diff --git a/cowrie/core/avatar.py b/cowrie/core/avatar.py index b26091c..a527b54 100644 --- a/cowrie/core/avatar.py +++ b/cowrie/core/avatar.py @@ -32,7 +32,7 @@ class CowrieUser(avatar.ConchUser): self.channelLookup.update( {"session": session.HoneyPotSSHSession, - "direct-tcpip": forwarding.CowrieOpenConnectForwardingClient}) + "direct-tcpip": forwarding.cowrieOpenConnectForwardingClient}) try: pwentry = pwd.Passwd(self.cfg).getpwnam(self.username) diff --git a/cowrie/ssh/forwarding.py b/cowrie/ssh/forwarding.py index 575e13b..7405d69 100644 --- a/cowrie/ssh/forwarding.py +++ b/cowrie/ssh/forwarding.py @@ -2,30 +2,34 @@ # See the COPYRIGHT file for more information """ -This module contains ... +This module contains code for handling SSH forwarding requests """ -import twisted -from twisted.conch.ssh import forwarding from twisted.python import log +from twisted.conch.ssh import forwarding -def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): +def cowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avatar): """ + This function will redirect an SSH forward request to a another address + or will log the request and do nothing """ cfg = avatar.cfg if cfg.has_option('forward_mapping', 'ports') and \ - cfg.get('forward_mapping', 'ports').lower() not in \ - ('false', 'no'): + cfg.get('forward_mapping', 'ports').lower() in \ + ('true', 'yes'): mappedPortsComma = cfg.get('forward_mapping', 'ports').split(',') mappedPorts = [int(x.strip()) for x in mappedPortsComma] else: mappedPorts = [] - remoteHP, origHP = twisted.conch.ssh.forwarding.unpackOpen_direct_tcpip(data) - log.msg(eventid='cowrie.direct-tcpip.request', - format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', - dst_ip=remoteHP[0], dst_port=remoteHP[1], - src_ip=origHP[0], src_port=origHP[1]) + + remoteHP, origHP = forwarding.unpackOpen_direct_tcpip(data) + + log.msg(eventid='cowrie.direct-tcpip.request', + format='direct-tcp connection request to %(dst_ip)s:%(dst_port)s from %(src_ip)s:%(src_port)s', + dst_ip=remoteHP[0], dst_port=remoteHP[1], + src_ip=origHP[0], src_port=origHP[1]) + portRule = 'port_{dst_port}'.format(dst_port=remoteHP[1]) if remoteHP[1] in mappedPorts \ and cfg.has_option('forward_mapping', portRule): @@ -33,8 +37,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata newIp = newAddr.split(':')[0].strip() newPort = int(newAddr.split(':')[1].strip()) remoteHPNew = (newIp, newPort) - log.msg(eventid='cowrie.direct-tcpip.request', - format='found custom port, forwarding to %(new_ip)s:%(new_port)s', + log.msg(eventid='cowrie.direct-tcpip.redirect', + format='found custom port, redirecting to %(new_ip)s:%(new_port)s', new_ip=newIp, new_port=newPort) return forwarding.SSHConnectForwardingChannel(remoteHPNew, remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, @@ -44,6 +48,8 @@ def CowrieOpenConnectForwardingClient(remoteWindow, remoteMaxPacket, data, avata remoteWindow=remoteWindow, remoteMaxPacket=remoteMaxPacket, avatar=avatar) + + class CowrieConnectForwardingChannel(forwarding.SSHConnectForwardingChannel): """ """