peralta/fakesshd.go

## fakesshd.go
package main

import (
	"fmt"
	"io"
	"io/ioutil"
	"log"
	"net"
	"flag"
	"github.com/gliderlabs/ssh"
	"golang.org/x/crypto/ssh/terminal"
	"github.com/kalikaneko/gop0f"
)

func main() {

	portPtr := flag.Int("port", 2222, "TCP port to listen on ")
	sshkeyFilePtr := flag.String("keyfile", "ssh.key", "SSH private key file")
	p0fSocketPtr := flag.String("p0f_socket", "/var/run/p0f/p0f.socket", "p0f socket location")
	sshVersionPtr := flag.String("ssh_version", "OpenSSH_6.9", "SSH version banner")
	flag.Parse()

	key, err := ioutil.ReadFile(*sshkeyFilePtr)
	if err != nil {
		panic(err)
	}

	log.Println("connecting to p0f socket...")
	p0fclient, err := gop0f.New(*p0fSocketPtr)
	if err != nil {
		panic(err)
	}

	ssh.Handle(func(sess ssh.Session) {
		log.Println(sess.RemoteAddr().String(), " REMOTE CMD: ", sess.Command())
		log.Println(sess.RemoteAddr().String(), " ENV: ", sess.Environ())
		io.WriteString(sess, fmt.Sprintf("Login successful!\n"))
		_, _, isTty := sess.Pty()
		if isTty {
			captureInteractiveCmd(sess)
		}
		io.WriteString(sess, fmt.Sprintf("Segmentation fault! (core dumped)\n"))
		sess.Exit(0)
	})

	keyOpt := ssh.HostKeyPEM(key)
	passOpt := ssh.PasswordAuth(func(ctx ssh.Context, pass string) bool {
		resp, err := getP0fFromAddr(p0fclient, ctx.RemoteAddr())
		if err != nil {
			panic(err)
		}
        	log.Println(ctx.RemoteAddr().String(), resp.OsName, ctx.ClientVersion(), ctx.User(), pass)
		return true
	})

	versionOpt := SetVersion(*sshVersionPtr)

	publicKeyOpt := ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
        	log.Println(ctx.RemoteAddr().String(), ctx.ClientVersion(), ctx.User(), "[public key attempted]")
		return true
	})

	port := fmt.Sprint(":", *portPtr)
	log.Println("starting ssh server on port", *portPtr)

	log.Fatal(ssh.ListenAndServe(port, nil, keyOpt, passOpt, publicKeyOpt, versionOpt))
}

func SetVersion(version string) ssh.Option {
	return func(srv *ssh.Server) error {
		srv.Version = version
		return nil
	}
}

func getP0fFromAddr(p0fclient *gop0f.GoP0f, addr net.Addr) (gop0f.IPInfo, error) {
	host, _, _ := net.SplitHostPort(addr.String())
	return p0fclient.Query(net.ParseIP(host))
}

func captureInteractiveCmd(sess ssh.Session) {
	term := terminal.NewTerminal(sess, fmt.Sprintf("%s> ", sess.User()))
	line, _ := term.ReadLine()
	log.Println(sess.RemoteAddr().String(), " CMD: ", line)
}
	package main

	import (
	"fmt"
	"io"
	"io/ioutil"
	"log"
	"net"
	"flag"
	"github.com/gliderlabs/ssh"
	"golang.org/x/crypto/ssh/terminal"
	"github.com/kalikaneko/gop0f"
	)

	func main() {

	portPtr := flag.Int("port", 2222, "TCP port to listen on ")
	sshkeyFilePtr := flag.String("keyfile", "ssh.key", "SSH private key file")
	p0fSocketPtr := flag.String("p0f_socket", "/var/run/p0f/p0f.socket", "p0f socket location")
	sshVersionPtr := flag.String("ssh_version", "OpenSSH_6.9", "SSH version banner")
	flag.Parse()

	key, err := ioutil.ReadFile(*sshkeyFilePtr)
	if err != nil {
	panic(err)
	}

	log.Println("connecting to p0f socket...")
	p0fclient, err := gop0f.New(*p0fSocketPtr)
	if err != nil {
	panic(err)
	}

	ssh.Handle(func(sess ssh.Session) {
	log.Println(sess.RemoteAddr().String(), " REMOTE CMD: ", sess.Command())
	log.Println(sess.RemoteAddr().String(), " ENV: ", sess.Environ())
	io.WriteString(sess, fmt.Sprintf("Login successful!\n"))
	_, _, isTty := sess.Pty()
	if isTty {
	captureInteractiveCmd(sess)
	}
	io.WriteString(sess, fmt.Sprintf("Segmentation fault! (core dumped)\n"))
	sess.Exit(0)
	})

	keyOpt := ssh.HostKeyPEM(key)
	passOpt := ssh.PasswordAuth(func(ctx ssh.Context, pass string) bool {
	resp, err := getP0fFromAddr(p0fclient, ctx.RemoteAddr())
	if err != nil {
	panic(err)
	}
	log.Println(ctx.RemoteAddr().String(), resp.OsName, ctx.ClientVersion(), ctx.User(), pass)
	return true
	})

	versionOpt := SetVersion(*sshVersionPtr)

	publicKeyOpt := ssh.PublicKeyAuth(func(ctx ssh.Context, key ssh.PublicKey) bool {
	log.Println(ctx.RemoteAddr().String(), ctx.ClientVersion(), ctx.User(), "[public key attempted]")
	return true
	})

	port := fmt.Sprint(":", *portPtr)
	log.Println("starting ssh server on port", *portPtr)

	log.Fatal(ssh.ListenAndServe(port, nil, keyOpt, passOpt, publicKeyOpt, versionOpt))
	}

	func SetVersion(version string) ssh.Option {
	return func(srv *ssh.Server) error {
	srv.Version = version
	return nil
	}
	}

	func getP0fFromAddr(p0fclient *gop0f.GoP0f, addr net.Addr) (gop0f.IPInfo, error) {
	host, _, _ := net.SplitHostPort(addr.String())
	return p0fclient.Query(net.ParseIP(host))
	}

	func captureInteractiveCmd(sess ssh.Session) {
	term := terminal.NewTerminal(sess, fmt.Sprintf("%s> ", sess.User()))
	line, _ := term.ReadLine()
	log.Println(sess.RemoteAddr().String(), " CMD: ", line)
	}