glaslos
commented
8 months ago Don't you have a payloads folder that keeps filling up your disc and crashes your sensors?
Open t3chn0m4g3 opened 8 months ago
glaslos
commented
8 months ago Don't you have a payloads folder that keeps filling up your disc and crashes your sensors?
t3chn0m4g3
commented
8 months ago @glaslos
It is not even easter yet and you made me find the easter-egg 😅
t3chn0m4g3
commented
8 months ago @glaslos While seeing payload messages in the log, the payloads folder will not be created. Rebuilt glutton from scratch, started r/w container, pre-created the payloads folder, started glutton even with root privileges; without success.
Log example:
{"time":"2024-03-05T17:10:35.619556256Z","level":"INFO","msg":"ftp payload received","sensorID":"923e4231-e6df-45b3-b2f4-5498394db6da","dest_port":"21","src_ip":"2.2.2.2","src_port":"50368","message":"\"\\x16\\x03\\x00\\x00S\\x01\\x00\\x00O\\x03\\x00?G\\xd7\\xf7\\xba,\\xee\\xea\\xb2`~\\xf3\\x00\\xfd\\x82{\\xb9Ֆ\\xc8w\\x9b\\xe6\\xc4\\xdb<=\\xdbo\\xef\\x10n\\x00\\x00(\\x00\\x16\\x00\\x13\\x00\\n\"","handler":"ftp"}Expected this to be logged into the payloads folder.
glaslos
commented
8 months ago Ah, this is FTP. I don't store the payload yet. TCP is specifically if i don't have a handler. In case I ever get around to go through may treasure-trove of TCP payloads 😛
t3chn0m4g3
commented
8 months ago Sure thing. Thanks.
@glaslos Is it planned for glutton to have the option to store payloads as i.e. honeytrap does?