From 3e87206fbe18e65002d57792a963b9e3b2aed4ed Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Sun, 12 Feb 2017 18:44:45 +0400 Subject: [PATCH] new option [ssh] forwarding=false this will disable all ssh forwarding --- cowrie.cfg.dist | 3 +++ cowrie/core/avatar.py | 13 +++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist index d3f0873..ec2d15d 100644 --- a/cowrie.cfg.dist +++ b/cowrie.cfg.dist @@ -238,6 +238,9 @@ forward_redirect_587 = 127.0.0.1:12525 # Enable SSH support, enabled by default enabled = true +# Enable SSH direct-tcpip forwarding, enabled by default +forwarding = true + # ============================================================================ # Telnet Specific Options # ============================================================================ diff --git a/cowrie/core/avatar.py b/cowrie/core/avatar.py index 19635de..d0627c8 100644 --- a/cowrie/core/avatar.py +++ b/cowrie/core/avatar.py @@ -7,7 +7,6 @@ This module contains ... from zope.interface import implementer -import twisted from twisted.conch import avatar from twisted.conch.interfaces import IConchUser, ISession, ISFTPServer from twisted.conch.ssh import filetransfer as conchfiletransfer @@ -30,9 +29,7 @@ class CowrieUser(avatar.ConchUser): self.server = server self.cfg = self.server.cfg - self.channelLookup.update( - {"session": session.HoneyPotSSHSession, - "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient}) + self.channelLookup['session'] = session.HoneyPotSSHSession try: pwentry = pwd.Passwd(self.cfg).getpwnam(self.username) @@ -51,6 +48,14 @@ class CowrieUser(avatar.ConchUser): except ValueError as e: pass + # SSH forwarding disabled only when option is explicitly set + self.channelLookup['direct-tcpip'] = forwarding.cowrieOpenConnectForwardingClient + try: + if self.cfg.getboolean('ssh', 'forwarding') == False: + del self.channelLookup['direct-tcpip'] + except: + pass + def logout(self): """