Changeset 1555

Timestamp:

02/17/08 13:25:24 (8 months ago)

Author:

till

Message:

honeytrap
- simple Nebula submission plugin

Files:

• honeytrap/trunk/configure.in (modified) (18 diffs)
• honeytrap/trunk/src/modules/Makefile.am (modified) (2 diffs)
• honeytrap/trunk/src/modules/htm_submitMWserv.c (modified) (8 diffs)
• honeytrap/trunk/src/modules/htm_submitNebula.c (added)
• honeytrap/trunk/src/modules/htm_submitNebula.h (added)
• honeytrap/trunk/src/sock.c (modified) (2 diffs)
• honeytrap/trunk/tools/htprox.c (modified) (1 diff)

honeytrap/trunk/configure.in

@@ -68 +68 @@
-
-bold () {
-
-
+n
+-n 
-}
-
@@ -303 +303 @@
-                        bold "   %BError%b - libpcap headers not found. Install them or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit 1
@@ -317 +319 @@
-                        bold "   %BError%b - libpcap library not found. Install it or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit 1
@@ -343 +347 @@
-                        bold "   %BError%b - libnetfilter_queue headers not found. Install them or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit
@@ -357 +363 @@
-                        bold "   %BError%b - libnetfilter_queue library not found. Install it or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit
@@ -382 +390 @@
-                        bold "   %BError%b - libipq headers not found. Install them or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit
@@ -396 +406 @@
-                        bold "   %BError%b - libipq library not found. Install it or use the following options:"
-                        echo
-
+
+
+
-                        echo
-                        exit
@@ -413 +425 @@
-                bold "   %BError%b - No connection monitor selected. Please reconfigure with one of the following:"
-                echo
+                echo
-                bold "   %B--with-stream-mon=%bnfq    receive packets via netfilter's NFQUEUE target (Linux only, recommended)"
+                echo
-                bold "   %B--with-stream-mon=%bipq    receive packets via netfilter's QUEUE target (Linux only)"
+                echo
-                bold "   %B--with-stream-mon=%bpcap   receive packets using a built-in pcap sniffer"
+                echo
-                echo
-                exit 1
@@ -458 +474 @@
-    bold "   %BError%b - libclamav headers not found. Install them or use the following options:"
-    echo
-
+
+
+
-    echo
-    exit
@@ -472 +490 @@
-    bold "   %BError%b - libclamav library not found. Install it or use the following options:"
-    echo
-
+
+
+
-    echo
-    exit
@@ -490 +510 @@
-    bold "   Use %B--enable-devmodules%b to build it anyway."
-    echo
+    echo
-    exit
-  fi
@@ -511 +532 @@
-    bold "   %BError%b - libemu headers not found. Install them or use the following options:"
-    echo
-
+
+
+
-    echo
-    exit
@@ -525 +548 @@
-    bold "   %BError%b - libemu library not found. Install it or use the following options:"
-    echo
-
+
+
+
-    echo
-    exit
@@ -545 +570 @@
-                bold "   Use %B--enable-devmodules%b to build it anyway."
-                echo
+                echo
-                exit
-        fi
@@ -570 +596 @@
-                bold "   %BError%b - libcurl headers not found. Install them or use the following options:"
-                echo
-
+
+
+
-                echo
-                exit
@@ -584 +612 @@
-                bold "   %BError%b - libcurl library not found. Install it or use the following options:"
-                echo
-
+
+
+
-                echo
-                exit
@@ -590 +620 @@
-else
-        with_submit_mwserv=" "
+fi
+
+
+
+AC_ARG_WITH(submit-nebula,
+        [  --with-submit-nebula            submit attacks to a nebula server])
+AM_CONDITIONAL(BUILD_SUBMIT_NEBULA_PLUGIN, test x$with_submit_nebula = xyes)
+if test "$with_submit_nebula" = "yes"; then
+        if test "$enable_devmodules" != "X"; then
+                echo
+                echo "   The submitNebula plugin is still unstable and should not be used in production setups."
+                bold "   Use %B--enable-devmodules%b to build it anyway."
+                echo
+                echo
+                exit
+        fi
+
+        with_submit_nebula="X"
+
+        AC_CHECK_FUNC(gethostbyname, , AC_CHECK_LIB(nsl, gethostbyname))
+
+        AC_ARG_WITH(zlib_includes,
+        [  --with-zlib-includes=DIR        zlib include directory],
+        [with_zlib_includes="$withval"],[with_zlib_includes=no])
+
+        AC_ARG_WITH(zlib_libraries,
+        [  --with-zlib-libraries=DIR       zlib library directory],
+        [with_zlib_libraries="$withval"],[with_zlib_libraries=no])
+
+        if test "$with_zlib_includes" != "no"; then
+                CFLAGS="${CFLAGS} -I${with_zlib_includes}"
+        fi
+        HZ="yes"
+        AC_CHECK_HEADER(zlib.h,, HZ="no")
+        if test "$HZ" = "no"; then
+                echo
+                bold "   %BError%b - zlib headers not found. Install them or use the following options:"
+                echo
+                echo
+                bold "   %B--with-zlib-includes=%b"
+                echo -e "\x5blocation of zlib header files\x5d"
+                echo
+                exit
+        fi
+
+        if test "$with_zlib_libraries" != "no"; then
+                LDFLAGS="${LDFLAGS}  -L${with_zlib_libraries}"
+        fi
+        LZ="yes"
+        AC_CHECK_LIB(z, compress, LZ="yes", LZ="no")
+        if test "$LZ" = "no"; then
+                echo
+                bold "   %BError%b - zlib library not found. Install it or use the following options:"
+                echo
+                echo
+                bold "   %B--with-zlib-libraries=%b"
+                echo -e "\x5blocation of zlib shared library files\x5d"
+                echo
+                exit
+        fi
+else
+        with_submit_nebula=" "
-fi
-
@@ -782 +874 @@
-bold "  ----- %Bhoneytrap configuration%b -----"
-echo
+echo
-echo "  General options"
-bold "    (%B$enable_debug%b)  Debugging"
+echo
-bold "    (%B$enable_profile%b)  Profiling"
+echo
-bold "    (%B$enable_devmodules%b)  Unstable Modules"
+echo
-bold "    (%B$with_efence%b)  Electric Fence"
+echo
-echo
-echo "  Connection monitor"
-bold "    (%B$with_ipq_mon%b)  Linux ip_queue (ipq)"
+echo
-bold "    (%B$with_ipfw_mon%b)  FreeBSD ipfw (ipfw)"
+echo
-bold "    (%B$with_nfq_mon%b)  Linux libnetfilter_queue (nfq)"
+echo
-bold "    (%B$with_pcap_mon%b)  Libpcap (pcap)"
+echo
-echo
-echo "  Optional plugins"
-bold "    (%B$with_clamav%b)  ClamAV"
+echo
-bold "    (%B$with_cpuemu%b)  cpuEmu"
+echo
-bold "    (%B$with_cspm%b)  CSPM"
+echo
-bold "    (%B$with_postgres%b)  PostgeSQL"
+echo
-bold "    (%B$with_spamsum%b)  SpamSum"
+echo
-bold "    (%B$with_submit_mwserv%b)  submitMwserv"
+echo
+bold "    (%B$with_submit_nebula%b)  submitNebula"
+echo

honeytrap/trunk/src/modules/Makefile.am

@@ -35 +35 @@
-if BUILD_SUBMIT_MWSERV_PLUGIN
-lib_LTLIBRARIES += htm_submitMWserv.la
+endif
+
+if BUILD_SUBMIT_NEBULA_PLUGIN
+lib_LTLIBRARIES += htm_submitNebula.la
-endif
-
@@ -80 +84 @@
-endif
-
+if BUILD_SUBMIT_NEBULA_PLUGIN
+htm_submitNebula_la = htm_submitNebula.c htm_submitNebula.h
+htm_submitNebula_la_LDFLAGS = -module -no-undefined -avoid-version -lz
+endif
+
-
-if BUILD_CSPM_PLUGIN

honeytrap/trunk/src/modules/htm_submitMWserv.c

@@ -175 +175 @@
-
-int check_response(const bstr *response) {
+printf("--> response is '%s'\n", response->data);
-        switch(response_code(response)) {
-        case TSS_OK:
@@ -186 +187 @@
-                return(TSS_ERROR);
-        case TSS_UNKNOWN:
+        default:
-                logmsg(LOG_ERR, 1, "SubmitMWServ - Server returned status UNKNOWN.\n");
-                return(TSS_UNKNOWN);
-        default:
-                return(0);
-        }
-
@@ -205 +205 @@
-                FD_ZERO(&wfds);
-                FD_ZERO(&efds);
+printf("--> selecting...\n");
-                
-                max_fd = 0;
@@ -232 +233 @@
-                        break;
-                default:
-
+
+
+
+
+
-
-                        handles = 0;
@@ -238 +243 @@
-                        while(curl_multi_perform(mhandle, &handles) == CURLM_CALL_MULTI_PERFORM && handles);
-
-
-
+
+
+
+
+
+
+
+
+
+
-                }
-        }
@@ -265 +278 @@
-        logmsg(LOG_NOISY, 1, "SubmitMWServ - Constructing HTTP form for request type %d.\n", type);
-        
+printf("--> adding guid\n");
-        curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "guid", CURLFORM_PTRCONTENTS, guid, CURLFORM_END);
+printf("--> adding maintainer\n");
-        curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "maintainer", CURLFORM_PTRCONTENTS, maintainer, CURLFORM_END);
+printf("--> adding secret\n");
-        curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "secret", CURLFORM_PTRCONTENTS, secret, CURLFORM_END); 
-
+        if (uri) {
+printf("--> adding uri\n");
-        curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "uri",
-                CURLFORM_PTRCONTENTS, uri, CURLFORM_CONTENTSLENGTH, strlen(uri), CURLFORM_END);
+        }
-        
+printf("--> adding data\n");
-        curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "data",
-                CURLFORM_PTRCONTENTS, data,
@@ -326 +346 @@
-                memset(&response, 0, sizeof(bstr));
-                
+printf("--> uri is %s\n", uri);
-                if ((pinfo = init_handle(&multihandle, &curlhandle,
-                                attack->download[i].dl_payload.data, attack->download[i].dl_payload.size,
@@ -332 +353 @@
-                        return(0);
-                }
+printf("--> handle initialized\n");
-
-                if (transfer_data(multihandle, &response) == TSS_OK)
-                        logmsg(LOG_NOTICE, 1, "SubmitMWServ - Sample is already present at %s, skipping submission.\n", mwserv_url);
-                elseif (
-                else
-                        logmsg(LOG_ERR, 1, "SubmitMWServ Error - Hash test failed.\n");

honeytrap/trunk/src/sock.c

@@ -62 +62 @@
-        if ((bind(fd, (struct sockaddr *) server_addr, sizeof(struct sockaddr_in))) != 0) {
-            /* we already got one server process */
-port
+ntohs(port)
-#ifdef USE_IPQ_MON
-            /* hand packet processing back to the kernel */
@@ -91 +91 @@
-            /* if bind() did not fail for 'port already in use' but for some other reason,
-             *  we're in troubles and want a verbose error message */
-port
+ntohs(port)
-            exit(EXIT_FAILURE);
-#endif

honeytrap/trunk/tools/htprox.c

@@ -18 +18 @@
- */
-
+#include <arpa/inet.h>
+#include <errno.h>
+#include <netdb.h>
+#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <strings.h>
-#include <netdb.h>
-#include <signal.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <unistd.h>
-
-extern int h_errno;
-extern int errno;
-
-