From 20e5617e4ba9787b4c427d5bd13f094b1a80db34 Mon Sep 17 00:00:00 2001 From: Tom Liston Date: Mon, 27 Apr 2015 09:09:54 -0700 Subject: [PATCH] Fixed up whitespace prior to makeing some more extensive changes. I love python. I hate whitespace. --- toms_honeypot.py | 473 ++++++++++++++++++++++++----------------------- 1 file changed, 238 insertions(+), 235 deletions(-) diff --git a/toms_honeypot.py b/toms_honeypot.py index f3e4d5a..7b4107b 100755 --- a/toms_honeypot.py +++ b/toms_honeypot.py @@ -28,12 +28,12 @@ from twisted.internet import reactor # uncomment these if you want to use the tweeting functionality -#import tweepy -#import GeoIP +import tweepy +import GeoIP # you MUST change these... -interface = '12.34.56.78' -myid = '' +interface = '192.168.1.19' +myid = '1' SQLPing = binascii.unhexlify('02') SQLSlammer = binascii.unhexlify('\ @@ -62,254 +62,257 @@ lastVNC = '' def logprint(x): - now = time.time() - t = time.strftime("%Y-%m-%d %H:%M:%S") + ("%1.4f" % (now - int(now)))[1:] + ": " - logger.info(t + x) - + now = time.time() + t = time.strftime("%Y-%m-%d %H:%M:%S") + ("%1.4f" % (now - int(now)))[1:] + ": " + logger.info(t + x) + def logprint2(x): - try: - logger.info(x) - except TypeError: - pass + try: + logger.info(x) + except TypeError: + pass def twitter_it(x, ip): - #remove the "return" line and get OAUTH values from Twitter (http://dev.twitter.com) if you want to have this tweet - return + #remove the "return" line and get OAUTH values from Twitter (http://dev.twitter.com) if you want to have this tweet + #return global myid - wait = random.randint(60,600) + random.randint(60,600) - time.sleep(wait) - # necessary auth values - CONSUMER_KEY = '' - CONSUMER_SECRET = '' - ACCESS_KEY = '' - ACCESS_SECRET = '' - # end auth values - gir = gi.record_by_addr(ip) - if gir != None: - if gir['region_name'] != None: - region = unicodedata.normalize('NFKD', unicode(gir['region_name'], 'iso-8859-1')).encode('ascii','ignore') - else: - region = 'N/A' - if gir['city'] != None: - city = unicodedata.normalize('NFKD', unicode(gir['city'], 'iso-8859-1')).encode('ascii','ignore') - else: - city = 'N/A' - else: - city = 'N/A' - region = 'N/A' - auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET) - auth.set_access_token(ACCESS_KEY, ACCESS_SECRET) - api = tweepy.API(auth) - if(gir != None): - msg = x % (ip, gir['country_code'], region, city) - else: - msg = x % (ip, 'N/A', region, city) - if myid != '': - msg = msg + " " + myid - api.update_status(msg) - logprint("Tweeted: " + msg) + wait = random.randint(60,600) + random.randint(60,600) + time.sleep(wait) + # necessary auth values + CONSUMER_KEY = 'IjbOPGV7ig3j6aXLFyiitQ' + CONSUMER_SECRET = '02GG9qhh4mYfLS73c3qDRtVbL24I1wTvLtsay5Ng1WA' + ACCESS_KEY = '168692722-SlFpV1zHfQ8IwdFmuNSDSopUE0CJPiXy78wYXUoj' + ACCESS_SECRET = 'U8Ba63Zjw4AdTA0GFuiAAMWMIPe0Y6CMoPz8XLq3MY' + # end auth values + gir = gi.record_by_addr(ip) + if gir != None: + if gir['region_name'] != None: + region = unicodedata.normalize('NFKD', unicode(gir['region_name'], 'iso-8859-1')).encode('ascii','ignore') + else: + region = 'N/A' + if gir['city'] != None: + city = unicodedata.normalize('NFKD', unicode(gir['city'], 'iso-8859-1')).encode('ascii','ignore') + else: + city = 'N/A' + else: + city = 'N/A' + region = 'N/A' + auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET) + auth.set_access_token(ACCESS_KEY, ACCESS_SECRET) + api = tweepy.API(auth) + if(gir != None): + msg = x % (ip, gir['country_code'], region, city) + else: + msg = x % (ip, 'N/A', region, city) + if myid != '': + msg = msg + " " + myid + try: + api.update_status(msg) + except tweepy.error.TweepError: + pass + logprint("Tweeted: " + msg) class tFakeMSSQL(Protocol): - def dataReceived(self, data): - global lastMSSQL - tds_type, size = struct.unpack('!BxH', data[:4]) - if(size == len(data)): - p1 = 8 - nexttoken = 0 - if(tds_type == 0x12): - tds_response_created = 0 - p2 = p1 + 6; - logprint("TDS 7/8 Prelogin packet on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) - while nexttoken != 0xff: - tokentype, p, l, nexttoken = struct.unpack('!BHHB', data[p1:p2]) - if tokentype == 0: - maj, minor = struct.unpack('!LH', data[p + 8:p + l + 8]) - tds_response = tds_response_a + binascii.hexlify(data[p + 8:p + l + 8]) + '0200' - tds_response_created = 1 - logprint2("\tVersion:\n\t\tMaj: %s\n\t\tMin: %s" % (hex(socket.ntohl(maj)), hex(socket.ntohl(minor)))) - if tokentype == 1: - enc, = struct.unpack('!B', data[p + 8:p + l + 8]) - logprint2("\tEncryption: %s" % enctype[enc]) - if (tokentype == 2) & (l > 1): - logprint2("\tInstance: %s" % str(data[p + 8:p + l + 8])) - if tokentype == 3: - threadid, = struct.unpack('!L', data[p + 8:p + l + 8]) - logprint2("\tThread ID: %s" % str(threadid)) - if tokentype == 4: - mars, = struct.unpack('!B', data[p + 8:p + l + 8]) - logprint2("\tMARS: %s" % str(marstype[mars])) - p1 = p2 - 1 - p2 = p1 + 6 - if tds_response_created == 0: - tds_response = tds_response_a + '080002fe00000200' - self.transport.write(binascii.unhexlify(tds_response)) - elif(tds_type == 0x10): - p2 = p1 + 36 - logprint("TDS 7/8 Login packet on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) - if len(data) > p2: - l, v, ps, cv, pid, cid, o1, o2, o3, r, tz, lc = struct.unpack('=LLLLLLBBBBLL', data[p1:p2]) - logprint2('\tLen: %i' % l) - logprint2('\tVersion: %s' % hex(socket.ntohl(v))) - logprint2('\tPacket Size: %i' % ps) - logprint2('\tClient Version: %i' % socket.ntohl(cv)) - logprint2('\tClient PID: %i' % pid) - logprint2('\tConnection ID: %i' % cid) - logprint2('\tOption Flag 1: %i' % o1) - logprint2('\tOption Flag 2: %i' % o2) - logprint2('\tOption Flag 3: %i' % o3) - logprint2('\tType Flag: %i' % r) - logprint2('\tClient TZ: %i' % tz) - logprint2('\tClient Language Code: %i' % lc) - p1 = p2 - p2 = p1 + 4 - for n in logindata: - o, l = struct.unpack('=HH', data[p1:p2]) - if l > 0: - if n == 'Password': - pw = '' - p = data[o + 8:o + (2 * l) + 8] - for byte in p: - b = ord(byte) ^ 0xa5 - reverse_b = (b & 0xf) << 4 | (b & 0xf0) >> 4 - pw = pw + chr(reverse_b) - logprint2('\t%s: %s' % (n, pw.encode("utf-8"))) - else: - s = data[o + 8:o + (2 * l) + 8] - logprint2('\t%s: %s' % (n, s.encode("utf-8"))) - p1 = p2 - p2 = p1 + 4 - logprint2('\tClient ID: %s' % binascii.hexlify(data[p1:p1+6])) - self.transport.loseConnection() - if(lastMSSQL != self.transport.getPeer().host): - lastMSSQL = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) tried to log into my honeypot's fake MSSQL Server... #netmenaces", lastMSSQL)) - else: - logprint("TCPData on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - self.transport.loseConnection() + def dataReceived(self, data): + global lastMSSQL + tds_type, size = struct.unpack('!BxH', data[:4]) + if(size == len(data)): + p1 = 8 + nexttoken = 0 + if(tds_type == 0x12): + tds_response_created = 0 + p2 = p1 + 6; + logprint("TDS 7/8 Prelogin packet on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) + while nexttoken != 0xff: + tokentype, p, l, nexttoken = struct.unpack('!BHHB', data[p1:p2]) + if tokentype == 0: + maj, minor = struct.unpack('!LH', data[p + 8:p + l + 8]) + tds_response = tds_response_a + binascii.hexlify(data[p + 8:p + l + 8]) + '0200' + tds_response_created = 1 + logprint2("\tVersion:\n\t\tMaj: %s\n\t\tMin: %s" % (hex(socket.ntohl(maj)), hex(socket.ntohl(minor)))) + if tokentype == 1: + enc, = struct.unpack('!B', data[p + 8:p + l + 8]) + logprint2("\tEncryption: %s" % enctype[enc]) + if (tokentype == 2) & (l > 1): + logprint2("\tInstance: %s" % str(data[p + 8:p + l + 8])) + if tokentype == 3: + threadid, = struct.unpack('!L', data[p + 8:p + l + 8]) + logprint2("\tThread ID: %s" % str(threadid)) + if tokentype == 4: + mars, = struct.unpack('!B', data[p + 8:p + l + 8]) + logprint2("\tMARS: %s" % str(marstype[mars])) + p1 = p2 - 1 + p2 = p1 + 6 + if tds_response_created == 0: + tds_response = tds_response_a + '080002fe00000200' + self.transport.write(binascii.unhexlify(tds_response)) + elif(tds_type == 0x10): + p2 = p1 + 36 + logprint("TDS 7/8 Login packet on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) + if len(data) > p2: + l, v, ps, cv, pid, cid, o1, o2, o3, r, tz, lc = struct.unpack('=LLLLLLBBBBLL', data[p1:p2]) + logprint2('\tLen: %i' % l) + logprint2('\tVersion: %s' % hex(socket.ntohl(v))) + logprint2('\tPacket Size: %i' % ps) + logprint2('\tClient Version: %i' % socket.ntohl(cv)) + logprint2('\tClient PID: %i' % pid) + logprint2('\tConnection ID: %i' % cid) + logprint2('\tOption Flag 1: %i' % o1) + logprint2('\tOption Flag 2: %i' % o2) + logprint2('\tOption Flag 3: %i' % o3) + logprint2('\tType Flag: %i' % r) + logprint2('\tClient TZ: %i' % tz) + logprint2('\tClient Language Code: %i' % lc) + p1 = p2 + p2 = p1 + 4 + for n in logindata: + o, l = struct.unpack('=HH', data[p1:p2]) + if l > 0: + if n == 'Password': + pw = '' + p = data[o + 8:o + (2 * l) + 8] + for byte in p: + b = ord(byte) ^ 0xa5 + reverse_b = (b & 0xf) << 4 | (b & 0xf0) >> 4 + pw = pw + chr(reverse_b) + logprint2('\t%s: %s' % (n, pw.encode("utf-8"))) + else: + s = data[o + 8:o + (2 * l) + 8] + logprint2('\t%s: %s' % (n, s.encode("utf-8"))) + p1 = p2 + p2 = p1 + 4 + logprint2('\tClient ID: %s' % binascii.hexlify(data[p1:p1+6])) + self.transport.loseConnection() + if(lastMSSQL != self.transport.getPeer().host): + lastMSSQL = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) tried to log into my honeypot's fake MSSQL Server... #netmenaces", lastMSSQL)) + else: + logprint("TCPData on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + self.transport.loseConnection() class Dumper(Protocol): - def dataReceived(self, data): - logprint("TCPData on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - self.transport.loseConnection() + def dataReceived(self, data): + logprint("TCPData on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + self.transport.loseConnection() class tFakeTS(Protocol): - def dataReceived(self, data): - global lastTS - global gi - tpkt_data = data[:4] - x224_data = data[4:] - v, junk, total_len = struct.unpack('!BBH', tpkt_data) - logprint("TPKT (v.%d and length %d) on port %d from: %s (%d/TCP):" % (v, total_len, self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) - if(len(data) == total_len): - l, c = struct.unpack('BB',x224_data[:2]) - if c == 0xe0: - x224 = struct.unpack('!HHBH', x224_data[2:9]) - logprint2("\tX224 Connection Request. Responding...") - self.transport.write(struct.pack('!BBHBBHHB', v, 0, 11, 6, 0xd0, x224[1], 0x1234, x224[2])) - logprint2("\tLogin: %s" % x224_data[6:]) - if(lastTS != self.transport.getPeer().host): - lastTS = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) tried to log into my honeypot's fake Terminal Services server... #netmenaces", lastTS)) - else: - logprint2("\tX224 Unrecognized code:") - logprint2(binascii.hexlify(data)) - self.transport.loseConnection() - if(lastTS != self.transport.getPeer().host): - lastTS = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) connected to my honeypot's fake Terminal Services server... #netmenaces", lastTS)) - else: - logprint2("Data inconsistent... dropping connection.") - logprint2(binascii.hexlify(data)) - self.transport.loseConnection() - if(lastTS != self.transport.getPeer().host): - lastTS = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) connected to my honeypot's fake Terminal Services server... #netmenaces", lastTS)) + def dataReceived(self, data): + global lastTS + global gi + tpkt_data = data[:4] + x224_data = data[4:] + v, junk, total_len = struct.unpack('!BBH', tpkt_data) + logprint("TPKT (v.%d and length %d) on port %d from: %s (%d/TCP):" % (v, total_len, self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) + if(len(data) == total_len): + l, c = struct.unpack('BB',x224_data[:2]) + if c == 0xe0: + x224 = struct.unpack('!HHBH', x224_data[2:9]) + logprint2("\tX224 Connection Request. Responding...") + self.transport.write(struct.pack('!BBHBBHHB', v, 0, 11, 6, 0xd0, x224[1], 0x1234, x224[2])) + logprint2("\tLogin: %s" % x224_data[6:]) + if(lastTS != self.transport.getPeer().host): + lastTS = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) tried to log into my honeypot's fake Terminal Services server... #netmenaces", lastTS)) + else: + logprint2("\tX224 Unrecognized code:") + logprint2(binascii.hexlify(data)) + self.transport.loseConnection() + if(lastTS != self.transport.getPeer().host): + lastTS = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) connected to my honeypot's fake Terminal Services server... #netmenaces", lastTS)) + else: + logprint2("Data inconsistent... dropping connection.") + logprint2(binascii.hexlify(data)) + self.transport.loseConnection() + if(lastTS != self.transport.getPeer().host): + lastTS = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) connected to my honeypot's fake Terminal Services server... #netmenaces", lastTS)) class tFakeRAdmind(Protocol): - def dataReceived(self, data): - global gi - global lastRAdmind - global RAdmindInit - global RAdmindIHasPW - if(data == RAdmindInit): - logprint("RAdmind initiate connection on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) - self.transport.write(binascii.unhexlify('01000000250800011008010008080000000000000000000000000000000000000000000000000000000000000000')) - if(lastRAdmind != self.transport.getPeer().host): - lastRAdmind = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) wants to use my honeypot's fake RAdmind... #netmenaces", lastRAdmind)) - self.transport.loseConnection() - else: - if(data == RAdmindIHasPW): - logprint("RAdmind password ready on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) - self.transport.write(binascii.unhexlify('01000000217BA977521B3BF0F3E2DCC7917B5A41C4FC0A92FF2251B16D3689417060F4170AB02A134A76')) - else: - logprint("RAdmind data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - self.transport.write(binascii.unhexlify('01000000010000000B0B0D0A0D0A')) - self.transport.loseConnection() + def dataReceived(self, data): + global gi + global lastRAdmind + global RAdmindInit + global RAdmindIHasPW + if(data == RAdmindInit): + logprint("RAdmind initiate connection on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) + self.transport.write(binascii.unhexlify('01000000250800011008010008080000000000000000000000000000000000000000000000000000000000000000')) + if(lastRAdmind != self.transport.getPeer().host): + lastRAdmind = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) wants to use my honeypot's fake RAdmind... #netmenaces", lastRAdmind)) + self.transport.loseConnection() + else: + if(data == RAdmindIHasPW): + logprint("RAdmind password ready on port %d from: %s (%d/TCP):" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port)) + self.transport.write(binascii.unhexlify('01000000217BA977521B3BF0F3E2DCC7917B5A41C4FC0A92FF2251B16D3689417060F4170AB02A134A76')) + else: + logprint("RAdmind data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + self.transport.write(binascii.unhexlify('01000000010000000B0B0D0A0D0A')) + self.transport.loseConnection() class tFakeVNC(Protocol): - def connectionMade(self): - global vnc_protocol_version - logprint("Inbound VNC connection from: %s (%d/TCP) - responding..." % (self.transport.getPeer().host, self.transport.getPeer().port)) - # send "RFB 003.008" - self.transport.write(vnc_protocol_version) - self.state = 1 - def dataReceived(self, data): - global lastVNC - global gir - if self.state == 1: - if data == vnc_protocol_version: - self.transport.write(binascii.unhexlify('0102')) - logprint("Sending security types: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) - self.state = 2 - else: - logprint("Unrecognized TCP data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - elif self.state == 2: - if data == binascii.unhexlify('01'): - self.transport.write(binascii.unhexlify('00000000')) - self.state = 3 - logprint("Sending authentication results: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) - if(lastVNC != self.transport.getPeer().host): - lastVNC = self.transport.getPeer().host - thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) attempted to bypass authentication for RealVNC... #netmenaces", lastVNC)) - else: - logprint("Unrecognized TCP data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - elif self.state == 3: - self.transport.write(binascii.unhexlify('043a02ff2018000100ff00ff00ff1008000000000000000d4745525449452d445747445747')) - self.state = 4 - logprint("Sending framebuffer parameters: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) - else: - logprint("State (%d) - TCPData on port %d from: %s (%d/TCP):\n%s" % (self.state, self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) - self.transport.loseConnection() - def connectionLost(self, reason): - self.state = 0 + def connectionMade(self): + global vnc_protocol_version + logprint("Inbound VNC connection from: %s (%d/TCP) - responding..." % (self.transport.getPeer().host, self.transport.getPeer().port)) + # send "RFB 003.008" + self.transport.write(vnc_protocol_version) + self.state = 1 + def dataReceived(self, data): + global lastVNC + global gir + if self.state == 1: + if data == vnc_protocol_version: + self.transport.write(binascii.unhexlify('0102')) + logprint("Sending security types: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) + self.state = 2 + else: + logprint("Unrecognized TCP data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + elif self.state == 2: + if data == binascii.unhexlify('01'): + self.transport.write(binascii.unhexlify('00000000')) + self.state = 3 + logprint("Sending authentication results: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) + if(lastVNC != self.transport.getPeer().host): + lastVNC = self.transport.getPeer().host + thread.start_new_thread(twitter_it, ("A host at %s (%s, %s - %s) attempted to bypass authentication for RealVNC... #netmenaces", lastVNC)) + else: + logprint("Unrecognized TCP data on port %d from: %s (%d/TCP):\n%s" % (self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + elif self.state == 3: + self.transport.write(binascii.unhexlify('043a02ff2018000100ff00ff00ff1008000000000000000d4745525449452d445747445747')) + self.state = 4 + logprint("Sending framebuffer parameters: %s (%d/TCP)..." % (self.transport.getPeer().host, self.transport.getPeer().port)) + else: + logprint("State (%d) - TCPData on port %d from: %s (%d/TCP):\n%s" % (self.state, self.transport.getHost().port, self.transport.getPeer().host, self.transport.getPeer().port, binascii.hexlify(data))) + self.transport.loseConnection() + def connectionLost(self, reason): + self.state = 0 class uFakeMSSQL(DatagramProtocol): - global SQLPing - global SQLSlammer - def datagramReceived(self, data, (host, port)): - global lastSQLSlammer - global gi - if data == SQLPing: - logprint('SQL Ping received from %s (%d/UDP). Responding...' % (host, port)) - self.transport.write('ServerName;REDEMPTION;InstanceName;MSSQLSERVER;IsClustered;No;Version;8.00.194;tcp;1433;np;\\REDEMPTION\pipe\sql\query;;',(host,port)) - elif ((len(data) == len(SQLSlammer)) & (data == SQLSlammer)): - logprint('The host at %s (%d/UDP) has requested that we join his SQLSlammer Party...' % (host, port)) - if(lastSQLSlammer != host): - lastSQLSlammer = host - thread.start_new_thread(twitter_it, ('A host at %s (%s, %s - %s) requested that my honeypot join their SQLSlammer party... #netmenaces', lastSQLSlammer)) - else: - logprint('UDPData from: %s (%d/UDP):\n%s' % (host, port, binascii.hexlify(data))) + global SQLPing + global SQLSlammer + def datagramReceived(self, data, (host, port)): + global lastSQLSlammer + global gi + if data == SQLPing: + logprint('SQL Ping received from %s (%d/UDP). Responding...' % (host, port)) + self.transport.write('ServerName;REDEMPTION;InstanceName;MSSQLSERVER;IsClustered;No;Version;8.00.194;tcp;1433;np;\\REDEMPTION\pipe\sql\query;;',(host,port)) + elif ((len(data) == len(SQLSlammer)) & (data == SQLSlammer)): + logprint('The host at %s (%d/UDP) has requested that we join his SQLSlammer Party...' % (host, port)) + if(lastSQLSlammer != host): + lastSQLSlammer = host + thread.start_new_thread(twitter_it, ('A host at %s (%s, %s - %s) requested that my honeypot join their SQLSlammer party... #netmenaces', lastSQLSlammer)) + else: + logprint('UDPData from: %s (%d/UDP):\n%s' % (host, port, binascii.hexlify(data))) class uFakeSIP(DatagramProtocol): - def datagramReceived(self, data, (host, port)): - global lastSIPPER - global gi - logprint('The host at %s (%d/UDP) is trying to initiate a SIP connection...' % (host, port)) - if(lastSIPPER != host): - lastSIPPER = host - thread.start_new_thread(twitter_it, ('A host at %s (%s, %s - %s) wants to talk SIP to my honeypot... #netmenaces', lastSIPPER)) - logprint('SIP Data from: %s (%d/UDP):\n%s' % (host, port, data)) + def datagramReceived(self, data, (host, port)): + global lastSIPPER + global gi + logprint('The host at %s (%d/UDP) is trying to initiate a SIP connection...' % (host, port)) + if(lastSIPPER != host): + lastSIPPER = host + thread.start_new_thread(twitter_it, ('A host at %s (%s, %s - %s) wants to talk SIP to my honeypot... #netmenaces', lastSIPPER)) + logprint('SIP Data from: %s (%d/UDP):\n%s' % (host, port, data)) random.seed() fDump = Factory() @@ -330,7 +333,7 @@ def datagramReceived(self, data, (host, port)): logprint('Starting up...') # Uncomment the following and install GeoLiteCity data from MaxMind (http://www.maxmind.com) if you want to use the tweeting functionality. -#gi = GeoIP.open('/usr/share/GeoIP/GeoLiteCity.dat',GeoIP.GEOIP_STANDARD) +gi = GeoIP.open('/usr/share/GeoIP/GeoLiteCity.dat',GeoIP.GEOIP_STANDARD) reactor.listenTCP(1433, fMSSQL, interface = interface) reactor.listenTCP(3389, fTS, interface = interface) reactor.listenTCP(5900, fVNC, interface = interface)