micheloosterhof
commented
9 years ago Your script does not seem to work for me without modifications. You are missing imports (random, paramiko), what is the 'use' variable for? and my ssh_exec method does not seem to take a list of commands, only a string (using Paramiko 1.7.7.1). Also your try: statement does not end. Could you post a working test script please?
metac0rtex
I am writing a script to demo of kippo. I am using paramiko as a python client with the following code
ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try: conn = ssh.connect(ip, port=prt, username=user, password=pwd) print ' [+] SUCESS!!' session1 = ['w', 'hostname', 'uptime' ] session2 = ['ls', 'pwd'] sessions = [session1, session2] use = random.choice(sessions)
for i in session: print ' [+] Running \'' + str(i) + '\'' (stdin, stdout, stderr) = ssh.exec_command(i) for line in stdout.readlines(): print " [+] Results: \'", line, "\'"
When I connect to it, I get the following logs:
2015-03-24 16:22:33-0600 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 172.16.35.128:59266 (172.16.35.129:2222) [session: 202] 2015-03-24 16:22:33-0600 [kippo.core.ssh.HoneyPotSSHFactory] New connection: 172.16.35.128:59267 (172.16.35.129:2222) [session: 203] 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] Remote SSH version: SSH-2.0-paramiko_1.10.1 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] kex alg, key alg: diffie-hellman-group1-sha1 ssh-rsa 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] outgoing: aes128-ctr hmac-sha1 none 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] incoming: aes128-ctr hmac-sha1 none 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] NEW KEYS 2015-03-24 16:22:33-0600 [HoneyPotTransport,203,172.16.35.128] starting service ssh-userauth 2015-03-24 16:22:33-0600 [SSHService ssh-userauth on HoneyPotTransport,203,172.16.35.128] root trying auth password 2015-03-24 16:22:33-0600 [SSHService ssh-userauth on HoneyPotTransport,203,172.16.35.128] login attempt [root/123456] succeeded 2015-03-24 16:22:33-0600 [SSHService ssh-userauth on HoneyPotTransport,203,172.16.35.128] root authenticated with password 2015-03-24 16:22:33-0600 [SSHService ssh-userauth on HoneyPotTransport,203,172.16.35.128] starting service ssh-connection 2015-03-24 16:22:33-0600 [SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] got channel session request 2015-03-24 16:22:33-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] channel open 2015-03-24 16:22:33-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] executing command "ls" 2015-03-24 16:22:33-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] exec command: "ls" 2015-03-24 16:22:33-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] Opening TTY log: log/tty/20150324-162233-5076.log 2015-03-24 16:22:34-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] /etc/motd resolved into /etc/motd 2015-03-24 16:22:34-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] Running exec command "ls" 2015-03-24 16:22:34-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] CMD: ls 2015-03-24 16:22:34-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] Command found: ls 2015-03-24 16:22:34-0600 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,203,172.16.35.128] sending close 0 2015-03-24 16:22:34-0600 [HoneyPotTransport,203,172.16.35.128] connection lost
I am trying to find out why kippo is disconnecting the session after the first command is sent. The script works perfect on a standard ssh client and is able to run each command.