内容简介:opencanary/modules目录下为模拟的服务或协议脚本。opencanary/logger.py 为日志生成脚本,我就是在这个文件里直接改了几行代码向web端发送日志,例如post2server函数和log函数;且LoggerBase类定义了各种日志类型。我将opencanary蜜罐框架分析的日志和服务(协议)用xmind进行记录,方便有兴趣的同学进行对照着开发。
opencanary/modules目录下为模拟的服务或协议脚本。
opencanary/logger.py 为日志生成脚本,我就是在这个文件里直接改了几行代码向web端发送日志,例如post2server函数和log函数;且LoggerBase类定义了各种日志类型。
日志格式xmind
我将opencanary蜜罐框架分析的日志和服务(协议)用xmind进行记录,方便有兴趣的同学进行对照着开发。
其中opencanary_web数据库honeypot的OpencanaryLog表的字段也是根据根据日志所包含的所有字段进行设计和开发中随时扩表的。
监听端口
当把opencanary配置选项全部开启之后
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:1433 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:3389 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:9418 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 12683/python tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 12683/python udp 0 0 0.0.0.0:57197 0.0.0.0:* 8994/python udp 0 0 0.0.0.0:5060 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:69 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:123 0.0.0.0:* 12683/python udp 0 0 0.0.0.0:161 0.0.0.0:* 12683/python
应用日志
HTTP
触发方式
访问蜜罐http页面
日志格式
{"dst_host": "172.18.200.58", "dst_port": 80, "local_time": "2019-01-07 13:47:45.817940", "logdata": {"HOSTNAME": "172.18.200.58", "PASSWORD": "admin888", "PATH": "/index.html", "SKIN": "nasLogin", "USERAGENT": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:61.0) Gecko/20100101 Firefox/61.0", "USERNAME": "admin"}, "logtype": 3001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54488}
FTP
触发方式
任意ftp客户端
日志格式
{"dst_host": "172.18.200.58", "dst_port": 21, "local_time": "2019-01-07 13:50:54.264032", "logdata": {"PASSWORD": "admin123", "USERNAME": "ftpadmin"}, "logtype": 2000, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54573}
SSH
触发方式
任意SSH客户端
日志格式
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:27.811101", "logdata": {"SESSION": "3"}, "logtype": 4000, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:27.888686", "logdata": {"LOCALVERSION": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "REMOTEVERSION": "SSH-2.0-OpenSSH_7.0 ZOC_7.16.1"}, "logtype": 4001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
{"dst_host": "172.18.200.58", "dst_port": 2222, "local_time": "2019-01-07 13:54:32.444224", "logdata": {"LOCALVERSION": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "PASSWORD": "root123", "REMOTEVERSION": "SSH-2.0-OpenSSH_7.0 ZOC_7.16.1", "USERNAME": "root"}, "logtype": 4002, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54639}
Telnet
触发方式
telnet 172.18.200.58
日志格式
{"dst_host": "172.18.200.58", "dst_port": 23, "honeycred": false, "local_time": "2019-01-07 13:56:45.341785", "logdata": {"PASSWORD": "admin888", "USERNAME": "admin123"}, "logtype": 6001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 54676}
MYSQL
触发方式
mysql -h172.18.200.58 -uroot -p
日志格式
{"dst_host": "172.18.200.58", "dst_port": 3306, "local_time": "2019-01-07 13:58:25.922257", "logdata": {"PASSWORD": "18076c09615de80ddb2903191b783714918b4c4f", "USERNAME": "root"}, "logtype": 8001, "node_id": "opencanary-1", "src_host": "172.18.220.253", "src_port": 46662}
git协议
触发方式
git clone git://192.168.1.7:9418/tmp.git
日志格式
{"dst_host": "192.168.1.7", "dst_port": 9418, "local_time": "2019-01-05 15:38:46.368627", "logdata": {"HOST": "192.168.1.7:9418", "REPO": "tmp.git"}, "logtype": 16001, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 57606}
NTP协议
触发方式
git clone git://192.168.1.7:9418/tmp.git
ntp监听的是udp的123端口
日志格式
{"dst_host": "0.0.0.0", "dst_port": 123, "local_time": "2019-01-05 15:58:52.075987", "logdata": {"NTP CMD": "monlist"}, "logtype": 11001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 57886}
redis
触发方式
(env) [[email protected] Honeypot]# redis-cli -h 192.168.1.7
192.168.1.7:6379> keys *
(error) NOAUTH Authentication required.
192.168.1.7:6379> config get requirepass
(error) ERR unknown command 'config'
192.168.1.7:6379> auth admin
(error) ERR invalid password
192.168.1.7:6379>
日志格式
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:05:11.637269", "logdata": {"ARGS": "", "CMD": "COMMAND"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:08:14.786249", "logdata": {"ARGS": "*", "CMD": "KEYS"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:09:36.418200", "logdata": {"ARGS": "get requirepass", "CMD": "CONFIG"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
{"dst_host": "192.168.1.7", "dst_port": 6379, "local_time": "2019-01-05 16:10:09.802402", "logdata": {"ARGS": "admin", "CMD": "AUTH"}, "logtype": 17001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 34471}
TCP Banner
触发方式
telnet 192.168.1.6 8001
日志格式
{"dst_host": "192.168.1.6", "dst_port": 8001, "local_time": "2019-01-05 17:18:51.601478", "logdata": {"BANNER_ID": "1", "DATA": "", "FUNCTION": "CONNECTION_MADE"}, "logtype": 18002, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 59176}
{"dst_host": "192.168.1.6", "dst_port": 8001, "local_time": "2019-01-05 17:19:12.996007", "logdata": {"BANNER_ID": "1", "DATA": "", "FUNCTION": "DATA_RECEIVED"}, "logtype": 18004, "node_id": "opencanary-1", "src_host": "192.168.1.3", "src_port": 59176}
LOG_TCP_BANNER_CONNECTION_MADE = 18001
LOG_TCP_BANNER_KEEP_ALIVE_CONNECTION_MADE = 18002
LOG_TCP_BANNER_KEEP_ALIVE_SECRET_RECEIVED = 18003
LOG_TCP_BANNER_KEEP_ALIVE_DATA_RECEIVED = 18004
LOG_TCP_BANNER_DATA_RECEIVED = 18005
VNC
触发方式
我在mac电脑上用vnc viewer连接
日志格式
{"dst_host": "192.168.1.7", "dst_port": 5000, "local_time": "2019-01-06 08:21:28.951940", "logdata": {"VNC Client Response": "58c00be9ee5b7f3b666771dd2bda9309", "VNC Password": "<Password was not in the common list>", "VNC Server Challenge": "953e2dff7e4d3a3114527c282817ce1d"}, "logtype": 12001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 54634}
RDP
触发方式
我在mac电脑上用Microsoft Remote Desktop Beta.app连接
日志格式
{"dst_host": "192.168.1.7", "dst_port": 3389, "local_time": "2019-01-06 08:59:13.890934", "logdata": {"DOMAIN": "", "HOSTNAME": "HelloHost", "PASSWORD": "helloword", "USERNAME": "administrator1"}, "logtype": 14001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 59955}
{"dst_host": "192.168.1.7", "dst_port": 3389, "local_time": "2019-01-06 08:59:26.868856", "logdata": {"INPUT": ""}, "logtype": 14001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": 59955}
windows console模式登录的会出现INPUT字段
SIP
触发方式
hydra -l adminsip -p password 192.168.1.7 sip
日志格式
{"dst_host": "0.0.0.0", "dst_port": 5060, "local_time": "2019-01-06 09:55:12.578148", "logdata": {"HEADERS": {"call-id": ["[email protected]"], "content-length": ["0"], "cseq": ["1 REGISTER"], "from": ["<sip:[email protected]>"], "to": ["<sip:[email protected]>"], "via": ["SIP/2.0/UDP 10.0.2.15:46759;received=192.168.1.7"]}}, "logtype": 15001, "node_id": "opencanary-1", "src_host": "192.168.1.7", "src_port": 46759}
SNMP
触发方式
hydra -p password 192.168.1.7 snmp
日志格式
{"dst_host": "0.0.0.0", "dst_port": 161, "local_time": "2019-01-06 11:17:27.266214", "logdata": {"COMMUNITY_STRING": "password", "REQUESTS": ["1.3.6.1.2.1.1.1"]}, "logtype": 13001, "node_id": "opencanary-1", "src_host": "192.168.1.7", "src_port": 47112}
NMAP
OS探测触发方式
sudo nmap -v -Pn -O 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "21", "local_time": "2019-01-06 16:35:24.356080", "logdata": {"FIN": "", "ID": "37499", "IN": "eth1", "LEN": "60", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "PSH": "", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "56", "URG": "", "URGP": "0", "WINDOW": "256"}, "logtype": 5002, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "40098"}
SYN探测触发方式
sudo nmap -sS 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "21", "local_time": "2019-01-06 16:35:24.190176", "logdata": {"ID": "51918", "IN": "eth1", "LEN": "56", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "SYN": "", "TOS": "0x00", "TTL": "58", "URGP": "0", "WINDOW": "512"}, "logtype": 5001, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "40088"}
FIN探测触发方式
sudo nmap -sF 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "23", "local_time": "2019-01-06 16:46:18.336954", "logdata": {"FIN": "", "ID": "29768", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "TOS": "0x00", "TTL": "59", "URGP": "0", "WINDOW": "1024"}, "logtype": 5005, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "35116"}
XmasTree探测触发方式
sudo nmap -sX 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "139", "local_time": "2019-01-06 16:48:46.225539", "logdata": {"FIN": "", "ID": "19984", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "PSH": "", "RES": "0x00", "TOS": "0x00", "TTL": "56", "URG": "", "URGP": "0", "WINDOW": "1024"}, "logtype": 5004, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "50913"}
Null探测触发方式
sudo nmap -sN 192.168.1.7
日志格式
{"dst_host": "192.168.1.7", "dst_port": "5060", "local_time": "2019-01-06 16:51:07.789903", "logdata": {"ID": "26441", "IN": "eth1", "LEN": "40", "MAC": "08:00:27:da:4c:e2:6c:96:cf:dd:ee:bd:08:00", "OUT": "", "PREC": "0x00", "PROTO": "TCP", "RES": "0x00", "TOS": "0x00", "TTL": "50", "URGP": "0", "WINDOW": "1024"}, "logtype": 5003, "node_id": "opencanary-1", "src_host": "192.168.1.6", "src_port": "58015"}
MSSQL
mssql登录 sql 账户认证
SQLPro for MSSQL
日志格式
{"dst_host": "172.18.200.58", "dst_port": 1433, "local_time": "2019-01-07 09:04:58.690137", "logdata": {"AppName": "SQLPro for MSSQL (hankinsoft.com)", "CltIntName": "DB-Library", "Database": "test", "HostName": "Piroguehost", "Language": "us_english", "Password": "sa123456", "ServerName": "172.18.200.58:1433", "UserName": "sa"}, "logtype": 9001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 64344}
mssql登录win身份认证
SQLPro for MSSQL
日志格式
{"dst_host": "172.18.200.58", "dst_port": 1433, "local_time": "2019-01-07 09:13:28.669829", "logdata": {"PASSWORD": "", "USERNAME": ""}, "logtype": 9002, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 64499}
HTTPPROXY
触发方式
可以通过浏览器配置一个带有认证的http代理,随便访问一个链接。
日志格式
{"dst_host": "172.18.200.58", "dst_port": 8080, "local_time": "2019-01-07 13:26:47.761297", "logdata": {"PASSWORD": "passsquid", "USERNAME": "squidadmin"}, "logtype": 7001, "node_id": "opencanary-1", "src_host": "172.18.205.14", "src_port": 53798}
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
猜你喜欢:
- Cleave.js:Web 表单开发之实时格式化显示
- Opus 1.3 发布,Xiph.Org 基金会开发的声音编码格式
- Opus 1.3 发布,Xiph.Org 基金会开发的声音编码格式
- TCP数据段格式+UDP数据段格式详解
- 解决从旧格式的 csproj 迁移到新格式的 csproj 格式 AssemblyInfo 文件值重复问题
- CSS——CSS 基本视觉格式化:① “块盒子”格式化
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
卓有成效的程序员
Neal Ford / 熊节 / 机械工业出版社 / 2009-3 / 45.00元
《卓有成效的程序员》就是讲述如何在开发软件的过程中变得更加高效。同时,《卓有成效的程序员》的讲述将会跨语言和操作系统:很多技巧的讲述都会伴随多种程序语言的例子,并且会跨越三种主要的操作系统,Windows(多个版本),Mac OS X以及 *-nix (Unix或者Linux)。 《卓有成效的程序员》讨论的是程序员个体的生产力,而不是团队的生产力问题,所以它不会涉及方法论(好吧,可能总会在......一起来看看 《卓有成效的程序员》 这本书的介绍吧!
