Sunday, November 18, 2018

python3 http.server HTTP Honeypot

Created a python3 http.server honeypot that responds to everything with an html code of 301 redirect to msn.com and creates a log of the connecting IP Address, http verb, path of the connection, http code, and the headers including the user agent.  It also records the POST variables if they exist.

Added the ability to change the server header, protocol and sys version (python version) displayed.





#!/usr/bin/python3

import datetime
from http.server import HTTPServer, BaseHTTPRequestHandler


def servePage(s, hverb):
    now = datetime.datetime.now()
    logtime = now.strftime("%m-%d-%Y %H:%M")
    userAgent = str(s.headers['User-Agent'])
    if hverb == "POST":
        contentLen = int(s.headers['Content-Length'])
        body = s.rfile.read(contentLen)
        postInfo = body.decode("utf-8")
    else:
        postInfo = ""
    log = logtime
    log += " SrcIP:" + s.client_address[0]
    log += " HTTPCode:200"
    log += " HTTPVerb:" + hverb
    log += " URI:" + s.path
    log += " UserAgent:" + userAgent
    log += " Headers("
    for h in s.headers:
        if "User-Agent" not in h:
            log += h + ":" + s.headers[h] + ","
    log = log[:-1]
    log += ")"
    if hverb == "POST":
        log += " POST:" + postInfo
    log += "\n"
    f = open('log.txt', 'a')
    f.write(log)
    f.close()
    s.protocol_version = 'HTTP/1.1'
    s.server_version = 'Microsoft-IIS/8.5'
    s.sys_version = ''
    #s.send_response(200)
    # Setup with the below 2 lines to redirect to another page.  Example below is msn.com
    s.send_response(301)
    s.send_header('Location','http://www.msn.com')
    s.send_header('X-Powered-By', 'ASP.NET')
    s.send_header('Content-type', 'text/html')
    s.end_headers()
    message = ""
    s.wfile.write(bytes(message, "utf8"))
    return


class StaticServer(BaseHTTPRequestHandler):

    def do_GET(self):
        servePage(self, "GET")
        return

    def do_POST(self):
        servePage(self, "POST")
        return

    def do_PUT(self):
        servePage(self, "PUT")
        return

    def do_DELETE(self):
        servePage(self, "DELETE")
        return

    def do_OPTIONS(self):
        servePage(self, "OPTIONS")
        return

# You can change the port it listens on below...
def main(server_class=HTTPServer, handler_class=StaticServer, port=8005):
    server_address = ('', port)
    httpd = server_class(server_address, handler_class)
    print('Starting httpd on port {}'.format(port))
    httpd.serve_forever()



print("http.server Honeypot")
main()






Wednesday, November 7, 2018

Lab Book 2.0.12

Summary

Lab_Book_2.0 is a book that I designed for students of an IT 222 Ethical Hacking class that I have been asked to teach at LDS Business College.  The lab book consists of walkthroughs of 7 different virtual machines, introduces them to exploit kits, phishing, command-and-control, and buffer overflows.  However the main objectives of this lab book are to introduce students to a variety of tools that they can utilize, techniques that they can use to test for security vulnerabilities and to understand how to write a technical report of what they found and how they found it.

You can download the Lab Book from my Google Drive at this link.

Here are recorded videos for labs 2, 3, 5 and 6.



Friday, November 2, 2018

myhouse7 - Vulnerable Virtual Machine

Description of Vulnerable Virtual Machine

myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge.  The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1. 

Download from my Google Drive.

SHA1: ffefa2283d48c98baace90fb1ed93c1aa464c925

CTF Flag Information


This CTF challenge consists of a total of 20 flags.  The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host.  The 1 host that is the exception has no flags.  (A mistake that I made was to name 2 flags the same.)

The structure of each flag is as follows: {{tryharder:xxx}}.  The xxx in the example could be a single digit or up to 4 digits.

Network Diagram

Below is a network diagram of the setup which may or may not be accurate.  The virtual machine represents the firewall in the network diagram below.  A total of 7 docker images/containers launch each time the virtual machine loads.


Download Information

You are able to download this file from my Google Drive at this link.  The file is 2.7GB compressed with 7-zip.  The file is a compressed OVF exported virtual machine from VMWorkstation 14.  After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images.  After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers.

Test Authentication from Linux Console using python3 pexpect

Working with the IT420 lab, you will discover that we need to discover a vulnerable user account.  The following python3 script uses the pex...