desaster / kippo

Kippo - SSH Honeypot
1.62k stars 277 forks source link

Hydra <--> Kippo SSH Protocol #174

Open mercolino opened 9 years ago

mercolino commented 9 years ago

Hi, I configured kippo in an Ubuntu 14.04 LTS server, when trying to use hydra on that server I always have the following error: [INFO] Testing if password authentication is supported by ssh://192.168.XX.XX:22 [ERROR] could not connect to ssh://192.168.XX.XX:22

But from the terminal i can connect:

ssh root@192.168.10.21 Password: root@db01:~# ls -la drwxr-xr-x 1 root root 4096 2015-01-25 09:56 . drwxr-xr-x 1 root root 4096 2015-01-25 09:56 .. -rw-r--r-- 1 root root 140 2013-04-05 13:52 .profile drwx------ 1 root root 4096 2013-04-05 14:05 .ssh drwx------ 1 root root 4096 2013-04-05 13:58 .aptitude -rw-r--r-- 1 root root 570 2013-04-05 13:52 .bashrc root@db01:~#

It could be a problem that one of the best tools for brute-force attacks could not connect to the honeypot.

Regards...

mercolino commented 9 years ago

i found the problem, Hydra, uses libssh and kippo does not send the Key Init Exchange, by a strange reason,

The workaround is: You should modify kippo/core/ssh.py and add the following after the line 149:

Workaround libssh not working with Twisted Hydra not working

    isLibssh = False
    if data.find('libssh', data.find('SSH-')) != -1:
            isLibssh = True

and also modify the line 152 (before inserting the code above) with: if (twisted.version.major < 11 or isLibssh) and \

Regards

rogeriobastos commented 9 years ago

Hi, I'm getting the following error with your suggested modification:

2015-03-16 15:38:17-0300 [HoneyPotTransport,6,1.2.3.4] Unhandled Error
        Traceback (most recent call last):
          File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 84, in callWithLogger
            return callWithContext({"system": lp}, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 69, in callWithContext
            return context.call({ILogContext: newCtx}, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
            return self.currentContext().callWithContext(ctx, func, *args, **kw)
          File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
            return func(*args,**kw)
        --- <exception caught here> ---
          File "/usr/lib/python2.7/dist-packages/twisted/internet/posixbase.py", line 586, in _doReadOrWrite
            why = selectable.doRead()
          File "/usr/lib/python2.7/dist-packages/twisted/internet/tcp.py", line 199, in doRead
            rval = self.protocol.dataReceived(data)
          File "/opt/kippo/kippo/core/ssh.py", line 157, in dataReceived
            self.sendKexInit()
          File "/opt/kippo/kippo/core/ssh.py", line 147, in sendKexInit
            sshserver.KippoSSHServerTransport.sendKexInit(self)
          File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/transport.py", line 263, in sendKexInit
            self._keyExchangeState,))
        exceptions.RuntimeError: Cannot send KEXINIT while key exchange state is '_KEY_EXCHANGE_REQUESTED'
mercolino commented 9 years ago

The patch was for the MHN version of Kippo, I do not know how different they are. The function was patched like this:

def dataReceived(self, data):
        # Workaround libssh not working with Twisted Hydra not working (by mercolino)
        isLibssh = data.find('libssh', data.find('SSH-')) != -1

        transport.SSHServerTransport.dataReceived(self, data)
        # later versions seem to call sendKexInit again on their own
        if (twisted.version.major < 11 or isLibssh) and \
                not self.hadVersion and self.gotVersion:
            self.sendKexInit()
            self.hadVersion = True
rogeriobastos commented 9 years ago

I make a test with hydra 8.0 and it works fine without the patch.