Skip to content

Instantly share code, notes, and snippets.

@peralta
Created February 12, 2024 22:02
Show Gist options
  • Save peralta/508dc72275aa4130e1ad71ae3688c11c to your computer and use it in GitHub Desktop.
Save peralta/508dc72275aa4130e1ad71ae3688c11c to your computer and use it in GitHub Desktop.
sshd simple honeypot
package main
import (
"fmt"
"io"
"io/ioutil"
"log"
"net"
"flag"
"github.com/gliderlabs/ssh"
"golang.org/x/crypto/ssh/terminal"
"github.com/kalikaneko/gop0f"
)
func main() {
portPtr := flag.Int("port", 2222, "TCP port to listen on ")
sshkeyFilePtr := flag.String("keyfile", "ssh.key", "SSH private key file")
p0fSocketPtr := flag.String("p0f_socket", "/var/run/p0f/p0f.socket", "p0f socket location")
sshVersionPtr := flag.String("ssh_version", "OpenSSH_6.9", "SSH version banner")
flag.Parse()
key, err := ioutil.ReadFile(*sshkeyFilePtr)
if err != nil {
panic(err)
}
log.Println("connecting to p0f socket...")
p0fclient, err := gop0f.New(*p0fSocketPtr)
if err != nil {
panic(err)
}
ssh.Handle(func(sess ssh.Session) {
log.Println(sess.RemoteAddr().String(), " REMOTE CMD: ", sess.Command())
log.Println(sess.RemoteAddr().String(), " ENV: ", sess.Environ())
io.WriteString(sess, fmt.Sprintf("Login successful!\n"))
_, _, isTty := sess.Pty()
if isTty {
captureInteractiveCmd(sess)
}
io.WriteString(sess, fmt.Sprintf("Segmentation fault! (core dumped)\n"))
sess.Exit(0)
})
keyOpt := ssh.HostKeyPEM(key)
passOpt := ssh.PasswordAuth(func(ctx ssh.Context, pass string) bool {
resp, err := getP0fFromAddr(p0fclient, ctx.RemoteAddr())
if err != nil {
panic(err)
}
log.Println(ctx.RemoteAddr().String(), resp.OsName, ctx.ClientVersion(), ctx.User(), pass)
return true
})
versionOpt := SetVersion(*sshVersionPtr)
publicKeyOpt := ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
log.Println(ctx.RemoteAddr().String(), ctx.ClientVersion(), ctx.User(), "[public key attempted]")
return true
})
port := fmt.Sprint(":", *portPtr)
log.Println("starting ssh server on port", *portPtr)
log.Fatal(ssh.ListenAndServe(port, nil, keyOpt, passOpt, publicKeyOpt, versionOpt))
}
func SetVersion(version string) ssh.Option {
return func(srv *ssh.Server) error {
srv.Version = version
return nil
}
}
func getP0fFromAddr(p0fclient *gop0f.GoP0f, addr net.Addr) (gop0f.IPInfo, error) {
host, _, _ := net.SplitHostPort(addr.String())
return p0fclient.Query(net.ParseIP(host))
}
func captureInteractiveCmd(sess ssh.Session) {
term := terminal.NewTerminal(sess, fmt.Sprintf("%s> ", sess.User()))
line, _ := term.ReadLine()
log.Println(sess.RemoteAddr().String(), " CMD: ", line)
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment