Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
a pGina plugin to log all credentials attempted and pump them to Slack via a webhook
//
// Released as open source by NCC Group
// https://research.nccgroup.com/
// https://www.nccgroup.com
//
// Ollie Whitehouse - @ollieatnccgroup
//
// this plugin is for http://pgina.org/
// this uses a Slack webhook to send to a channel
//
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using pGina.Shared.Types;
using log4net;
using System.Net;
namespace pGina.Plugin.RDPHoneyPlugin
{
public class PluginImpl : pGina.Shared.Interfaces.IPluginAuthentication
{
private ILog m_logger;
private static readonly Guid m_uuid = new Guid("CED8D126-9121-4CD2-86DE-3D84E4A2625D");
public PluginImpl()
{
m_logger = LogManager.GetLogger("pGina.Plugin.RDPHoneyPlugin");
}
public string Name
{
get { return "RDPHoneyPlugin"; }
}
public string Description
{
get { return "Logs all credentials to Slack"; }
}
public Guid Uuid
{
get { return m_uuid; }
}
public string Version
{
get
{
return System.Reflection.Assembly.GetExecutingAssembly().GetName().Version.ToString();
}
}
public void Starting() { }
public void Stopping() { }
public BooleanResult AuthenticateUser(SessionProperties properties)
{
UserInformation userInfo = properties.GetTrackedSingle<UserInformation>();
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
string strSlackURL = "https://hooks.slack.com/services/REDACTED";
string userName = userInfo.Username.Replace("\"", "");
string passWord = userInfo.Password.Replace("\"", "");
var cli = new WebClient();
cli.Headers[HttpRequestHeader.ContentType] = "application/json";
string response = cli.UploadString(strSlackURL, "{\"text\":\" " + userName + " with " + passWord + "\"}");
// Authentication failure
m_logger.ErrorFormat("Authentication failed for {0}", userInfo.Username);
return new BooleanResult() { Success = false, Message = "Incorrect username or password." };
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment