cowrie/wardenfiler: Store credentials for both successful and unsuccessful attempts

Review changes
Download
Patches
Plain diff

Merged cowrie/wardenfiler: Store credentials for both successful and unsuccessful attempts

Overview 2
Commits 7
Pipelines 0
Changes 1

Merged Pavel Valach requested to merge cowrie-credentials into master 5 months ago

Overview 2
Commits 7
Pipelines 0
Changes 1

Format used is [{"Username": "pavel", "Password": "pass"}]. There is an additional "Type": ["AcceptedByServer"] property, used for credentials which the honeypot allowed.

All attempted credentials are first stored in a session. Then, when the session is closed, they are stored in the aggregation under the AID key (the aggregation ID (AID) "src_ip,dst_ip"). The credentials are flushed from the aggregation when the aggregation window expires. They are included in the Attempt.Login event.

With the successful login (event type Intrusion.UserCompromise), only the accepted pair of username/password is sent with that event.

Edited 5 months ago by Pavel Valach

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

0 Assignees

0 Reviewers

Request review from

Labels

None

Select labels

Manage project labels

Milestone

None

Time tracking

No estimate or time spent

0 Participants

There are currently no pipelines.

To run a merge request pipeline, the jobs in the CI/CD configuration file must be configured to run in merge request pipelines and you must have sufficient permissions in the source project.