diff --git a/CHANGELOG.md b/CHANGELOG.md index 38de22e..8c60a64 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ - +* 2017-03-15 SSH Forwarding/SFTP/keys/version config have been moved to [ssh]. Change your config file! * 2017-02-12 Implemented toggle for SSH forwarding * 2016-08-22 Merged Telnet support by @obilodeau! * 2016-08-20 Update your libraries! 'configparser' now required: "pip install configparser" diff --git a/cowrie.cfg.dist b/cowrie.cfg.dist index 5771715..d60bc10 100644 --- a/cowrie.cfg.dist +++ b/cowrie.cfg.dist @@ -165,19 +165,27 @@ auth_class = UserDB # historical options in [honeypot] that have not yet been moved to [ssh] # ============================================================================ - -# IP addresses to listen for incoming SSH connections. -# -# (default: 0.0.0.0) = any IPv4 address -#listen_addr = 0.0.0.0 -# (use :: for listen to all IPv6 and IPv4 addresses) -#listen_addr = :: +# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie) +#reported_ssh_port = 22 -# Port to listen for incoming SSH connections. -# -# (default: 2222) -#listen_port = 2222 + +# ============================================================================ +# SSH Specific Options +# ============================================================================ +[ssh] + +# Enable SSH support +# (default: true) +enabled = true + + +# Public and private SSH key files. If these don't exist, they are created +# automatically. +rsa_public_key = etc/ssh_host_rsa_key.pub +rsa_private_key = etc/ssh_host_rsa_key +dsa_public_key = etc/ssh_host_dsa_key.pub +dsa_private_key = etc/ssh_host_dsa_key # SSH Version String @@ -205,36 +213,46 @@ auth_class = UserDB # SSH-2.0-OpenSSH_5.9 # # (default: "SSH-2.0-SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2") -ssh_version_string = SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2 +version = SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2 -# Source Port to report in logs (useful if you use iptables to forward ports to Cowrie) -#reported_ssh_port = 22 +# IP addresses to listen for incoming SSH connections. +# +# (default: 0.0.0.0) = any IPv4 address +#listen_addr = 0.0.0.0 +# (use :: for listen to all IPv6 and IPv4 addresses) +#listen_addr = :: -# Public and private SSH key files. If these don't exist, they are created -# automatically. -rsa_public_key = data/ssh_host_rsa_key.pub -rsa_private_key = data/ssh_host_rsa_key -dsa_public_key = data/ssh_host_dsa_key.pub -dsa_private_key = data/ssh_host_dsa_key +# Port to listen for incoming SSH connections. +# +# (default: 2222) +#listen_port = 2222 # sftp_enabled enables the sftp subsystem sftp_enabled = true -# SSH forwarding -# Useful for forwarding protocols to other honeypots +# Enable SSH direct-tcpip forwarding +# (default: true) +forwarding = true + # This enables redirecting forwarding requests to another address -ssh_forward_redirect = false +# Useful for forwarding protocols to other honeypots # (default: false) +forward_redirect = false + +# Configure where to forward the data to. # forward_redirect_ = : -forward_redirect_80 = 127.0.0.1:8080 + +# Redirect http/https +forward_redirect_80 = 127.0.0.1:8000 forward_redirect_443 = 127.0.0.1:8443 -# If you want to record SMTP traffic, install SMTP honeypoint. + +# To record SMTP traffic, install an SMTP honeypoint. # (e.g https://github.com/awhitehatter/mailoney), run # python mailoney.py -s yahoo.com -t schizo_open_relay -p 12525 forward_redirect_25 = 127.0.0.1:12525 @@ -242,22 +260,6 @@ forward_redirect_587 = 127.0.0.1:12525 -# ============================================================================ -# SSH Specific Options -# ============================================================================ -[ssh] - -# Enable SSH support -# (default: true) -enabled = true - - -# Enable SSH direct-tcpip forwarding -# (default: true) -forwarding = true - - - # ============================================================================ # Telnet Specific Options # ============================================================================ diff --git a/cowrie/core/avatar.py b/cowrie/core/avatar.py index d0627c8..cfe1571 100644 --- a/cowrie/core/avatar.py +++ b/cowrie/core/avatar.py @@ -43,7 +43,7 @@ class CowrieUser(avatar.ConchUser): # SFTP support enabled only when option is explicitly set try: - if self.cfg.getboolean('honeypot', 'sftp_enabled') == True: + if self.cfg.getboolean('ssh', 'sftp_enabled') == True: self.subsystemLookup['sftp'] = conchfiletransfer.FileTransferServer except ValueError as e: pass diff --git a/cowrie/core/keys.py b/cowrie/core/keys.py index 105b39a..10fb23e 100644 --- a/cowrie/core/keys.py +++ b/cowrie/core/keys.py @@ -14,8 +14,8 @@ from twisted.python import log def getRSAKeys(cfg): """ """ - publicKeyFile = cfg.get('honeypot', 'rsa_public_key') - privateKeyFile = cfg.get('honeypot', 'rsa_private_key') + publicKeyFile = cfg.get('ssh', 'rsa_public_key') + privateKeyFile = cfg.get('ssh', 'rsa_private_key') if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)): log.msg("Generating new RSA keypair...") from Crypto.PublicKey import RSA @@ -40,8 +40,8 @@ def getRSAKeys(cfg): def getDSAKeys(cfg): """ """ - publicKeyFile = cfg.get('honeypot', 'dsa_public_key') - privateKeyFile = cfg.get('honeypot', 'dsa_private_key') + publicKeyFile = cfg.get('ssh', 'dsa_public_key') + privateKeyFile = cfg.get('ssh', 'dsa_private_key') if not (os.path.exists(publicKeyFile) and os.path.exists(privateKeyFile)): log.msg("Generating new DSA keypair...") from Crypto.PublicKey import DSA diff --git a/cowrie/ssh/factory.py b/cowrie/ssh/factory.py index 27404eb..06eb091 100644 --- a/cowrie/ssh/factory.py +++ b/cowrie/ssh/factory.py @@ -91,7 +91,7 @@ class CowrieSSHFactory(factory.SSHFactory): t = transport.HoneyPotSSHTransport() try: - t.ourVersionString = self.cfg.get('honeypot', 'ssh_version_string') + t.ourVersionString = self.cfg.get('ssh', 'version') except: t.ourVersionString = "SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2" diff --git a/cowrie/ssh/forwarding.py b/cowrie/ssh/forwarding.py index 0b691d6..ce8f9c8 100644 --- a/cowrie/ssh/forwarding.py +++ b/cowrie/ssh/forwarding.py @@ -23,7 +23,7 @@ def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata cfg = avatar.cfg try: - if cfg.getboolean('honeypot', 'ssh_forward_redirect') == True: + if cfg.getboolean('ssh', 'forward_redirect') == True: redirectEnabled = True else: redirectEnabled = False @@ -32,7 +32,7 @@ def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata if redirectEnabled: redirects = {} - items = cfg.items('honeypot') + items = cfg.items('ssh') for i in items: if i[0].startswith('forward_redirect'): destPort = i[0].split('_')[-1]