Home Explore Help
Sign In
Botnet_Research
/
hostage
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

- Telnet: added different server versions

Wulf Pfeiffer 10 years ago
parent
bd7a7ae2a1
commit
1a7ac6738d
4 changed files with 57 additions and 23 deletions
Split View Show Diff Stats
  1. 1 1
      res/values/strings.xml
  2. 3 7
      src/de/tudarmstadt/informatik/hostage/protocol/SMB.java
  3. 4 7
      src/de/tudarmstadt/informatik/hostage/protocol/SSH.java
  4. 49 8
      src/de/tudarmstadt/informatik/hostage/protocol/TELNET.java

+ 1 - 1
res/values/strings.xml
View File 

@@ -2,7 +2,7 @@
 
 <resources>
 
 
     <string name="app_name">HosTaGe</string>
 
-    <string name="shared_preference_path">de.tudarmstadt.informatik.hostage.preferences</string>
 
+    <string name="shared_preference_path">de.tudarmstadt.informatik.hostage</string>
 
     <string name="UUID">9fc4f490-659e-11e3-949a-0800200c9a66</string>
 
     <string name="statistics">Statistics</string>
 
     <string name="database">Database</string>

+ 3 - 7
src/de/tudarmstadt/informatik/hostage/protocol/SMB.java
View File 

@@ -69,12 +69,8 @@ public class SMB implements Protocol {
 
 	 * @return current timezone in windows format as byte[]
 
 	 */
 
 	private static byte[] getTimeZoneInBytes() {
 
-		Integer offset = new GregorianCalendar().getTimeZone().getRawOffset() / 1000 / 60; // get
 
-																							// current
 
-																							// timezone
 
-																							// offset
 
-																							// in
 
-																							// minutes
 
+		// get current timezone offset in minutes
 
+		Integer offset = new GregorianCalendar().getTimeZone().getRawOffset() / 1000 / 60; 
 		char[] offsetChars = Integer.toBinaryString(offset).toCharArray();
 
 		boolean invert = false;
 
 		for (int i = offsetChars.length - 1; i > -1; i--) {
 
@@ -104,7 +100,7 @@ public class SMB implements Protocol {
 
 		String profile = HoneyService
 
 				.getContext()
 
 				.getSharedPreferences(sharedPreferencePath,
 
-						Context.MODE_PRIVATE).getString("profile", "");
 
+						Context.MODE_PRIVATE).getString("os", "");
 
 		System.out.println(profile);
 
 		if (profile.equals("Windows 7")) {
 
 			return possibleSmbVersions[0];

+ 4 - 7
src/de/tudarmstadt/informatik/hostage/protocol/SSH.java
View File 

@@ -623,9 +623,8 @@ public class SSH implements Protocol {
 
 	 * @return wrapped packet.
 
 	 */
 
 	private Packet wrapPacket(byte[] response) {
 
-		int packetLength = 5 + response.length; // 4 byte packet length, 1 byte
 
-												// padding length, payload
 
-												// length
 
+		// 4 byte packet length, 1 byte padding length, payload length
 
+		int packetLength = 5 + response.length;
 
 		int paddingLengthCBS = cipherBlockSize
 
 				- (packetLength % cipherBlockSize);
 
 		int paddingLength8 = 8 - (packetLength % 8);
 
@@ -633,10 +632,8 @@ public class SSH implements Protocol {
 
 				: paddingLength8;
 
 		if (paddingLength < 4)
 
 			paddingLength += cipherBlockSize;
 
-		packetLength = packetLength + paddingLength - 4; // add padding string
 
-															// length to packet
 
-															// length
 
-
 
+		// add padding string length to packet length
 
+		packetLength = packetLength + paddingLength - 4; 
 		byte[] packetLen = ByteBuffer.allocate(4).putInt(packetLength).array();
 
 		byte[] paddingLen = { (byte) paddingLength };
 
 		byte[] paddingString = HelperUtils.randomBytes(paddingLength);

+ 49 - 8
src/de/tudarmstadt/informatik/hostage/protocol/TELNET.java
View File 

@@ -3,6 +3,10 @@ package de.tudarmstadt.informatik.hostage.protocol;
 
 import java.util.ArrayList;
 
 import java.util.List;
 
 
+import android.content.Context;
 
+
 
+import de.tudarmstadt.informatik.hostage.HoneyService;
 
+import de.tudarmstadt.informatik.hostage.R;
 
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
 
 import de.tudarmstadt.informatik.hostage.wrapper.Packet;
 
 
@@ -33,11 +37,18 @@ public class TELNET implements Protocol {
 
 	/** name of the server */
 
 	private static String serverName = HelperUtils.getRandomString(16, false);
 
 
+	private static String serverVersion = initServerVersion();
 
+	
+	private static String login = initLogin();
 
+	
+	private static String serverBanner = initServerBanner();
 
+	
 	/** command line prefix */
 
 	private static byte[] sessionToken = null;
 
 
 	/** options requested by the server */
 
-	private static final byte[] optionRequest = { (byte) 0xff, (byte) 0xfb,
 
+	private static final byte[] optionRequest = {
 
+			(byte) 0xff, (byte) 0xfb,
 
 			0x03, // will suppress go ahead
 
 			(byte) 0xff, (byte) 0xfb, 0x01 // will echo
 
 	};
 
@@ -83,7 +94,7 @@ public class TELNET implements Protocol {
 
 		case OPEN:
 
 			if (request != null) {
 
 				responsePackets.add(new Packet(getOptionResponse(request)));
 
-				responsePackets.add(new Packet(serverName + " login: "));
 
+				responsePackets.add(new Packet(login + "login: "));
 
 				state = STATE.LOGIN;
 
 			}
 
 			break;
 
@@ -98,12 +109,16 @@ public class TELNET implements Protocol {
 
 					responsePackets.add(new Packet(buffer));
 
 				}
 
 				responsePackets.add(new Packet("\r\n"));
 
-				responsePackets.add(new Packet("Password: "));
 
+				responsePackets.add(new Packet("password: "));
 
 				state = STATE.AUTHENTICATE;
 
-				sessionToken = HelperUtils.concat(sessionPrefix, user,
 
-						"@".getBytes(), serverName.getBytes(), sessionMiddle,
 
-						user, "@".getBytes(), serverName.getBytes(),
 
-						sessionSuffix);
 
+				if (serverVersion.contains("Windows")) {
 
+					sessionToken = HelperUtils.concat("C:\\Users\\".getBytes(), user);
 
+				} else {
 
+					sessionToken = HelperUtils.concat(sessionPrefix, user,
 
+							"@".getBytes(), serverName.getBytes(), sessionMiddle,
 
+							user, "@".getBytes(), serverName.getBytes(),
 
+							sessionSuffix);
 
+				}
 
 				break;
 
 			} else if (checkForByte(request, (byte) 0x7f) && user != null
 
 					&& user.length != 0) {
 
@@ -124,7 +139,7 @@ public class TELNET implements Protocol {
 
 			if (request == null)
 
 				break;
 
 			else if (checkForByte(request, (byte) 0x0d)) {
 
-				responsePackets.add(new Packet("\r\n"));
 
+				responsePackets.add(new Packet("\r\n"+serverBanner));
 
 				responsePackets.add(new Packet(sessionToken));
 
 				state = STATE.LOGGED_IN;
 
 			} else if (checkForByte(request, (byte) 0x7f)) {
 
@@ -187,6 +202,32 @@ public class TELNET implements Protocol {
 
 	public TALK_FIRST whoTalksFirst() {
 
 		return TALK_FIRST.SERVER;
 
 	}
 
+	
+	private static String initServerVersion() {
 
+		String sharedPreferencePath = HoneyService.getContext().getString(
 
+				R.string.shared_preference_path);
 
+		String profile = HoneyService
 
+				.getContext()
 
+				.getSharedPreferences(sharedPreferencePath,
 
+						Context.MODE_PRIVATE).getString("os", "");
 
+		return profile;
 
+	}
 
+	
+	private static String initServerBanner() {
 
+		if (serverVersion.contains("Windows")) {
 
+			return "\r\n*===============================================================\r\n"
 
+					+ "Microsoft Telnet Server.\r\n"
 
+					+ "*===============================================================\r\n";
 
+		}
 
+		return "";
 
+	}
 
+	
+	private static String initLogin() {
 
+		if (serverVersion.contains("Windows")) {
 
+			return "Welcome to Microsoft Telnet Service \r\n\r\n";
 
+		}
 
+		return "Debian GNU/Linux 7.0\r\n";
 
+	}
 
 
 	/**
 
 	 * Checks a byte array for occurence of one byte.