\n 250-DSN \r\n 250-ENHANCEDSTATUSCODES \r\n 250-8bitmime \r\n 250-BINARYMIME \r\n 250-CHUNKING \r\n 250-VRFY \r\n 250 OK \r\n"
starttls = "554 5.7.3 Unable to initialize security subsystem"+ "\r\n"
rcpt = "503 5.5.2 Need Mail From: first"+ "\r\n"
mail = "501 5.5.4 Argument missing"+ "\r\n"
datamsg = "503 5.5.2 Need mail command."+ "\r\n"
rset = "250 2.0.0 Resetting"+ "\r\n"
auth = "501 5.5.4 No mechanism"+ "\r\n"
vrfy = "252 2.1.5 Cannot VRFY user"+ "\r\n"
data = ""
lastchar = ""
incomingsocket.send(banner) # Send our banner
# Print connection information to stdout
logdata = "Connection attempt on port " + str(PORT) + " from " + str(host) + ":" + str(incomingport) + " @ " + time.strftime("%H:%M:%S - %d %b %Y")
print logdata
# define our Warning
warning = "Illegal Access of this server, your IP [" + host +"] has been logged.\r\n"
# Listen for incoming data
while 1 :
while 1:
lastchar = incomingsocket.recv(1024)
if lastchar == "\n": break
elif lastchar == "\r\n": break
else: data = data + lastchar
if data == "helo" : incomingsocket.send(helo)
elif data == "ehlo" : incomingsocket.send(ehlo)
elif data == "help" : incomingsocket.send(help)
elif data == "starttls" : incomingsocket.send(starttls)
elif data == "rcpt" : incomingsocket.send(rcpt)
elif data == "mail" : incomingsocket.send(invalidaddress)
elif data == "data" : incomingsocket.send(datamsg)
elif data == "rset" : incomingsocket.send(rset)
elif data == "auth" : incomingsocket.send(auth)
elif data == "vrfy" : incomingsocket.send(vrfy)
elif data == "quit" : break
else : incomingsocket.send(error)
data = ""
#Send the Warning
incomingsocket.send(warning)
# Close the socket
incomingsocket.close
s.close
This second piece of code was also posted (I think in addicts) and is for an echo server.
Code:
# Demonstrates various methods of importing modules.
from socket import *
import string
import time
import shlex
# create a socket of the basic type.
s = socket(AF_INET, SOCK_STREAM)
# Query the user for their IP Address and set that and the port
HOST = raw_input("Enter IP Address to bind socket to: ")
PORT = 700
s.bind((HOST, PORT)) # Bind the socket to an IP Address and Port
while 1:
s.listen(5) # Have the socket listen for a connection
(incomingsocket, address) = s.accept() # Accept an incoming connection
straddress = str(address) # Convert incoming address to a string
testlist = string.split(straddress, ",") # Split the tuple into lists
gethost = string.split(testlist[0], "'") # Split the host portion of the list
getaddr = string.split(testlist[1], ")") # Split the port portion of the list
host = gethost[1] # Remove just the address from the list
incomingport = int(getaddr[0]) # Remove just the port from the list
data = ""
# Print connection information to stdout
logdata = "Connection attempt on port " + str(PORT) + " from " + str(host) + ":" + str(incomingport) + " @ " + time.strftime("%H:%M:%S - %d %b %Y")
print logdata
#Send a Banner
incomingsocket.send("Welcome to HT's Simple Echo Server - RFC 862\r\n")
# Listen for incoming data
while 1 :
while 1:
lastchar = incomingsocket.recv(1024)
if lastchar == "\n": break
elif lastchar == "\r\n": break
else: data = data + lastchar
incomingsocket.send(data)
incomingsocket.send("\r\n")
if data == "quit\r\n" : break
if data == "quit\n" : break
data = ""
# Close the socket
incomingsocket.close
s.close
These may or may not be useful to you, but they should provide you with a starting ground that will at least open a few ports and return a few banners to the attacker, as well as simulating the basics of the respective daemons they are trying to emulate.
Peace,
HT
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote