From f9a6259ea78ca7d1a155f0323200e37a87fd7149 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Sat, 26 Aug 2017 15:25:06 +0200 Subject: [PATCH 1/6] add timestamp, mod credentials to oneliner --- bin/rdpy-rdphoneypot.py | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/bin/rdpy-rdphoneypot.py b/bin/rdpy-rdphoneypot.py index 3ceb42a7..4a01f91b 100755 --- a/bin/rdpy-rdphoneypot.py +++ b/bin/rdpy-rdphoneypot.py @@ -22,7 +22,7 @@ RDP Honey pot use Rss scenario file to simulate RDP server """ -import sys, os, getopt, time +import sys, os, getopt, time, datetime from rdpy.core import log, error, rss from rdpy.protocol.rdp import rdp @@ -59,12 +59,7 @@ def onReady(self): domain, username, password = self._controller.getCredentials() hostname = self._controller.getHostname() - log.info("""Credentials: - \tdomain : %s - \tusername : %s - \tpassword : %s - \thostname : %s - """%(domain, username, password, hostname)); + log.info("Credentials: timestamp: %s, domain: %s, username: %s, password: %s, hostname: %s"%(datetime.datetime.now().isoformat(), domain, username, password, hostname)); self.start() def onClose(self): @@ -125,7 +120,7 @@ def buildObserver(self, controller, addr): @param addr: destination address @see: rdp.ServerFactory.buildObserver """ - log.info("Connection from %s:%s"%(addr.host, addr.port)) + log.info("Connection from %s:%s, timestamp: %s"%(addr.host, addr.port, datetime.datetime.now().isoformat())) return HoneyPotServer(controller, self._rssFileSizeList) def readSize(filePath): @@ -181,4 +176,4 @@ def help(): log.info("(%s, %s) -> %s"%(size[0], size[1], arg)) reactor.listenTCP(int(listen), HoneyPotServerFactory(rssFileSizeList, privateKeyFilePath, certificateFilePath)) - reactor.run() \ No newline at end of file + reactor.run() From 45c3b6f8ecdf9ccc8cbec64221a16002023862c0 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Sat, 26 Aug 2017 22:48:38 +0200 Subject: [PATCH 2/6] log tweaking --- bin/rdpy-rdphoneypot.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/rdpy-rdphoneypot.py b/bin/rdpy-rdphoneypot.py index 4a01f91b..e4265d6a 100755 --- a/bin/rdpy-rdphoneypot.py +++ b/bin/rdpy-rdphoneypot.py @@ -59,7 +59,7 @@ def onReady(self): domain, username, password = self._controller.getCredentials() hostname = self._controller.getHostname() - log.info("Credentials: timestamp: %s, domain: %s, username: %s, password: %s, hostname: %s"%(datetime.datetime.now().isoformat(), domain, username, password, hostname)); + log.info("Credentials: timestamp[%s],domain[%s ],username[%s ],password[%s ],hostname[%s ]"%(datetime.datetime.now().isoformat(), domain, username, password, hostname)); self.start() def onClose(self): @@ -120,7 +120,7 @@ def buildObserver(self, controller, addr): @param addr: destination address @see: rdp.ServerFactory.buildObserver """ - log.info("Connection from %s:%s, timestamp: %s"%(addr.host, addr.port, datetime.datetime.now().isoformat())) + log.info("Connection from [%s:%s],timestamp[%s]"%(addr.host, addr.port, datetime.datetime.now().isoformat())) return HoneyPotServer(controller, self._rssFileSizeList) def readSize(filePath): From 6a416737f1a24e8fc594ab5a5ef2a5c75d9cef59 Mon Sep 17 00:00:00 2001 From: Marco Ochse Date: Sun, 27 Aug 2017 00:41:17 +0200 Subject: [PATCH 3/6] tweaking --- bin/rdpy-rdphoneypot.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/rdpy-rdphoneypot.py b/bin/rdpy-rdphoneypot.py index e4265d6a..801cdcb6 100755 --- a/bin/rdpy-rdphoneypot.py +++ b/bin/rdpy-rdphoneypot.py @@ -59,7 +59,7 @@ def onReady(self): domain, username, password = self._controller.getCredentials() hostname = self._controller.getHostname() - log.info("Credentials: timestamp[%s],domain[%s ],username[%s ],password[%s ],hostname[%s ]"%(datetime.datetime.now().isoformat(), domain, username, password, hostname)); + log.info("\n%s,domain:%s,username:%s,password:%s,hostname:%s"%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), domain, username, password, hostname)); self.start() def onClose(self): @@ -120,7 +120,7 @@ def buildObserver(self, controller, addr): @param addr: destination address @see: rdp.ServerFactory.buildObserver """ - log.info("Connection from [%s:%s],timestamp[%s]"%(addr.host, addr.port, datetime.datetime.now().isoformat())) + log.info("\n%s,Connection from %s:%s"%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), addr.host, addr.port)) return HoneyPotServer(controller, self._rssFileSizeList) def readSize(filePath): From 9d92019b88c540a63259ee098227e0668eba1137 Mon Sep 17 00:00:00 2001 From: vorband Date: Thu, 24 May 2018 14:45:56 +0200 Subject: [PATCH 4/6] added hpfeeds logging support. for hpfeeds, the following env variables must be set HPFEEDS_SERVER HPFEEDS_IDENT HPFEEDS_SECRET HPFEEDS_PORT SERVERID (e.g. name/identifier) --- .gitignore | 14 ++++++ bin/rdpy-rdphoneypot.py | 14 +++++- rdpy/core/hpfeedslog.py | 97 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+), 2 deletions(-) create mode 100644 rdpy/core/hpfeedslog.py diff --git a/.gitignore b/.gitignore index 56750d33..0cdaf18f 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,17 @@ README.md~ dist/* build/* rdpy.egg-info/* + +.idea/modules.xml + +.idea/rdpy.iml + +.idea/vcs.xml + +.idea/workspace.xml + +1 + +2 + +3 diff --git a/bin/rdpy-rdphoneypot.py b/bin/rdpy-rdphoneypot.py index 801cdcb6..b8c9e119 100755 --- a/bin/rdpy-rdphoneypot.py +++ b/bin/rdpy-rdphoneypot.py @@ -24,11 +24,12 @@ import sys, os, getopt, time, datetime -from rdpy.core import log, error, rss +from rdpy.core import log, error, rss, hpfeedslog from rdpy.protocol.rdp import rdp from twisted.internet import reactor log._LOG_LEVEL = log.Level.INFO +hpfeedslog._LOG_LEVEL = hpfeedslog.Level.INFO class HoneyPotServer(rdp.RDPServerObserver): def __init__(self, controller, rssFileSizeList): @@ -55,11 +56,13 @@ def onReady(self): size = width * height rssFilePath = sorted(self._rssFileSizeList, key = lambda x: abs(x[0][0] * x[0][1] - size))[0][1] log.info("select file (%s, %s) -> %s"%(width, height, rssFilePath)) + hpfeedslog.info("select file (%s, %s) -> %s"%(width, height, rssFilePath)) self._rssFile = rss.createReader(rssFilePath) domain, username, password = self._controller.getCredentials() hostname = self._controller.getHostname() log.info("\n%s,domain:%s,username:%s,password:%s,hostname:%s"%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), domain, username, password, hostname)); + hpfeedslog.info("%s, domain:%s, username:%s, password:%s, hostname:%s "%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), domain, username, password, hostname)); self.start() def onClose(self): @@ -121,6 +124,7 @@ def buildObserver(self, controller, addr): @see: rdp.ServerFactory.buildObserver """ log.info("\n%s,Connection from %s:%s"%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), addr.host, addr.port)) + hpfeedslog.info("%s, Connection from %s:%s"%(datetime.datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.%fZ'), addr.host, addr.port)) return HoneyPotServer(controller, self._rssFileSizeList) def readSize(filePath): @@ -145,6 +149,9 @@ def help(): [-l listen_port default 3389] [-k private_key_file_path (mandatory for SSL)] [-c certificate_file_path (mandatory for SSL)] + + Set the following env variables for hpfeeds-logging + HPFEEDS_SERVER, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_PORT, SERVERID """ if __name__ == '__main__': @@ -170,10 +177,13 @@ def help(): #build size map log.info("Build size map") + #hpfeedslog.info("Build size map") + for arg in args: size = readSize(arg) rssFileSizeList.append((size, arg)) log.info("(%s, %s) -> %s"%(size[0], size[1], arg)) - + #hpfeedslog.info("(%s, %s) -> %s"%(size[0], size[1], arg)) + reactor.listenTCP(int(listen), HoneyPotServerFactory(rssFileSizeList, privateKeyFilePath, certificateFilePath)) reactor.run() diff --git a/rdpy/core/hpfeedslog.py b/rdpy/core/hpfeedslog.py new file mode 100644 index 00000000..edaac0c2 --- /dev/null +++ b/rdpy/core/hpfeedslog.py @@ -0,0 +1,97 @@ +# +# Copyright (c) 2014-2015 Sylvain Peyrefitte +# +# This file is part of rdpy. +# +# rdpy is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +import hpfeeds +import os + +""" +hpfeeds log engine in RDPY +Only logs messages +""" + +class Level(object): + """ + @summary: Level log + """ + DEBUG = 0 + INFO = 1 + WARNING = 2 + ERROR = 3 + NONE = 4 + +_LOG_LEVEL = Level.DEBUG +serverid=os.environ.get('SERVERID') + + +if (os.environ.get('HPFEEDS_SERVER') and os.environ.get('HPFEEDS_SECRET') and os.environ.get( + 'HPFEEDS_IDENT') and os.environ.get('HPFEEDS_PORT') and os.environ.get('HPFEEDS_CHANNEL') and os.environ.get('SERVERID')): + try: + hpc = hpfeeds.new(os.environ.get('HPFEEDS_SERVER'), int(os.environ.get('HPFEEDS_PORT')), os.environ.get('HPFEEDS_IDENT'), os.environ.get('HPFEEDS_SECRET')) + except (hpfeeds.FeedException, socket.error, hpfeeds.Disconnect), e: + print "hpfeeds connection not successful" + print 'Exception while connecting: {0}'.format(e) + +def log(message): + """ + @summary: Main log function + @param message: string to print + """ + send_hpfeeds("Log: %s "%message) + +def error(message): + """ + @summary: Log error message + @param message: string to print as error log + """ + if _LOG_LEVEL > Level.ERROR: + return + send_hpfeeds("Error: %s "%message) + + +def warning(message): + """ + @summary: Log warning message + @param message: string to print as warning log + """ + if _LOG_LEVEL > Level.WARNING: + return + send_hpfeeds("Warning: %s "%message) + +def info(message): + """ + @summary: Log info message + @param message: string to print as info log + """ + if _LOG_LEVEL > Level.INFO: + return + send_hpfeeds("Info: %s "%message) + +def debug(message): + """ + @summary: Log debug message + @param message: string to print as debug log + """ + if _LOG_LEVEL > Level.DEBUG: + return + send_hpfeeds("Debug: %s "%message) + +def send_hpfeeds(message): + if hpc: + hpfchannel = os.environ.get('HPFEEDS_CHANNEL') + hpc.publish(hpfchannel, "["+serverid+"] " +message) From d7b3caa61c07c9763795a66fab4436e6389258a0 Mon Sep 17 00:00:00 2001 From: vorband Date: Fri, 25 May 2018 17:59:47 +0200 Subject: [PATCH 5/6] fix --- rdpy/core/hpfeedslog.py | 2 +- setup.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/rdpy/core/hpfeedslog.py b/rdpy/core/hpfeedslog.py index edaac0c2..ebe36a0e 100644 --- a/rdpy/core/hpfeedslog.py +++ b/rdpy/core/hpfeedslog.py @@ -37,7 +37,7 @@ class Level(object): _LOG_LEVEL = Level.DEBUG serverid=os.environ.get('SERVERID') - +hpc=None if (os.environ.get('HPFEEDS_SERVER') and os.environ.get('HPFEEDS_SECRET') and os.environ.get( 'HPFEEDS_IDENT') and os.environ.get('HPFEEDS_PORT') and os.environ.get('HPFEEDS_CHANNEL') and os.environ.get('SERVERID')): diff --git a/setup.py b/setup.py index d3136f24..64c67395 100644 --- a/setup.py +++ b/setup.py @@ -43,5 +43,6 @@ 'qt4reactor', 'rsa', 'pyasn1', + 'hpfeeds' ], ) From 90097296afa6ac499386eed4fe6f547914f51329 Mon Sep 17 00:00:00 2001 From: vorband Date: Thu, 6 Sep 2018 13:24:38 +0200 Subject: [PATCH 6/6] missing channel env variable --- bin/rdpy-rdphoneypot.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/rdpy-rdphoneypot.py b/bin/rdpy-rdphoneypot.py index b8c9e119..9a0cc8ea 100755 --- a/bin/rdpy-rdphoneypot.py +++ b/bin/rdpy-rdphoneypot.py @@ -151,7 +151,7 @@ def help(): [-c certificate_file_path (mandatory for SSL)] Set the following env variables for hpfeeds-logging - HPFEEDS_SERVER, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_PORT, SERVERID + HPFEEDS_SERVER, HPFEEDS_IDENT, HPFEEDS_SECRET, HPFEEDS_PORT, SERVERID, HPFEEDS_CHANNEL """ if __name__ == '__main__':