Honssh stuck on Starting factory <honssh.client.HonsshClientFactory instance at xxxxx>

Question

Honssh stuck on Starting factory <honssh.client.HonsshClientFactory instance at xxxxx>

imranqutab opened this issue 6 years ago · 33 comments

2019-01-01 00:59:36+0500 [-] Log opened.
2019-01-01 00:59:36+0500 [-] twistd 16.0.0 (/usr/bin/python 2.7.12) starting up.
2019-01-01 00:59:36+0500 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2019-01-01 00:59:36+0500 [-] HonsshServerFactory starting on 2222
2019-01-01 00:59:36+0500 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0x7f8586e38bd8>
2019-01-01 00:59:49+0500 [-] [PRE_AUTH] - Connecting to Honeypot: svr03 (192.168.0.48:22)
2019-01-01 00:59:49+0500 [-] [ADV-NET] - Advanced Networking disabled - Using client_addr
2019-01-01 00:59:49+0500 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0x7f858699e638>
2019-01-01 00:59:49+0500 [Uninitialized] [CLIENT] - New client connection
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] kex alg, key alg: diffie-hellman-group-exchange-sha1 ssh-rsa
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] outgoing: aes256-ctr hmac-sha1 none
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] incoming: aes256-ctr hmac-sha1 none
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] REVERSE
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] NEW KEYS
2019-01-01 00:59:49+0500 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2019-01-01 00:59:50+0500 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS

my deployed honssh stucks every time on <Starting factory <honssh.client.HonsshClientFactory instance at > cleaned and restarted many times but nothing works, i tried ssh honssh and got stuck on CLIENT CONNECTED, REPLAYING BUFFERED PACKETS again, please help me what to do.

Answer 1 · 2019-01-05T09:45:00.000Z

Hi, sorry for the slow reply.

Are you able to share your honssh.cfg as well as what your topology looks like?

Many thanks,
Tom

Answer 2 · 2019-01-05T16:17:56.000Z

thanks for replying, waiting for your next reply.
i have 2 VMs honey-pot on 192.168.80.137:22 and honssh on 192.168.80.138:2222, my .cfg is attached down.

config.txt

Answer 3 · 2019-01-05T16:29:23.000Z

Try setting
ssh_banner =
Rather than
ssh_banner = test

If that doesn't work, I'll need to see the users.cfg too.

Answer 4 · 2019-01-05T16:40:06.000Z

now it comes up with>
[PRE_AUTH][ERROR] - COULD NOT CONNECT TO HONEYPOT AFTER 10 SECONDS - DISCONNECTING CLIENT
2019-01-05 08:34:09-0800 [-] Disconnecting with error, code 10

and shows on terminal >
$ ssh root@192.168.80.138 -p 2222
Unable to negotiate with 192.168.80.138 port 2222: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

honey-pot has defualt user root with pass 123456 and users.cfg is down here.
usersconfig.txt

Answer 5 · 2019-01-05T16:49:21.000Z

Try updating pycrypto with pip install -U pycrypto

Answer 6 · 2019-01-05T16:55:33.000Z

i tried but pycrypto already uptodate at 2.6.1.

Answer 7 · 2019-01-05T17:05:42.000Z

What about twisted? What version of that do you have?

Answer 8 · 2019-01-05T17:21:48.000Z

i have Twisted==15.1.0 on both machines.
below is the latest cosole log from honssh.
2019-01-05 09:18:20-0800 [-] Log opened.
2019-01-05 09:18:20-0800 [-] twistd 15.1.0 (/usr/bin/python 2.7.12) starting up.
2019-01-05 09:18:20-0800 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2019-01-05 09:18:20-0800 [-] HonsshServerFactory starting on 2222
2019-01-05 09:18:20-0800 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0xb6e312ac>
2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] [CLIENT] - Got SSH Version String: SSH-2.0-OpenSSH_5.1p1 Debian-5
2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] Disconnecting with error, code 10
reason: user closed connection
2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] connection lost
2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] [HONSSH] - HonSSH Boot Sequence Complete - Ready for attacks!
2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] Stopping factory <honssh.client.HonsshSlimClientFactory instance at 0xb6e312ec>
2019-01-05 09:18:29-0800 [-] [PRE_AUTH] - Connecting to Honeypot: svr03 (192.168.80.137:22)
2019-01-05 09:18:29-0800 [-] [ADV-NET] - Advanced Networking disabled - Using client_addr
2019-01-05 09:18:29-0800 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0xb6e3ccec>
2019-01-05 09:18:29-0800 [Uninitialized] [CLIENT] - New client connection
2019-01-05 09:18:29-0800 [HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 3
reason: couldn't match all kex parts
2019-01-05 09:18:29-0800 [HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 10
reason: user closed connection
2019-01-05 09:18:29-0800 [HonsshServerTransport,0,192.168.80.1] connection lost
2019-01-05 09:18:29-0800 [HonsshClientTransport,client] connection lost
2019-01-05 09:18:29-0800 [HonsshClientTransport,client] [CLIENT] - Lost connection with the Honeypot (Server<->Honeypot not connected)
2019-01-05 09:18:29-0800 [HonsshClientTransport,client] Stopping factory <honssh.client.HonsshClientFactory instance at 0xb6e3ccec>
2019-01-05 09:18:39-0800 [-] [PRE_AUTH][ERROR] - COULD NOT CONNECT TO HONEYPOT AFTER 10 SECONDS - DISCONNECTING CLIENT
2019-01-05 09:18:39-0800 [-] Disconnecting with error, code 10
reason: user closed connection

Answer 9 · 2019-01-05T17:30:56.000Z

What SSH server version are you running on the honeypot?
I don't think diffie-hellman-group1-sha1 is supported in the latest versions.

Answer 10 · 2019-01-05T17:39:04.000Z

my both machines are ubuntu 16 with
OpenSSH_7.2p2 Ubuntu-4ubuntu2.6, OpenSSL 1.0.2g 1 Mar 2016 and pyOpenSSL 0.15.1

Answer 11 · 2019-01-05T17:40:37.000Z

2019-01-05 09:18:20-0800 [HonsshSlimClientTransport,client] [CLIENT] - Got SSH Version String: SSH-2.0-OpenSSH_5.1p1 Debian-5

That suggests it is connecting to an OpenSSH_5.1p1 server?

Answer 12 · 2019-01-05T17:47:26.000Z

you are correct this is comming from kippo config but not installed on my machines, what you recommand what version i should have on my machines?

Answer 13 · 2019-01-05T17:48:05.000Z

What do you mean by kippo config?

Answer 14 · 2019-01-05T17:51:54.000Z

kippo honey-pot configuration file --> kippo.cfg.

Answer 15 · 2019-01-05T17:52:26.000Z

Sorry, I don't understand what kippo has to do with Honssh?

Answer 16 · 2019-01-05T18:09:58.000Z

Sorry, my mistake. so i need to install OpenSSH_5.1p1 on both machines?

Answer 17 · 2019-01-05T18:11:08.000Z

I'm trying to work out where Honssh is acquiring the OpenSSH_5.1p1 string from. What SSH servers is listening on 192.168.80.137:22?

Answer 18 · 2019-01-05T18:13:12.000Z

yes. its is working through ssh on 192.168.80.137:22.

Answer 19 · 2019-01-05T18:16:22.000Z

Sorry, I don't understand, what is working?

Answer 20 · 2019-01-05T18:22:08.000Z

I'm trying to work out where Honssh is acquiring the OpenSSH_5.1p1 string from. What SSH servers is listening on 192.168.80.137:22?

you asked for what service or SSH server version? if service then kippo-honeypot.

Answer 21 · 2019-01-05T18:22:56.000Z

So are you trying to use Honssh and Kippo together? If so, why?

Answer 22 · 2019-01-05T18:26:54.000Z

So are you trying to use Honssh and Kippo together? If so, why?

i want to use honssh as gateway and kippo as honeypot

Answer 23 · 2019-01-05T18:27:09.000Z

This would not be supported, you might as well just use Kippo?
Honssh is designed to run against a real server, like OpenSSH.

Answer 24 · 2019-01-06T16:03:25.000Z

This would not be supported, you might as well just use Kippo?
Honssh is designed to run against a real server, like OpenSSH.

ok thanks, please share what are requirements for real server(what packages should be running on server and which types of users privileges) I tried with real one but end up with, could not connect to honeypot after 10 seconds, even I can ssh server.

Answer 25 · 2019-01-06T16:13:24.000Z

Just openssh or any SSH server. If you can't connect to an openssh servrr, post the logs and configs.

Answer 26 · 2019-01-06T17:19:35.000Z

Just openssh or any SSH server. If you can't connect to an openssh servrr, post the logs and configs.

still not working even with real password, here are configs and log files.
honsshcfg.txt
logs.txt
userscofg.txt

Answer 27 · 2019-01-06T17:26:52.000Z

Are those logs up to date? It still says an old SSH banner...

Answer 28 · 2019-01-06T17:29:37.000Z

after removing banner, latest update is
[HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 3
reason: couldn't match all kex parts

and complete log
2019-01-06 09:21:05-0800 [-] Log opened.
2019-01-06 09:21:05-0800 [-] twistd 15.1.0 (/usr/bin/python 2.7.12) starting up.
2019-01-06 09:21:05-0800 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2019-01-06 09:21:05-0800 [-] HonsshServerFactory starting on 2222
2019-01-06 09:21:05-0800 [-] Starting factory <honssh.server.HonsshServerFactory instance at 0xb6b8626c>
2019-01-06 09:21:05-0800 [HonsshSlimClientTransport,client] [CLIENT] - Got SSH Version String: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6
2019-01-06 09:21:05-0800 [HonsshSlimClientTransport,client] Disconnecting with error, code 10
reason: user closed connection
2019-01-06 09:21:05-0800 [HonsshSlimClientTransport,client] connection lost
2019-01-06 09:21:05-0800 [HonsshSlimClientTransport,client] [HONSSH] - HonSSH Boot Sequence Complete - Ready for attacks!
2019-01-06 09:21:05-0800 [HonsshSlimClientTransport,client] Stopping factory <honssh.client.HonsshSlimClientFactory instance at 0xb6b862ec>
2019-01-06 09:21:15-0800 [-] [PRE_AUTH] - Connecting to Honeypot: ubuntu (192.168.80.137:2244)
2019-01-06 09:21:15-0800 [-] [ADV-NET] - Advanced Networking disabled - Using client_addr
2019-01-06 09:21:15-0800 [-] Starting factory <honssh.client.HonsshClientFactory instance at 0xb6b90d8c>
2019-01-06 09:21:15-0800 [HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 3
reason: couldn't match all kex parts
2019-01-06 09:21:15-0800 [HonsshServerTransport,0,192.168.80.1] connection lost
2019-01-06 09:21:15-0800 [Uninitialized] [CLIENT] - New client connection
2019-01-06 09:21:15-0800 [HonsshClientTransport,client] Disconnecting with error, code 3
reason: couldn't match all kex parts
2019-01-06 09:21:15-0800 [HonsshClientTransport,client] connection lost
2019-01-06 09:21:15-0800 [HonsshClientTransport,client] [CLIENT] - Lost connection with the Honeypot (Server<->Honeypot not connected)
2019-01-06 09:21:15-0800 [HonsshClientTransport,client] Stopping factory <honssh.client.HonsshClientFactory instance at 0xb6b90d8c>
2019-01-06 09:21:25-0800 [-] [PRE_AUTH][ERROR] - COULD NOT CONNECT TO HONEYPOT AFTER 10 SECONDS - DISCONNECTING CLIENT
2019-01-06 09:21:25-0800 [-] Disconnecting with error, code 10
reason: user closed connection

Answer 29 · 2019-01-06T17:38:50.000Z

Are those logs up to date? It still says an old SSH banner...

sorry my mistake, my last reply is with latest log results, with remove banner.

Answer 30 · 2019-01-07T18:37:25.000Z

So I've just built a lab with Ubuntu 16.04 and found it connected fine. Here are my versions, please can you check them against yours?

root@honssh-vm:~/honssh# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.5 LTS
Release:        16.04
Codename:       xenial

root@honssh-vm:~/honssh# python --version
Python 2.7.12

root@honssh-vm:~/honssh# pip freeze | grep "cryptography\|pycrypto\|Twisted"
cryptography==2.4.2
pycrypto==2.6.1
Twisted==18.9.0

and here is my log file showing the connection:

2019-01-07T18:32:13+0000 [-] Loading honssh.tac...
2019-01-07T18:32:13+0000 [-] [SERVER] - Acquiring SSH Version String from honey_ip:honey_port
2019-01-07T18:32:13+0000 [honssh.client.HonsshSlimClientFactory#info] Starting factory <honssh.client.HonsshSlimClientFactory instance at 0x7fd2ee5cb830>
2019-01-07T18:32:13+0000 [-] Loaded.
2019-01-07T18:32:13+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] twistd 18.9.0 (/usr/bin/python 2.7.12) starting up.
2019-01-07T18:32:13+0000 [twisted.scripts._twistd_unix.UnixAppLogger#info] reactor class: twisted.internet.epollreactor.EPollReactor.
2019-01-07T18:32:13+0000 [-] HonsshServerFactory starting on 2222
2019-01-07T18:32:13+0000 [honssh.server.HonsshServerFactory#info] Starting factory <honssh.server.HonsshServerFactory instance at 0x7fd2ee5cb8c0>
2019-01-07T18:32:13+0000 [HonsshSlimClientTransport,client] [CLIENT] - Got SSH Version String: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.4
2019-01-07T18:32:13+0000 [HonsshSlimClientTransport,client] Disconnecting with error, code 10
        reason: user closed connection
2019-01-07T18:32:13+0000 [HonsshSlimClientTransport,client] connection lost
2019-01-07T18:32:13+0000 [HonsshSlimClientTransport,client] [HONSSH] - HonSSH Boot Sequence Complete - Ready for attacks!
2019-01-07T18:32:13+0000 [honssh.client.HonsshSlimClientFactory#info] Stopping factory <honssh.client.HonsshSlimClientFactory instance at 0x7fd2ee5cb830>
2019-01-07T18:32:27+0000 [HonsshServerTransport,0,192.168.100.9] kex alg, key alg: 'diffie-hellman-group14-sha1' 'ssh-rsa'
2019-01-07T18:32:27+0000 [HonsshServerTransport,0,192.168.100.9] outgoing: 'aes256-ctr' 'hmac-sha1' 'none'
2019-01-07T18:32:27+0000 [HonsshServerTransport,0,192.168.100.9] incoming: 'aes256-ctr' 'hmac-sha1' 'none'
2019-01-07T18:32:27+0000 [-] [PRE_AUTH] - Connecting to Honeypot: ubuntu (192.168.100.137:2244)
2019-01-07T18:32:27+0000 [-] [ADV-NET] - Advanced Networking disabled - Using client_addr
2019-01-07T18:32:27+0000 [honssh.client.HonsshClientFactory#info] Starting factory <honssh.client.HonsshClientFactory instance at 0x7fd2ee5cba28>
2019-01-07T18:32:27+0000 [Uninitialized] [CLIENT] - New client connection
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] kex alg, key alg: 'ecdh-sha2-nistp256' 'ecdsa-sha2-nistp256'
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] outgoing: 'aes256-ctr' 'hmac-sha2-512' 'none'
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] incoming: 'aes256-ctr' 'hmac-sha2-512' 'none'
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] REVERSE
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] NEW KEYS
2019-01-07T18:32:27+0000 [HonsshClientTransport,client] [CLIENT] - Client Connection Secured
2019-01-07T18:32:27+0000 [HonsshServerTransport,0,192.168.100.9] NEW KEYS
2019-01-07T18:32:28+0000 [-] [PRE_AUTH] - CLIENT CONNECTED, REPLAYING BUFFERED PACKETS
2019-01-07T18:32:31+0000 [HonsshClientTransport,client] [SSH] - Detected Public Key Auth - Disabling!
2019-01-07T18:32:32+0000 [-] [POST_AUTH] - SUCCESS = FALSE, NOT POST-AUTHING
2019-01-07T18:32:35+0000 [HonsshServerTransport,0,192.168.100.9] [TERM] - Entered command: exit
2019-01-07T18:32:35+0000 [HonsshServerTransport,0,192.168.100.9] Disconnecting with error, code 10
        reason: user closed connection
2019-01-07T18:32:35+0000 [HonsshServerTransport,0,192.168.100.9] connection lost
2019-01-07T18:32:35+0000 [HonsshServerTransport,0,192.168.100.9] [OUTPUT] - Lost Connection with the attacker: 192.168.100.9
2019-01-07T18:32:35+0000 [HonsshClientTransport,client] connection lost
2019-01-07T18:32:35+0000 [HonsshClientTransport,client] [CLIENT] - Lost connection with the Honeypot: ubuntu (192.168.100.137:2244)
2019-01-07T18:32:35+0000 [honssh.client.HonsshClientFactory#info] Stopping factory <honssh.client.HonsshClientFactory instance at 0x7fd2ee5cba28>

Answer 31 · 2019-01-08T20:28:48.000Z

Thanks, honssh worked for me finally.

Answer 32 · 2019-01-09T08:28:44.000Z

Glad to hear it. What was the issue?

Answer 33 · 2019-01-09T17:17:01.000Z

it was twisted, i tried with 17.1.0 and all went fine.

after removing banner, latest update is [HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 3 reason: couldn't match all kex parts

after removing banner, latest update is
[HonsshServerTransport,0,192.168.80.1] Disconnecting with error, code 3
reason: couldn't match all kex parts