-
June 5th, 2006, 02:42 PM
#1
Junior Member
Last edited by bsoric; January 25th, 2016 at 01:09 PM.
-
June 5th, 2006, 04:14 PM
#2
They look nice. I think I might have to have a crack myself...
How much traffic have you had in them? Or have you not put them online yet?
If everything looks perfect, then there is something you don\'t know
-
June 5th, 2006, 04:36 PM
#3
Hey Hey,
If you look through the forums, at some point in the past I posted a small SMTP Honeypot that I wrote in python... rather lacking in features... I wrote it while experimenting with Python...
Also I'm curious as to why you import pickle as you don't seem to use it at all.
Peace,
HT
-
June 8th, 2006, 04:05 PM
#4
saw this thread...took you code and convereted into a multi threaded code, also organized it a bit , made it more pythonic,more flexible etc etc. Did it quickly so it is still bit buggy, ex: [\r]\n.[\r]\n doesnt works properly... need to fix it...
Code:
#!/usr/bin/env python
import sys
# I love short variables
import threading as t
import socket as s
LOGFILE="/home/me/tmp/SMTPHoneyd.log"
MaxThreadCount=20
ThreadCount=0
ThreadCountLock=t.Lock()
LogFileLock=t.Lock()
ListenPort = 25
DEBUG=1
def debug(data):
if DEBUG:
print "[SMTPHoneyd]", " ",data
else:
pass
class SMTPHoneyPot( t.Thread ):
def __init__ ( self, channel, details,lfd ):
global ThreadCount, ThreadCountLock, MaxThreadCount
self.conn = channel
self.rWhoPort=details[1]
self.rWhoIP=details[0]
self.logBuffer=""
self.lfd=lfd
self.id=0
#This dict is in the following form
#COMMAND_RCVED :[MSG_2_SND,FUNCTION_2_IVOKE]
#You do more than just logging here
# To create a true honeypot it will be a good idea to im plement the state machine of the SMTP Server you are emulating.
# or probably even making it template based so that with just a few changes in configuration file, you can make
# it emulate a diff server
self.CommandResponseDict={
"HELO" :["250 computer\r\n",self.log],
"EHLO" :["250 computer\r\n",self.log],
"MAIL" :["250 Sender OK\r\n",self.log],
"RCPT" :["250 Recipient OK.\r\n",self.log],
"RSET" :["250 Ok resetting state\r\n",self.log],
"DATA" :["354 Ok Send data ending with <CRLF>.<CRLF>\r\n",self.log],
"\r\n.\r\n" :["250 Message received\r\n",self.log],
"\n.\n" :["250 Message received\r\n",self.log],
"QUIT" :["221 computer ESMTP server closing connection\r\n",self.log],
"HELP" :["""
214-Commands:\r\n
214- HELO EHLO MAIL RCPT DATA\r
214- RSET NOOP QUIT HELP VRFY\r
214- EXPN\r\n
""",self.log],
"VRFY" :["250\r\n",self.log],
"NOOP" :["250\r\n",self.log],
"EXPN" :["250\r\n",self.log]
}
if ThreadCount < MaxThreadCount:
ThreadCountLock.acquire()
ThreadCount += 1
debug("ThreadCount Now : %d" % ThreadCount)
self.id=ThreadCount
ThreadCountLock.release()
t.Thread.__init__ ( self )
def log(self,data):
newdata="SMTPHoneyPot [Thread ID %d,SrcIP %s,SrcPort %s]: Command : %s" % (self.id,self.rWhoIP,self.rWhoPort,data)
debug(newdata)
self.logBuffer += data
def dumpLog(self):
global LogFileLock
LogFileLock.acquire()
debug("dumping data")
self.lfd.write(data)
self.lfd.flush()
def run ( self ):
#send banner
try:
self.conn.send("220 computer ESMTP Server (Microsoft Exchange Internet Mail Service 4.0.994.63) ready\r\n")
self.log("Connected")
except (s.error,s.timeout):
self.conn.close()
return
#Handle Commands
while True:
try:
attkrdata=self.conn.recv(10000)
if not attkrdata:
debug("Remote machine has closed the socket")
break
except (s.error,s.timeout):
self.conn.close()
return
try:
debug("DATA: %s"%attkrdata)
try:
cmd=attkrdata.split()[0]
except IndexError:
cmd=attkrdata
debug("COMMAND: %s"%cmd)
res_action=self.CommandResponseDict[cmd]
res_action[1](attkrdata) # call the action method
debug("Sending : %s"%res_action[0])
try:
self.conn.send(res_action[0])
except s.error:
self.conn.close()
break
except KeyError:
self.log(attkrdata)
if __name__=="__main__":
try:
lfd=open(LOGFILE,"rw")
except (IOError,OSError):
print "Unable to Open the log file..Quiting"
sys.exit(-1)
debug("Opened logfile")
server = s.socket ( s.AF_INET, s.SOCK_STREAM )
try:
server.bind ( ( '', ListenPort ) )
except s.error:
print "Unable to bind to port %d" % ListenPort
sys.exit(-1)
debug("bound to socket")
server.listen ( 5 )
debug("server listening")
# Have the server serve "forever":
while True:
channel, details = server.accept()
debug("Got connection %s"%str(details))
SMTPHoneyPot( channel, details,lfd ).start()
guru@linux:~> who I grep -i blonde I talk; cd ~; wine; talk; touch; unzip; touch; strip; gasp; finger; mount; fsck; more; yes; gasp; umount; make clean; sleep;
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|