Protocol changes to prevent Telnet data to appear before password prompt

Not perfect because there is no ECHO when entering Username... A proper fix will need more testing but I need to gather data now.
2026-02-22 14:54:28 +01:00 · 2016-02-01 12:00:33 -05:00
parent 92cc6ee597
commit 29facd6ffe
1 changed files with 29 additions and 7 deletions
--- a/cowrie/telnet/transport.py
+++ b/cowrie/telnet/transport.py
@@ -117,8 +117,18 @@ class HoneyPotTelnetAuthProtocol(AuthenticatingTelnetProtocol, TimeoutMixin):
        self.transport.write(self.factory.banner)
        self.transport.write("User Access Verification\n\nUsername: ")

+        # Enable some Telnet options for proper output and echo
+        # This supports both smart Telnet clients and raw bytes sending
+        # malware
+        # XXX this works with dumb but not smart
+        #     check how I should negotiate
+        #self.transport.do(ECHO)
+        #self.transport.will(SGA)
+        self.transport.will(ECHO)
+
        self.setTimeout(120)

+
    # FIXME TelnetTransport is throwing an exception when client disconnects
    #       Not sure if this is true anymore
    def connectionLost(self, reason):
@@ -133,20 +143,32 @@ class HoneyPotTelnetAuthProtocol(AuthenticatingTelnetProtocol, TimeoutMixin):
        AuthenticatingTelnetProtocol.connectionLost(self, reason)


+    def telnet_User(self, line):
+        """
+        Overriden to kill Will ECHO which confuses badly coded malware not
+        expecting Telnet commands.
+        """
+        self.username = line
+        #self.transport.will(ECHO)
+        self.transport.write("Password: ")
+        return 'Password'
+
+
    def telnet_Password(self, line):
        username, password = self.username, line
        del self.username
-        def login(ignored):
-            self.src_ip = self.transport.getPeer().host
-            creds = UsernamePasswordIP(username, password, self.src_ip)
-            d = self.portal.login(creds, self.src_ip, ITelnetProtocol)
-            d.addCallback(self._cbLogin)
-            d.addErrback(self._ebLogin)

+        self.src_ip = self.transport.getPeer().host
+        creds = UsernamePasswordIP(username, password, self.src_ip)
+        d = self.portal.login(creds, self.src_ip, ITelnetProtocol)
+        d.addCallback(self._cbLogin)
+        d.addErrback(self._ebLogin)
+
+        # XXX disabled since it seems to confuse dumb clients
        # even if ECHO negotiation fails we still want to attempt a login
        # this allows us to support dumb clients which is common in malware
        # thus the addBoth: on success and on exception (AlreadyNegotiating)
-        self.transport.wont(ECHO).addBoth(login)
+        #self.transport.wont(ECHO).addBoth(login)

        return 'Discard'