Closed GoogleCodeExporter closed 9 years ago
Another nice find :D
Thanks,
Original comment by tnn...@googlemail.com
on 1 Mar 2014 at 1:20
Here is my dirty implementation for that in server.py:
...
elif messageNum == 98:
num = int(payload[7:8].encode('hex'), 16)
data = payload[8:8+num]
if data == 'pty-req':
self.isPty = True
ttylog.ttylog_open(self.ttylog_file, time.time())
elif data == 'exec':
self.isPty = True
ttylog.ttylog_open(self.ttylog_file, time.time())
data = ">>> " + payload[17:] + "\n"
ttylog.ttylog_write(self.ttylog_file, len(data), ttylog.TYPE_OUTPUT, time.time(), data)
elif messageNum == 94:
...
Original comment by flofriha...@gmail.com
on 1 Mar 2014 at 1:28
Thanks for your fix. I've implemented it and also added better support for
catching unknown SSH sessions :)
Hopefully when someone else connects you can let me know how it goes?
Cheers,
Peg
Original comment by tnn...@googlemail.com
on 1 Mar 2014 at 2:23
I have updated my 24/7 honeypot to the latest version. Will let you know, when
I have the first results ^^
Original comment by flofriha...@gmail.com
on 1 Mar 2014 at 2:32
This looks much better! Only a little hard to distinguish between input and
output, cause the input has multiple lines, but that is only a design problem ^^
Will also open some more tickets, because of unknown ssh-packets later.
Original comment by flofriha...@gmail.com
on 1 Mar 2014 at 4:47
Attachments:
Haha yeah, I've just got round to properly testing it myself and noticed all
the unknown ssh-packets, my bad.
I'll have a think about the input and output issue.
Original comment by tnn...@googlemail.com
on 1 Mar 2014 at 5:02
Fixed the unknown packets and logged the EXEC commands to the text log as well.
Original comment by tnn...@googlemail.com
on 1 Mar 2014 at 5:53
Issue 14 has been merged into this issue.
Original comment by tnn...@googlemail.com
on 3 Mar 2014 at 3:52
Original issue reported on code.google.com by
flofriha...@gmail.com
on 1 Mar 2014 at 1:10