search

honeynet / riotpot

the IoT and OT (Operational Technology) Honeypot
MIT License
18 stars 4 forks source link

Low-level emulation of FTP server #19

Closed eltsai closed 1 year ago

eltsai commented 1 year ago

FTP server - functionality I am thinking of realizing:

  1. Accept connection with any given username and password
  2. Print Working Directory (PWD)
  3. List Files and Directories (LIST)
  4. Quit (BYE)
eltsai commented 1 year ago

More details on the commands:

  1. FTP server accepts connection of all username+password combination, and has /home/<user>/ path. When doing ftp <IP or domain name>, honeypot will provide following prompts:

    $ ftp localhost
Connected to localhost.
220 (vsFTPd 3.0.3)
<prompt 1>Name (localhost:elisa): user
331 Please specify the password.
<prompt 2>Password:230 
Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

  2. FTP server allow for users to cd, pwd and mkdir. We can store the filepath in a tree structure? The output looks like

    ftp> pwd
257 "/home/user" is the current directory
ftp> cd ..
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 1001     1001         4096 Jul 09 15:30 user
226 Directory send OK.
ftp> mkdir host
257 "/home/user/host" created

  3. FTP server allow for users to put - upload files. We also want the file transfer to really happen, so that we can capture it in tcpdump:

    ftp> put test.json test.json
local: test.json 
remote: test.json
200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
17 bytes sent in 0.00 secs (325.5208 kB/s)

  4. FTP server has quit and exit command.

    ftp> quit
221 Goodbye.

    And exit close the connection directly.

eltsai commented 1 year ago

For the FTP emulation, I realized login and password authentication (accepting all combinations), and create a user name path under /home.

Connected to localhost.
220 Connected to 127.0.0.1
Name (localhost:elisa): user1
331 Username ok, send password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

For directory related functionality, I realized ls, cd and mkdir. The path structure is stored in a tree structure:

ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
.   ..
ftp> mkdir test1
257 "/home/user1/test1" created.
ftp> mkdir test2
257 "/home/user1/test2" created.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
.   ..  test1   test2
ftp> cd ..
250 Directory successfully changed.
ftp> pwd
257 "/home" is the current directory.
ftp> cd ..
250 Directory successfully changed.
ftp> pwd
257 "" is the current directory.
ftp> cd /home/user1/test2
250 Directory successfully changed.
ftp> pwd
257 "/home/user1/test2" is the current directory.

We also wanted to realize the put command.

250 Directory successfully changed.
ftp> put /home/elisa/test.json .
local: /home/elisa/test.json remote: .
501 Can't connect to a foreign address: dial tcp 127.0.0.1:41565: connect: connection refused

The put command comes with a port command, , which the client uses to specify the data port for the active mode of data transfer. The client will provide a random port, and the server will try to connect to it. However right now I am having the "connection refused" error. When tested seperately on local machine this error does not appear. Need help with it.