a pGina plugin to log all credentials attempted and pump them to Slack via a webhook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Released as open source by NCC Group | |
| // https://research.nccgroup.com/ | |
| // https://www.nccgroup.com | |
| // | |
| // Ollie Whitehouse - @ollieatnccgroup | |
| // | |
| // this plugin is for http://pgina.org/ | |
| // this uses a Slack webhook to send to a channel | |
| // | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Linq; | |
| using System.Text; | |
| using System.Threading.Tasks; | |
| using pGina.Shared.Types; | |
| using log4net; | |
| using System.Net; | |
| namespace pGina.Plugin.RDPHoneyPlugin | |
| { | |
| public class PluginImpl : pGina.Shared.Interfaces.IPluginAuthentication | |
| { | |
| private ILog m_logger; | |
| private static readonly Guid m_uuid = new Guid("CED8D126-9121-4CD2-86DE-3D84E4A2625D"); | |
| public PluginImpl() | |
| { | |
| m_logger = LogManager.GetLogger("pGina.Plugin.RDPHoneyPlugin"); | |
| } | |
| public string Name | |
| { | |
| get { return "RDPHoneyPlugin"; } | |
| } | |
| public string Description | |
| { | |
| get { return "Logs all credentials to Slack"; } | |
| } | |
| public Guid Uuid | |
| { | |
| get { return m_uuid; } | |
| } | |
| public string Version | |
| { | |
| get | |
| { | |
| return System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString(); | |
| } | |
| } | |
| public void Starting() { } | |
| public void Stopping() { } | |
| public BooleanResult AuthenticateUser(SessionProperties properties) | |
| { | |
| UserInformation userInfo = properties.GetTrackedSingle<UserInformation>(); | |
| ServicePointManager.Expect100Continue = true; | |
| ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; | |
| string strSlackURL = "https://hooks.slack.com/services/REDACTED"; | |
| string userName = userInfo.Username.Replace("\"", ""); | |
| string passWord = userInfo.Password.Replace("\"", ""); | |
| var cli = new WebClient(); | |
| cli.Headers[HttpRequestHeader.ContentType] = "application/json"; | |
| string response = cli.UploadString(strSlackURL, "{\"text\":\" " + userName + " with " + passWord + "\"}"); | |
| // Authentication failure | |
| m_logger.ErrorFormat("Authentication failed for {0}", userInfo.Username); | |
| return new BooleanResult() { Success = false, Message = "Incorrect username or password." }; | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment