Navigation

← Previous Changeset
Next Changeset →

Changeset 1580

Timestamp:

02/28/08 22:57:06 (6 months ago)

Author:

till

Message:

honeytrap
- working submit-mwserv module

Files:

honeytrap/trunk/src/logging.h (modified) (1 diff)
honeytrap/trunk/src/modules/htm_submitMWserv.c (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/src/logging.h

r1281	r1580
42	42	*/
43	43
44		#define LOGLINE_SIZE ~~256~~ /* truncates longer lines */
	44	#define LOGLINE_SIZE 4069 /* truncates longer lines */
45	45
46	46	#define DEBUG_FPRINTF if (log_level == LOG_DEBUG) fprintf

honeytrap/trunk/src/modules/htm_submitMWserv.c

r1579	r1580
15	15	*/
16	16
17		~~#define C(); { printf("%s:%u\n", __PRETTY_FUNCTION__, __LINE__); fflush(stdout); }~~
18
19	17
20	18	#define _GNU_SOURCE 1
…	…
43	41	#include <plughook.h>
44	42	#include <readconf.h>
	43	#include <sha512.h>
45	44	#include <signals.h>
46	45	#include <tcpip.h>
…	…
145	144	logmsg(LOG_DEBUG, 1, "SavePostgres - Building generic malware resource URI.\n");
146	145
147		printf("user: %s\n", download.user);
148		return(asprintf(uri, "%s://%s:%s@%s:%d/%s:%s",
149		download.dl_type,
150		download.user,
151		download.pass,
152		inet_ntoa((struct in_addr)&download.r_addr),
153		download.r_port,
154		PROTO(download.protocol),
155		download.filename));
	146	if (strlen(download.dl_type) == 3 && !strcmp(download.dl_type, "ftp"))
	147	return(asprintf(uri, "%s://%s:%s@%s:%d/%s:%s",
	148	download.dl_type,
	149	download.user,
	150	download.pass,
	151	inet_ntoa((struct in_addr)&download.r_addr),
	152	download.r_port,
	153	PROTO(download.protocol),
	154	download.filename));
	155
	156	if (strlen(download.dl_type) == 4 && !strcmp(download.dl_type, "tftp"))
	157	return(asprintf(uri, "%s://%s:%d/%s:%s",
	158	download.dl_type,
	159	inet_ntoa((struct in_addr)&download.r_addr),
	160	download.r_port,
	161	PROTO(download.protocol),
	162	download.filename));
	163
	164	return(-1);
156	165	}
157	166
…	…
181	190	switch(response_code(response)) {
182	191	case TSS_OK:
183		~~C();~~
184	192	logmsg(LOG_NOISY, 1, "SubmitMWServ - Server returned transfer status OK.\n");
185	193	return(TSS_OK);
186	194	case TSS_UNKNOWN:
187		~~C();~~
188	195	logmsg(LOG_WARN, 1, "SubmitMWServ - Server returned status UNKNOWN.\n");
189	196	return(TSS_UNKNOWN);
…	…
258	265	if(message->data.result)
259	266	{
260		logmsg(LOG_ERR, 1, "SubmitMWServ Error - %s\n", curl_easy_strerror(message->data.result));
	267	logmsg(LOG_ERR, 1, "SubmitMWServ Error - HTTP failure: %s\n", curl_easy_strerror(message->data.result));
261	268	return TSS_ERROR;
262	269	}
…	…
273	280
274	281	struct curl_httppost init_handle(CURLM multihandle, CURL *curlhandle,
275		const ~~u_char *data, const u_int32_t len~~,
	282	const Attack attack, const struct s_download download,
276	283	const char* uri, const bstr *response, const u_char type) {
277	284
278		int handles;
	285	int handles, rv;
279	286	struct curl_httppost *pinfo;
280	287	struct curl_httppost *pinfo_last;
	288	char saddr[16], daddr[16], sport[6], dport[6];
	289
	290
	291	if (type != ST_HASHTEST && type != ST_SUBMIT) return(NULL);
	292	if (!download) return(NULL);
281	293
282	294	pinfo = pinfo_last = NULL;
	295	memset(saddr, 0, 16);
	296	memset(daddr, 0, 16);
	297	memset(sport, 0, 6);
	298	memset(dport, 0, 6);
283	299
284	300	logmsg(LOG_DEBUG, 1, "SubmitMWServ - Creating easy handle.\n");
…	…
291	307	logmsg(LOG_NOISY, 1, "SubmitMWServ - Constructing HTTP form for request type %d.\n", type);
292	308
293		curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "guid", CURLFORM_PTRCONTENTS, guid, CURLFORM_END);
294		curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "maintainer", CURLFORM_PTRCONTENTS, maintainer, CURLFORM_END);
295		curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "secret", CURLFORM_PTRCONTENTS, secret, CURLFORM_END);
296
	309	if (guid)
	310	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "guid", CURLFORM_PTRCONTENTS, guid, CURLFORM_END);
	311	if (maintainer)
	312	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "maintainer", CURLFORM_PTRCONTENTS, maintainer, CURLFORM_END);
	313	if (secret)
	314	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "secret", CURLFORM_PTRCONTENTS, secret, CURLFORM_END);
	315	if (download->dl_payload.sha512sum)
	316	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "sha512", CURLFORM_PTRCONTENTS, download->dl_payload.sha512sum, CURLFORM_END);
	317	if (attack->a_conn.r_addr) {
	318	rv = snprintf(saddr, 16, "%s", inet_ntoa((struct in_addr )&attack->a_conn.r_addr));
	319	if (rv == -1 \|\| rv > 16) return(NULL);
	320	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "saddr", CURLFORM_COPYCONTENTS, saddr, CURLFORM_END);
	321	}
	322	if (attack->a_conn.l_addr) {
	323	rv = snprintf(daddr, 16, "%s", inet_ntoa((struct in_addr )&attack->a_conn.l_addr));
	324	if (rv == -1 \|\| rv > 16) return(NULL);
	325	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "daddr", CURLFORM_COPYCONTENTS, daddr, CURLFORM_END);
	326	}
	327	if (attack->a_conn.r_port) {
	328	rv = snprintf(sport, 6, "%d", attack->a_conn.r_port);
	329	if (rv == -1 \|\| rv > 16) return(NULL);
	330	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "sport", CURLFORM_COPYCONTENTS, sport, CURLFORM_END);
	331	}
	332	if (attack->a_conn.l_port) {
	333	rv = snprintf(dport, 6, "%d", attack->a_conn.l_port);
	334	if (rv == -1 \|\| rv > 16) return(NULL);
	335	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "dport", CURLFORM_COPYCONTENTS, dport, CURLFORM_END);
	336	}
297	337	if (uri) {
298		curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "uri",
	338	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "url",
299	339	CURLFORM_PTRCONTENTS, uri, CURLFORM_CONTENTSLENGTH, strlen(uri), CURLFORM_END);
300	340	}
301	341
302		curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "data",
303		CURLFORM_PTRCONTENTS, data,
304		CURLFORM_CONTENTSLENGTH, len,
305		CURLFORM_END);
	342	if (type == ST_SUBMIT)
	343	curl_formadd(&pinfo, &pinfo_last, CURLFORM_PTRNAME, "data",
	344	CURLFORM_PTRCONTENTS, download->dl_payload.data,
	345	CURLFORM_CONTENTSLENGTH, download->dl_payload.size,
	346	CURLFORM_END);
306	347
307	348	// attack: cli:port->srv:port, mode
…	…
351	392	/* save malware */
352	393	for (i=0; i<attack->dl_count; i++) {
	394	if (!attack->download[i].dl_payload.sha512sum) continue;
	395
353	396	// test hash
354	397	logmsg(LOG_INFO, 1, "SubmitMWServ - Checking SHA512 hash at %s.\n", mwserv_url);
355	398	memset(&response, 0, sizeof(bstr));
356
	399
357	400	if (build_uri(&uri, attack->download[i]) == -1) {
358	401	logmsg(LOG_ERR, 1, "SubmitMWServ Error - Unable to create URI: %m.\n");
…	…
360	403	}
361	404
362		if ((pinfo = init_handle(&multihandle, &curlhandle,
363		attack->download[i].dl_payload.data, attack->download[i].dl_payload.size,
364		uri, &response, ST_HASHTEST)) == NULL) {
	405	if ((pinfo = init_handle(&multihandle, &curlhandle, attack,
	406	&attack->download[i], uri, &response, ST_HASHTEST)) == NULL) {
365	407	free(response.data);
366	408	return(0);
…	…
390	432	memset(&response, 0, sizeof(bstr));
391	433
392		if ((pinfo = init_handle(&multihandle, &curlhandle,
393		attack->download[i].dl_payload.data, attack->download[i].dl_payload.size,
394		uri, &response, ST_SUBMIT)) == NULL) {
	434	if ((pinfo = init_handle(&multihandle, &curlhandle, attack,
	435	&attack->download[i], uri, &response, ST_SUBMIT)) == NULL) {
395	436	free(uri);
396	437	free(response.data);

Navigation

Changeset 1580

Legend:

honeytrap/trunk/src/logging.h

honeytrap/trunk/src/modules/htm_submitMWserv.c

Download in other formats: