Skip to content

Instantly share code, notes, and snippets.

@olliencc
Created January 11, 2022 10:00
Show Gist options
  • Save olliencc/787ff06fccff4bd1f24976f3b82db7a4 to your computer and use it in GitHub Desktop.
Save olliencc/787ff06fccff4bd1f24976f3b82db7a4 to your computer and use it in GitHub Desktop.
OpenCanarySSHExtending
---
- name: Install Docker
hosts: hollowcanary
vars:
DOCKER_PACKAGES:
- apt-transport-https
- ca-certificates
- curl
- gnupg-agent
- software-properties-common
- python-pip
- python-docker
USER: "ubuntu"
tasks:
- name: Update apt packages
become: true
become_method: sudo
apt:
update_cache: "yes"
force_apt_get: "yes"
- name: Install packages needed for Docker
become: true
become_method: sudo
apt:
name: "{{ DOCKER_PACKAGES }}"
state: present
force_apt_get: "yes"
- name: Add Docker GPG apt Key
become: true
become_method: sudo
apt_key:
url: https://download.docker.com/linux/ubuntu/gpg
state: present
- name: Save the current Ubuntu release version into a variable
shell: lsb_release -cs
register: ubuntu_version
- name: Add Docker Repository
become: true
become_method: sudo
apt_repository:
repo: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ubuntu_version.stdout }} stable"
state: present
- name: Update apt packages
become: true
become_method: sudo
apt:
update_cache: "yes"
force_apt_get: "yes"
- name: Install Docker
become: true
become_method: sudo
apt:
name: "docker-ce"
state: present
force_apt_get: "yes"
- name: Create directory to store Dockerfiles
file:
path: /home/ubuntu/Dockerfiles
state: directory
- name: Copy Dockerfile
copy:
src: Dockerfile
dest: /home/ubuntu/Dockerfiles
- name: Build image and with build args
become: true
become_method: sudo
docker_image:
name: hollowcanary_ssh
build:
path: /home/ubuntu/Dockerfiles
- name: Start LiamTest container
become: true
become_method: sudo
docker_container:
name: LiamTest
image: hollowcanary_ssh
state: started
hostname: LAP4321
published_ports: "3000:22"
- name: Forward 8000 to 3000
become: true
become_method: sudo
iptables:
table: nat
chain: PREROUTING
in_interface: eth0
protocol: tcp
match: tcp
source: "XXX.XXX.XXX.XXX"
destination_port: 8000
jump: REDIRECT
to_ports: 3000
comment: Redirect ssh traffic to port 3000
- name: Start NCCGroup container
become: true
become_method: sudo
docker_container:
name: NCCGroup
image: hollowcanary_ssh
state: started
hostname: srv1234
published_ports: "4000:22"
- name: Forward 8000 to 4000
become: true
become_method: sudo
iptables:
table: nat
chain: PREROUTING
in_interface: eth0
protocol: tcp
match: tcp
source: "YYYY.YYYY.YYYY.YYYY"
destination_port: 8000
jump: REDIRECT
to_ports: 4000
comment: Redirect web traffic to port 4000
FROM ubuntu:16.04
RUN apt-get update && apt-get install -y openssh-server
RUN mkdir /var/run/sshd
RUN echo 'root:toor' | chpasswd
RUN sed -i 's/PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
# SSH login fix. Otherwise user is kicked off after login
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
ENV NOTVISIBLE "in users profile"
RUN echo "export VISIBLE=now" >> /etc/profile
EXPOSE 22
CMD ["/usr/sbin/sshd", "-D"]
def connectionLost(self, reason):
for i in self.interactors:
i.sessionClosed()
if self.transport.sessionno in self.factory.sessions:
del self.factory.sessions[self.transport.sessionno]
#self.lastlogExit()
if self.ttylog_open:
ttylog.ttylog_close(self.ttylog_file, time.time())
self.ttylog_open = False
transport.SSHServerTransport.connectionLost(self, reason)
def sendDisconnect(self, reason, desc):
"""
Workaround for the "bad packet length" error message.
@param reason: the reason for the disconnect. Should be one of the
DISCONNECT_* values.
@type reason: C{int}
@param desc: a descrption of the reason for the disconnection.
@type desc: C{str}
"""
if not 'bad packet length' in desc.decode():
# With python >= 3 we can use super?
transport.SSHServerTransport.sendDisconnect(self, reason, desc)
else:
self.transport.write('Protocol mismatch.\n')
log.msg('Disconnecting with error, code %s\nreason: %s' % \
(reason, desc))
self.transport.loseConnection()
@implementer(checkers.ICredentialsChecker)
class HoneypotPasswordChecker:
credentialInterfaces = (credentials.IUsernamePassword,)
def __init__(self, logger=None):
self.logger = logger
self.auth_attempt = 0
def requestAvatarId(self, credentials):
return defer.fail(error.UnauthorizedLogin())
@implementer(checkers.ICredentialsChecker)
class CanaryPublicKeyChecker:
credentialInterfaces = (credentials.ISSHPrivateKey,)
def __init__(self, logger=None):
self.logger = logger
self.auth_attempt = 0
def requestAvatarId(self, credentials):
return defer.fail(error.UnauthorizedLogin())
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment