tnich/honssh

Can't close connection after honeypot closed the connection

0Nightsedge0 opened this issue · 0 comments

0Nightsedge0 commented

Hi all,

I am confused about the lost connection. The max ssh login attempts of my honeypot is 3 times only. After 3 tries, the honeypot will disconnect to the honssh. However, the honssh did not close the session to the attacker after the disconnection. Here is a part of the log.

2018-03-30T12:57:56+0800 [HonsshClientTransport,client] REVERSE
2018-03-30T12:57:56+0800 [HonsshClientTransport,client] NEW KEYS
2018-03-30T12:57:56+0800 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2018-03-30T12:57:57+0800 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
2018-03-30T12:57:57+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:57:59+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:57:59+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:58:00+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:58:01+0800 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2018-03-30T12:58:02+0800 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2018-03-30T12:58:03+0800 [HonsshClientTransport,client] connection lost
2018-03-30T12:58:03+0800 [HonsshClientTransport,client] [CLIENT] - Lost connection with the Honeypot: my_honeypot (192.168.100.154:22)
2018-03-30T12:58:03+0800 [honssh.client.HonsshClientFactory#info] Stopping factory <honssh.client.HonsshClientFactory instance at 0x7f7cc9e187e8>

Attacker side:

root@attacker's password: 
Permission denied, please try again.
root@attacker's password: 
Permission denied, please try again.
root@attacker's password:
█ <<< hangs in here

Network view in close connection:

  1. honeypot <- fin+ack -> honssh
  2. honssh <- not talk about it -> attacker (so,session hang)

And I tried to deal with the HonsshClientTransport class in client.py.
added function in line 22:

def sendDiscounect(self, code, reason):
      transport.SSHClientTransport.sendDisconnect(self, code, reason)

In connectionLost function, appended self.sendDiscounect(10, 'lost connection to honeypot')

if self.factory.server.wasConnected:
   self.sendDiscounect(10, 'lost connection to honeypot')
   log.msg(log.LBLUE, '[CLIENT]', ...)

But it does not work as before...
Would anyone give me some direction?
Please excuse my bad English. Thank you very much.

Here is my full log and config:
Log: log.txt
config: honssh.cfg.txt