Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "User:Inphekt"

From NetSec
Jump to: navigation, search
(Created page with "==Description== Rubicon is a multi-threaded python intrustion detection system (IDS). Rubicon works by emulating common TCP services. ==Features== * Low-Interaction IDS * Multi...")
 
 
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
==Description==
+
All your executables are belong to me
Rubicon is a multi-threaded python intrustion detection system (IDS).  Rubicon works by emulating common TCP services.
+
  
==Features==
+
'''Notable Contributions'''
* Low-Interaction IDS
+
* [[User:Inphekt/rubicon|Rubicon - Python Honeypot]]
* Multi-Threaded
+
* Activity Monitor
+
* Logs and Time Stamps Incidents
+
* Multi-Line Login Banner Emulator
+
 
+
==Usage==
+
~$ sudo python rubicon.py
+
 
+
==Source==
+
{{code|text=<source lang="python">#!/usr/bin/env python
+
 
+
# Rubicon (Beta) - Python IDS
+
# By: inphekt | http://www.blackhatacademy.org/security101/User:Inphekt
+
 
+
#  Copyright (C) 2012 inphekt <inphektious[at]live[dot]com>
+
 
+
#  This program is free software: you can redistribute it and/or modify
+
#  it under the terms of the GNU General Public License as published by
+
#  the Free Software Foundation, either version 3 of the License, or
+
#  (at your option) any later version.  If you decide to use any part
+
#  of this source be sure to credit the original author.
+
 
+
#  This program is distributed in the hope that it will be useful,
+
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+
#  GNU General Public License for more details.
+
 
+
# Social Engineer attackers into connecting to one of your mock services
+
 
+
# *** RUN WITH ROOT PRIVILEGES ***
+
 
+
import os
+
import sys
+
import time
+
import string
+
import socket
+
import threading
+
 
+
# Make Rubicon sexy
+
class colors:
+
  BLUE = '\033[94m'
+
  GREEN = '\033[92m'
+
  YELLOW = '\033[93m'
+
  RED = '\033[91m'
+
  ENDC = '\033[0m'
+
 
+
  def disable(self):
+
    self.BLUE = ''
+
    self.GREEN = ''
+
    self.RED = ''
+
    self.YELLOW = ''
+
    self.ENDC = ''
+
 
+
def title():
+
  print(colors.BLUE + """
+
____  __  __  ____  ____  ___  _____  _  _
+
(  _ \(  )(  )(  _ \(_  _)/ __)(  _  )( \( )
+
)  / )(__)(  ) _ < _)(_( (__  )(_)(  )  (
+
(_)\_)(______)(____/(____)\___)(_____)(_)\_) \n""" + colors.ENDC)
+
  print(colors.GREEN + '      *~ 7h3 p01n7 0f n0 r3turn ~*\n' + colors.ENDC)
+
  print(colors.YELLOW + '      inphektious[at]live[dot]com\n\n' + colors.ENDC)
+
 
+
class rubicon(threading.Thread):
+
  def __init__(self):
+
    self.header = colors.BLUE + "rcon> " + colors.ENDC
+
    self.warning = colors.RED + "[+] " + colors.ENDC
+
    threading.Thread.__init__(self)
+
 
+
  def run(self):
+
   
+
    # list elligable commands
+
    def usage():
+
      print """view logs => Shows logged activity
+
delete logs => Deletes logged activity
+
set service => Creates a rubicon service
+
help => Shows usage
+
exit => Shutdown"""
+
   
+
    # Read logs from log.txt
+
    def viewLogs():
+
      try:
+
log = open("log.txt")
+
while 1:
+
  lines = log.readlines(100000)
+
  if not lines:
+
    break
+
  for line in lines:
+
    print line
+
print("\n--- end of log ---")
+
self.run()
+
      except IOError:
+
print("%sNo logged activity at this time..." % (self.warning))
+
self.run()
+
+
    # delete log.txt to clear logged activity
+
    def deleteLogs():
+
      try:
+
os.remove("log.txt")
+
print("%sLogs cleared..." % (self.warning))
+
      except OSError:
+
print("%sLogs are clear..." % (self.warning))
+
   
+
    # set up Rubicon service
+
    def setService():
+
      self.hst = raw_input("Enter the IP address you wish your service to listen on: ")
+
      self.prt = raw_input("Enter the port you wish your service to listen on: ")
+
      print("Create a deceptive prompt/header for your mock service ([Enter] for new line and input 'done' when complete):")
+
+
      # Make multi-lined banner to display for attacker
+
      banner = ''
+
      while 1:
+
bannerInput = raw_input(colors.BLUE + "~ " + colors.ENDC)
+
if bannerInput == "done":
+
  break;
+
else:
+
  banner += bannerInput + "\n"
+
+
      # Create socket and start mock service
+
      while 1:
+
try:
+
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
  s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+
  HOST = self.hst
+
  PORT = int(self.prt)
+
  s.bind((HOST, PORT))
+
  s.listen(1)
+
  print (self.warning + time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ": Setting up service on port %s..." % (PORT))
+
  rubicon().start()
+
     
+
  # Accept connection and parse data
+
  (insock, address) = s.accept()
+
  # Convert incoming address to a string
+
  straddress = str(address) 
+
  # Split the tuple into lists
+
  testlist = string.split(straddress, ",")
+
  # Split the host portion of the list
+
  gethost = string.split(testlist[0], "'")
+
  # Split the port portion of the list
+
  getaddr = string.split(testlist[1], ")")
+
  # Remove just the address from the list
+
  host = gethost[1]   
+
  # Remove just the port from the list
+
  inport = int(getaddr[0])
+
   
+
  # interactive alert
+
  print(time.strftime("%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
+
     
+
  # Open log.txt to log information on attacker
+
  log = open("log.txt","a+")
+
  log.write(time.strftime("\n%a, %d %b %Y %H:%M:%S %Z") + ":. Connection attempt on port %s from %s:%s" % (PORT, host, inport))
+
  insock.send(banner)
+
  data = insock.recv(1024)
+
  log.write('\nInput: %s\n-----------------' % data)
+
     
+
  # Close socket
+
  insock.close()
+
  s.close()
+
+
# handle socket error
+
except socket.error, msg:
+
  print ("%sError: %s" % (self.warning, msg))
+
  setService()
+
     
+
    # core code
+
    while 1:
+
      try:
+
global option
+
option = raw_input("%s " % (self.header))
+
if option == 'help':
+
  usage()
+
elif option == 'view logs':
+
  viewLogs()
+
elif option == 'delete logs':
+
  deleteLogs()
+
elif option == 'set service':
+
  setService()
+
elif option == 'exit':
+
  os._exit(1)
+
else:
+
  print("%sInvalid Input..." % (self.warning))
+
      except EOFError:
+
print("\n%sType 'exit' to quit..." % (self.warning))
+
 
+
if __name__=='__main__':
+
  title()
+
  rubicon().start()
+
</source>}}
+
 
+
[[Category:Projects]]
+

Latest revision as of 05:15, 22 May 2012

All your executables are belong to me

Notable Contributions