Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • 713/warden/warden-connectors
1 result
Show changes
Commits on Source (2)
  • Pavel Valach's avatar
    Dionaea: Move credentials in IDEA to a top-level key "Credentials" · 5d4dbcda
    Pavel Valach authored 
    This is a proposed change that would store the credentials
at the top level key "Credentials" of the IDEA event JSON,
in this way:

{
...
"Credentials":
[
	{
		"Username": "paulos",
		"Password": "changeme",
		"Note: "Credentials used by attacker used for simulated honeypot login"
	}
]
...
}

In the future, this allows for inclusion of supplemental information
such as public keys, domain, or other types of credentials.
It felt correct to give it its own key to differentiate from the
"Attach" collection, where the content is strictly string, while here,
a JSON object is used directly.
    5d4dbcda
  • Pavel Valach's avatar
    Dionaea: Removed note from credentials · ff7b9210
    Pavel Valach authored 
    The meaning should be pretty clear even without the note.
    ff7b9210
Hide whitespace changes
Inline Side-by-side
dionaea/log_wardenfiler.py
View file @ ff7b9210
......@@ -197,12 +197,8 @@ class LogWardenfilerHandler(ihandler):
if (self.anon_mask_4 < 32) and (not ':' in dst_ip) or (self.anon_mask_6 < 128):
sevent["Target"][0]["Anonymised"] = "true"
if len(a["creds"]):
attach = {
"Type": ["Credentials"],
"Note": "Credentials used by attacker used for simulated honeypot login",
"Credentials": a["creds"]
}
sevent["Attach"] = attach
creds = a["creds"]
sevent["Credentials"] = creds
self._save_event(sevent)
logger.info("sending scanning event for %s probing %s (%i times)" % (src_ip, dst_ip, c))
self.attackers = {}
......@@ -243,14 +239,11 @@ class LogWardenfilerHandler(ihandler):
event["Note"] = p[s["proto"]] + " successful login"
else:
event["Note"] = "Successful login attempt"
attach = {
"Type": ["Credentials"],
"Note": "Credentials used by attacker used for simulated honeypot login",
"Credentials": s["creds"]
}
if "Attach" not in event:
event["Attach"] = []
event["Attach"].append(attach)
creds = s["creds"]
if "Credentials" not in event:
event["Credentials"] = []
event["Credentials"].extend(creds)
else:
# login without password or similar thing
event["Category"].append("Recon.Scanning")
......