|
|
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|
|
# |
|
|
# Filename: package/.../nepenthes/nepenthes-0.2.0-update-r1345.patch |
|
|
# Copyright (C) 2007 The OpenSDE Project |
|
|
# |
|
|
# More information can be found in the files COPYING and README. |
|
|
# |
|
|
# This patch file is dual-licensed. It is available under the license the |
|
|
# patched project is licensed under, as long as it is an OpenSource license |
|
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|
|
# of the GNU General Public License as published by the Free Software |
|
|
# Foundation; either version 2 of the License, or (at your option) any later |
|
|
# version. |
|
|
# --- SDE-COPYRIGHT-NOTE-END --- |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/conf/nepenthes.conf.dist nepenthes-0.2.0-r1345/conf/nepenthes.conf.dist |
|
|
--- nepenthes-0.2.0/conf/nepenthes.conf.dist 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/conf/nepenthes.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -35,10 +35,12 @@ |
|
|
// "submitnorman.so", "submit-norman.conf", "" |
|
|
// "submitnepenthes.so", "submit-nepenthes.conf", "" // send to download-nepenthes in other nepenthes instances |
|
|
// "submitxmlrpc.so", "submit-xmlrpc.conf", "" // submit files to a xmlrpc server |
|
|
+// "submithttp.so", "submit-http.conf", "" // submit files to a web server |
|
|
|
|
|
// logging |
|
|
"logdownload.so", "log-download.conf", "" |
|
|
// "logirc.so", "log-irc.conf", "" // needs configuration |
|
|
+// "logprelude.so", "log-prelude.conf", "" |
|
|
|
|
|
|
|
|
// dumping and logging |
|
|
diff -ruN nepenthes-0.2.0/configure.ac nepenthes-0.2.0-r1345/configure.ac |
|
|
--- nepenthes-0.2.0/configure.ac 2006-11-13 20:50:47.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/configure.ac 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -201,6 +201,9 @@ |
|
|
# libdl |
|
|
AC_SUBST([LIB_DL]) |
|
|
|
|
|
+# libssh |
|
|
+AC_SUBST([LIB_SSH]) |
|
|
+ |
|
|
dnl ************************************************** |
|
|
dnl * libdl linking flag * |
|
|
dnl ************************************************** |
|
|
@@ -788,12 +791,11 @@ |
|
|
AC_DEFINE(HAVE_LIBPRELUDE, 1,[Define if you want to use libprelude]) |
|
|
PRELUDE_LDFLAGS=`$LIBPRELUDE_CONFIG --ldflags` |
|
|
PRELUDE_LIBS=`$LIBPRELUDE_CONFIG --libs` |
|
|
- PRELUDE_CPPFLAGS=`$LIBPRELUDE_CONFIG --cflags` |
|
|
+ PRELUDE_CPPFLAGS=`$LIBPRELUDE_CONFIG --pthread-cflags` |
|
|
|
|
|
LIB_PRELUDE="$PRELUDE_LIBS" |
|
|
LDFLAG_PRELUDE="$PRELUDE_LDFLAGS" |
|
|
- CPPFLAG="$PRELUDE_CPPFLAGS" |
|
|
- |
|
|
+ CPPFLAGS="$CPPFLAGS $PRELUDE_CPPFLAGS" |
|
|
fi |
|
|
fi |
|
|
|
|
|
@@ -913,6 +915,8 @@ |
|
|
modules/submit-gotek/Makefile |
|
|
modules/submit-norman/Makefile |
|
|
modules/submit-postgres/Makefile |
|
|
+ modules/submit-http/Makefile |
|
|
+ modules/submit-mwserv/Makefile |
|
|
modules/vuln-asn1/Makefile |
|
|
modules/vuln-bagle/Makefile |
|
|
modules/vuln-dameware/Makefile |
|
|
@@ -931,6 +935,7 @@ |
|
|
modules/vuln-pnp/Makefile |
|
|
modules/vuln-realvnc/Makefile |
|
|
modules/vuln-sasserftpd/Makefile |
|
|
+ modules/vuln-sav/Makefile |
|
|
modules/vuln-ssh/Makefile |
|
|
modules/vuln-sub7/Makefile |
|
|
modules/vuln-upnp/Makefile |
|
|
diff -ruN nepenthes-0.2.0/modules/Makefile.am nepenthes-0.2.0-r1345/modules/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/Makefile.am 2006-11-13 20:40:11.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -4,11 +4,11 @@ |
|
|
|
|
|
SUBDIRS = download-creceive download-csend download-curl download-ftp download-http download-link download-tftp download-rcp\ |
|
|
log-download log-irc \ |
|
|
- submit-file submit-gotek submit-norman submit-postgres\ |
|
|
+ submit-file submit-gotek submit-norman submit-postgres submit-http submit-mwserv \ |
|
|
shellcode-generic shellemu-winnt \ |
|
|
vuln-asn1 vuln-bagle vuln-dcom vuln-iis vuln-kuang2 vuln-lsass \ |
|
|
vuln-msdtc vuln-msmq vuln-mssql vuln-mydoom \ |
|
|
- vuln-netbiosname vuln-netdde vuln-optix vuln-pnp vuln-sasserftpd \ |
|
|
+ vuln-netbiosname vuln-netdde vuln-optix vuln-pnp vuln-sasserftpd vuln-sav \ |
|
|
vuln-sub7 vuln-upnp vuln-veritas vuln-wins vuln-dameware vuln-ssh vuln-realvnc \ |
|
|
module-portwatch module-honeytrap module-bridge module-peiros\ |
|
|
dnsresolve-adns \ |
|
|
diff -ruN nepenthes-0.2.0/modules/dnsresolve-adns/Makefile.am nepenthes-0.2.0-r1345/modules/dnsresolve-adns/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/dnsresolve-adns/Makefile.am 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/dnsresolve-adns/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -12,4 +12,4 @@ |
|
|
|
|
|
dnsresolveadns_la_SOURCES = dnsresolve-adns.cpp dnsresolve-adns.hpp |
|
|
|
|
|
-dnsresolveadns_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+dnsresolveadns_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/dnsresolve-adns/dnsresolve-adns.cpp nepenthes-0.2.0-r1345/modules/dnsresolve-adns/dnsresolve-adns.cpp |
|
|
--- nepenthes-0.2.0/modules/dnsresolve-adns/dnsresolve-adns.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/dnsresolve-adns/dnsresolve-adns.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -47,6 +47,7 @@ |
|
|
|
|
|
|
|
|
#include "EventManager.hpp" |
|
|
+#include "Nepenthes.hpp" |
|
|
|
|
|
using namespace std; |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/download-creceive/CReceiveDialogue.cpp nepenthes-0.2.0-r1345/modules/download-creceive/CReceiveDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/download-creceive/CReceiveDialogue.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/download-creceive/CReceiveDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -87,7 +87,7 @@ |
|
|
|
|
|
CReceiveDialogue::~CReceiveDialogue() |
|
|
{ |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
// delete m_Buffer; |
|
|
delete m_Download; |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/download-curl/Makefile.am nepenthes-0.2.0-r1345/modules/download-curl/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/download-curl/Makefile.am 2006-11-13 20:40:06.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/download-curl/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -12,4 +12,4 @@ |
|
|
|
|
|
downloadcurl_la_SOURCES = download-curl.conf.dist download-curl.hpp download-curl.cpp |
|
|
|
|
|
-downloadcurl_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+downloadcurl_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/download-curl/download-curl.cpp nepenthes-0.2.0-r1345/modules/download-curl/download-curl.cpp |
|
|
--- nepenthes-0.2.0/modules/download-curl/download-curl.cpp 2006-11-13 20:40:06.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/download-curl/download-curl.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -230,7 +230,9 @@ |
|
|
down->getDownloadUrl()->getPort(), |
|
|
down->getDownloadUrl()->getPath().c_str()); |
|
|
// string auth = down->getDownloadUrl()->getUser() + ":" + down->getDownloadUrl()->getPass(); |
|
|
+#if LIBCURL_VERSION_NUM < 0x071000 |
|
|
curl_easy_setopt(pCurlHandle, CURLOPT_SOURCE_USERPWD,(char *)down->getDownloadUrl()->getAuth().c_str()); |
|
|
+#endif |
|
|
curl_easy_setopt(pCurlHandle, CURLOPT_USERPWD,(char *)down->getDownloadUrl()->getAuth().c_str()); |
|
|
curl_easy_setopt(pCurlHandle, CURLOPT_URL , url); |
|
|
curl_easy_setopt(pCurlHandle, CURLOPT_FTP_RESPONSE_TIMEOUT, 120); // 2 min ftp timeout |
|
|
diff -ruN nepenthes-0.2.0/modules/download-http/HTTPDialogue.cpp nepenthes-0.2.0-r1345/modules/download-http/HTTPDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/download-http/HTTPDialogue.cpp 2006-11-13 20:40:04.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/download-http/HTTPDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -178,7 +178,7 @@ |
|
|
if ( end == NULL ) |
|
|
{ |
|
|
logWarn("HTTP ERROR header found %i\n", size); |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)start,size); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)start,size); |
|
|
return CL_DROP; |
|
|
}else |
|
|
if ( end != NULL ) |
|
|
diff -ruN nepenthes-0.2.0/modules/download-link/LinkDialogue.cpp nepenthes-0.2.0-r1345/modules/download-link/LinkDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/download-link/LinkDialogue.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/download-link/LinkDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -122,7 +122,7 @@ |
|
|
case LINK_NULL: |
|
|
{ |
|
|
m_Buffer->add(msg->getMsg(),msg->getSize()); |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
msg->getResponder()->doRespond((char *)&m_Challenge,4); |
|
|
|
|
|
m_State = LINK_FILE; |
|
|
diff -ruN nepenthes-0.2.0/modules/log-irc/log-irc.cpp nepenthes-0.2.0-r1345/modules/log-irc/log-irc.cpp |
|
|
--- nepenthes-0.2.0/modules/log-irc/log-irc.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-irc/log-irc.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -171,7 +171,7 @@ |
|
|
} |
|
|
// m_Nepenthes->getSocketMgr()->bindTCPSocket(0,10002,0,45,this); |
|
|
|
|
|
- g_Nepenthes->getLogMgr()->addLogger(this,l_dl|l_sub); |
|
|
+ g_Nepenthes->getLogMgr()->addLogger(this,l_all); |
|
|
return true; |
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/log-prelude/Makefile.am nepenthes-0.2.0-r1345/modules/log-prelude/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/log-prelude/Makefile.am 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-prelude/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -4,7 +4,7 @@ |
|
|
|
|
|
AUTOMAKE_OPTIONS = foreign |
|
|
|
|
|
-AM_CPPFLAGS = -I/usr/include/libprelude -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE $(CPPFLAG_PRELUDE) |
|
|
+AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE |
|
|
AM_CXXFLAGS = -Wall |
|
|
AM_LDFLAGS = $(LDFLAG_PRELUDE) ${LIB_PRELUDE} |
|
|
|
|
|
@@ -12,5 +12,5 @@ |
|
|
|
|
|
logprelude_la_SOURCES = log-prelude.cpp log-prelude.hpp log-prelude.conf.dist |
|
|
|
|
|
-logprelude_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+logprelude_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/log-prelude/log-prelude.conf.dist nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.conf.dist |
|
|
--- nepenthes-0.2.0/modules/log-prelude/log-prelude.conf.dist 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -1,7 +1,9 @@ |
|
|
log-prelude |
|
|
{ |
|
|
- analyzerClass "NIDS"; |
|
|
- analyzerModel "nepenthes"; |
|
|
- analyzerName "nepenthes"; |
|
|
- |
|
|
+ |
|
|
+ // Name of the Prelude analyzer to use (default is nepenthes). |
|
|
+ // analyzerName "nepenthes"; |
|
|
+ |
|
|
+ // Name of the Prelude profile to use (default is nepenthes). |
|
|
+ // analyzerProfile "nepenthes"; |
|
|
}; |
|
|
diff -ruN nepenthes-0.2.0/modules/log-prelude/log-prelude.cpp nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.cpp |
|
|
--- nepenthes-0.2.0/modules/log-prelude/log-prelude.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.cpp 2007-08-06 00:48:07.000000000 +0200 |
|
|
@@ -27,14 +27,6 @@ |
|
|
|
|
|
/* $Id: log-prelude.cpp 550 2006-05-04 10:25:35Z common $ */ |
|
|
|
|
|
-#ifdef HAVE_LIBPRELUDE |
|
|
-#include <prelude.h> |
|
|
-#include <libprelude/prelude-log.h> |
|
|
-#include <idmef-message-print.h> |
|
|
-#include <prelude-io.h> |
|
|
-#include <libprelude/prelude-timer.h> |
|
|
-#endif |
|
|
- |
|
|
#include <arpa/inet.h> |
|
|
#include "log-prelude.hpp" |
|
|
#include "Nepenthes.hpp" |
|
|
@@ -63,7 +55,11 @@ |
|
|
|
|
|
#define STDTAGS l_mod | l_ev | l_hlr |
|
|
#define ANALYZER_MANUFACTURER "http://nepenthes.sf.net" |
|
|
-#define NEPENTHES_VERSION "$Rev: 550 $" |
|
|
+#define DEFAULT_ANALYZER_NAME "nepenthes" |
|
|
+#define DEFAULT_ANALYZER_PROFILE "nepenthes" |
|
|
+#define ANALYZER_MODEL "Nepenthes" |
|
|
+#define ANALYZER_CLASS "Honeypot" |
|
|
+#define ANALYZER_MANUFACTURER "http://nepenthes.mwcollect.org/" |
|
|
|
|
|
|
|
|
|
|
|
@@ -132,28 +128,21 @@ |
|
|
|
|
|
#ifdef HAVE_LIBPRELUDE |
|
|
|
|
|
- if ( m_Config == NULL ) |
|
|
- { |
|
|
- logCrit("I need a config\n"); |
|
|
- return false; |
|
|
- } |
|
|
- |
|
|
- string analyzerClass; |
|
|
- string analyzerModel; |
|
|
string analyzerName; |
|
|
- |
|
|
- try |
|
|
- { |
|
|
- analyzerClass = (m_Config->getValString("log-prelude.analyzerClass")); |
|
|
- analyzerModel = m_Config->getValString("log-prelude.analyzerModel"); |
|
|
- analyzerName = m_Config->getValString("log-prelude.analyzerName"); |
|
|
- |
|
|
- } catch ( ... ) |
|
|
- { |
|
|
- logCrit("Error setting needed vars, check your config\n"); |
|
|
- return false; |
|
|
- } |
|
|
- |
|
|
+ string analyzerProfile; |
|
|
+ |
|
|
+ try { |
|
|
+ analyzerName = m_Config->getValString("log-prelude.analyzerName"); |
|
|
+ } catch ( ... ) { |
|
|
+ analyzerName = DEFAULT_ANALYZER_NAME; |
|
|
+ } |
|
|
+ |
|
|
+ try { |
|
|
+ analyzerProfile = m_Config->getValString("log-prelude.analyzerProfile"); |
|
|
+ } catch ( ... ) { |
|
|
+ analyzerProfile = DEFAULT_ANALYZER_PROFILE; |
|
|
+ } |
|
|
+ |
|
|
m_ModuleManager = m_Nepenthes->getModuleMgr(); |
|
|
m_Events.set(EV_SOCK_TCP_ACCEPT); |
|
|
m_Events.set(EV_SOCK_TCP_CLOSE); |
|
|
@@ -163,44 +152,39 @@ |
|
|
m_Events.set(EV_DOWNLOAD); |
|
|
m_Events.set(EV_SUBMISSION); |
|
|
|
|
|
- |
|
|
- const char *profile, *config; |
|
|
- |
|
|
- config = NULL; |
|
|
- profile = analyzerName.c_str(); |
|
|
- |
|
|
- |
|
|
- |
|
|
- |
|
|
int32_t ret; |
|
|
// Initialize Prelude Library |
|
|
ret = prelude_init(NULL, NULL); |
|
|
- if ( ret < 0 ) |
|
|
+ if ( ret < 0 ) { |
|
|
logCrit("%s: Unable to initialize the Prelude library: %s.\n", |
|
|
prelude_strsource(ret), |
|
|
prelude_strerror(ret)); |
|
|
+ return false; |
|
|
+ } |
|
|
|
|
|
// generate a new Prelude client |
|
|
- ret = prelude_client_new(&m_PreludeClient, profile); |
|
|
+ ret = prelude_client_new(&m_PreludeClient, analyzerProfile.c_str()); |
|
|
|
|
|
- if ( ret < 0 ) |
|
|
+ if ( ret < 0 ) { |
|
|
logCrit("%s: Unable to create a prelude client object: %s.\n", |
|
|
prelude_strsource(ret), |
|
|
prelude_strerror(ret)); |
|
|
+ return false; |
|
|
+ } |
|
|
|
|
|
- |
|
|
+ |
|
|
// set options in the analyzer-part of the client |
|
|
prelude_string_t *string; |
|
|
|
|
|
- ret = idmef_analyzer_new_model(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ ret = idmef_analyzer_new_class(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
if ( ret < 0 ) |
|
|
return false; |
|
|
- prelude_string_set_constant(string, analyzerModel.c_str()); |
|
|
- |
|
|
- ret = idmef_analyzer_new_class(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ prelude_string_set_constant(string, ANALYZER_CLASS); |
|
|
+ |
|
|
+ ret = idmef_analyzer_new_model(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
if ( ret < 0 ) |
|
|
return false; |
|
|
- prelude_string_set_constant(string, analyzerClass.c_str()); |
|
|
+ prelude_string_set_constant(string, ANALYZER_MODEL); |
|
|
|
|
|
ret = idmef_analyzer_new_manufacturer(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
if ( ret < 0 ) |
|
|
@@ -209,28 +193,31 @@ |
|
|
|
|
|
ret = idmef_analyzer_new_version(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
if ( ret < 0 ) |
|
|
- return false; |
|
|
- |
|
|
- prelude_string_set_constant(string, NEPENTHES_VERSION); |
|
|
+ return false; |
|
|
+ prelude_string_set_constant(string, VERSION); |
|
|
|
|
|
-// start the Prelude Client |
|
|
+ ret = idmef_analyzer_new_name(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ if ( ret < 0 ) |
|
|
+ return false; |
|
|
+ prelude_string_set_dup(string, analyzerName.c_str()); |
|
|
+ |
|
|
+ // start the Prelude Client |
|
|
ret = prelude_client_start(m_PreludeClient); |
|
|
if ( ret < 0 ) |
|
|
{ |
|
|
- if ( prelude_client_is_setup_needed(ret) ) |
|
|
- prelude_client_print_setup_error(m_PreludeClient); |
|
|
- |
|
|
logCrit("%s: Unable to initialize prelude client: %s.\n", |
|
|
prelude_strsource(ret), prelude_strerror(ret)); |
|
|
+ return false; |
|
|
} |
|
|
|
|
|
-// set async Prelude Flags for the client, makes the application multithreaded |
|
|
- ret = prelude_client_set_flags(m_PreludeClient, (prelude_client_flags_t) (PRELUDE_CLIENT_FLAGS_CONNECT | PRELUDE_CLIENT_FLAGS_ASYNC_SEND | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER)); |
|
|
- if ( ret < 0 ) |
|
|
+ // set async Prelude Flags for the client, makes the application multithreaded |
|
|
+ ret = prelude_client_set_flags(m_PreludeClient, (prelude_client_flags_t) (PRELUDE_CLIENT_FLAGS_CONNECT | PRELUDE_CLIENT_FLAGS_ASYNC_SEND | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER)); |
|
|
+ if ( ret < 0 ) { |
|
|
logCrit("%s: Unable to set asynchronous send and timer: %s.\n", |
|
|
prelude_strsource(ret), |
|
|
prelude_strerror(ret)); |
|
|
- |
|
|
+ return false; |
|
|
+ } |
|
|
|
|
|
REG_EVENT_HANDLER(this); |
|
|
return true; |
|
|
@@ -274,7 +261,7 @@ |
|
|
idmef_value_t *val; |
|
|
idmef_path_t *path; |
|
|
|
|
|
- ret = idmef_path_new(&path, object); |
|
|
+ ret = idmef_path_new_fast(&path, object); |
|
|
if ( ret < 0 ) |
|
|
{ |
|
|
logWarn("imdef error #1 %s -> %s %i (%s) \n",object,value,ret, prelude_strerror(ret)); |
|
|
@@ -376,7 +363,6 @@ |
|
|
|
|
|
add_idmef_object(idmef, "alert.classification.text" ,"TCP Connection established"); |
|
|
add_idmef_object(idmef, "alert.classification.ident", EV_SOCK_TCP_ACCEPT); |
|
|
-// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
|
|
|
|
|
|
add_idmef_object(idmef, "alert.source(0).Spoofed" ,"no"); |
|
|
@@ -449,7 +435,6 @@ |
|
|
|
|
|
add_idmef_object(idmef, "alert.classification.text" ,"TCP Connection closed"); |
|
|
add_idmef_object(idmef, "alert.classification.ident", EV_SOCK_TCP_CLOSE); |
|
|
-// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
|
|
|
|
|
|
add_idmef_object(idmef, "alert.source(0).Service.protocol" ,"TCP"); |
|
|
@@ -515,7 +500,6 @@ |
|
|
// hl: added ident |
|
|
add_idmef_object(idmef, "alert.classification.ident", EV_SHELLCODE_DONE); |
|
|
|
|
|
- // add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
|
|
|
|
|
|
add_idmef_object(idmef, "alert.source(0).Spoofed" ,"no"); |
|
|
diff -ruN nepenthes-0.2.0/modules/log-prelude/log-prelude.cpp~ nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.cpp~ |
|
|
--- nepenthes-0.2.0/modules/log-prelude/log-prelude.cpp~ 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.cpp~ 2006-11-13 20:40:08.000000000 +0100 |
|
|
@@ -0,0 +1,857 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id: log-prelude.cpp 550 2006-05-04 10:25:35Z common $ */ |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+#include <prelude.h> |
|
|
+#include <libprelude/prelude-log.h> |
|
|
+#include <idmef-message-print.h> |
|
|
+#include <prelude-io.h> |
|
|
+#include <libprelude/prelude-timer.h> |
|
|
+#endif |
|
|
+ |
|
|
+#include <arpa/inet.h> |
|
|
+#include "log-prelude.hpp" |
|
|
+#include "Nepenthes.hpp" |
|
|
+#include "LogManager.hpp" |
|
|
+#include "EventManager.hpp" |
|
|
+#include "SubmitEvent.hpp" |
|
|
+ |
|
|
+#include "Download.hpp" |
|
|
+#include "DownloadUrl.hpp" |
|
|
+#include "DownloadBuffer.hpp" |
|
|
+ |
|
|
+#include "Socket.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
+#include "Message.hpp" |
|
|
+#include "Utilities.hpp" |
|
|
+#include "Config.hpp" |
|
|
+#include "ShellcodeHandler.hpp" |
|
|
+ |
|
|
+ |
|
|
+using namespace nepenthes; |
|
|
+ |
|
|
+#ifdef STDTAGS |
|
|
+#undef STDTAGS |
|
|
+#endif |
|
|
+ |
|
|
+#define STDTAGS l_mod | l_ev | l_hlr |
|
|
+#define ANALYZER_MANUFACTURER "http://nepenthes.sf.net" |
|
|
+#define NEPENTHES_VERSION "$Rev: 550 $" |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * as we may need a global pointer to our Nepenthes in our modules, |
|
|
+ * and cant access the cores global pointer to nepenthes |
|
|
+ * we have to use a own global pointer to nepenthes per module |
|
|
+ * we need this pointer for logInfo() etc |
|
|
+ */ |
|
|
+Nepenthes *g_Nepenthes; |
|
|
+ |
|
|
+/** |
|
|
+ * Constructor |
|
|
+ * creates a new LogPrelude Module, where x% is public Module, public EventHandler |
|
|
+ * - sets the ModuleName |
|
|
+ * - sets the ModuleDescription |
|
|
+ * - sets the EventHandlerName |
|
|
+ * - sets the EventHandlerDescription |
|
|
+ * - sets the EventHandlers Timeout |
|
|
+ * - sets the Modules global pointer to the Nepenthes |
|
|
+ * |
|
|
+ * @param nepenthes pointer to our nepenthes master class |
|
|
+ */ |
|
|
+LogPrelude::LogPrelude(Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ m_ModuleName = "log-prelude"; |
|
|
+ m_ModuleDescription = "event based prelude logger"; |
|
|
+ m_ModuleRevision = "$Rev: 550 $"; |
|
|
+ m_Nepenthes = nepenthes; |
|
|
+ |
|
|
+ m_EventHandlerName = "LogPreludeEventHandler"; |
|
|
+ m_EventHandlerDescription = "log events to a prelude database"; |
|
|
+ |
|
|
+// m_Timeout = time(NULL) + rand()%23; |
|
|
+ |
|
|
+ g_Nepenthes = nepenthes; |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ m_PreludeClient = NULL; |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * exerything important happens in ::Exit() as we have a return value there |
|
|
+ */ |
|
|
+LogPrelude::~LogPrelude() |
|
|
+{ |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * bool Module::Init() |
|
|
+ * setup Module specific values |
|
|
+ * here: |
|
|
+ * - register as EventHandler |
|
|
+ * - set wanted events |
|
|
+ * |
|
|
+ * @return returns true if everything was fine, else false |
|
|
+ * returning false will showup errors in warning a module |
|
|
+ */ |
|
|
+bool LogPrelude::Init() |
|
|
+{ |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ |
|
|
+ if ( m_Config == NULL ) |
|
|
+ { |
|
|
+ logCrit("I need a config\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ string analyzerClass; |
|
|
+ string analyzerModel; |
|
|
+ string analyzerName; |
|
|
+ |
|
|
+ try |
|
|
+ { |
|
|
+ analyzerClass = (m_Config->getValString("log-prelude.analyzerClass")); |
|
|
+ analyzerModel = m_Config->getValString("log-prelude.analyzerModel"); |
|
|
+ analyzerName = m_Config->getValString("log-prelude.analyzerName"); |
|
|
+ |
|
|
+ } catch ( ... ) |
|
|
+ { |
|
|
+ logCrit("Error setting needed vars, check your config\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ m_ModuleManager = m_Nepenthes->getModuleMgr(); |
|
|
+ m_Events.set(EV_SOCK_TCP_ACCEPT); |
|
|
+ m_Events.set(EV_SOCK_TCP_CLOSE); |
|
|
+ m_Events.set(EV_DIALOGUE_ASSIGN_AND_DONE); |
|
|
+ m_Events.set(EV_SHELLCODE_DONE); |
|
|
+ |
|
|
+ m_Events.set(EV_DOWNLOAD); |
|
|
+ m_Events.set(EV_SUBMISSION); |
|
|
+ |
|
|
+ |
|
|
+ const char *profile, *config; |
|
|
+ |
|
|
+ config = NULL; |
|
|
+ profile = analyzerName.c_str(); |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ int32_t ret; |
|
|
+// Initialize Prelude Library |
|
|
+ ret = prelude_init(NULL, NULL); |
|
|
+ if ( ret < 0 ) |
|
|
+ logCrit("%s: Unable to initialize the Prelude library: %s.\n", |
|
|
+ prelude_strsource(ret), |
|
|
+ prelude_strerror(ret)); |
|
|
+ |
|
|
+// generate a new Prelude client |
|
|
+ ret = prelude_client_new(&m_PreludeClient, profile); |
|
|
+ |
|
|
+ if ( ret < 0 ) |
|
|
+ logCrit("%s: Unable to create a prelude client object: %s.\n", |
|
|
+ prelude_strsource(ret), |
|
|
+ prelude_strerror(ret)); |
|
|
+ |
|
|
+ |
|
|
+ // set options in the analyzer-part of the client |
|
|
+ prelude_string_t *string; |
|
|
+ |
|
|
+ ret = idmef_analyzer_new_model(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ if ( ret < 0 ) |
|
|
+ return false; |
|
|
+ prelude_string_set_constant(string, analyzerModel.c_str()); |
|
|
+ |
|
|
+ ret = idmef_analyzer_new_class(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ if ( ret < 0 ) |
|
|
+ return false; |
|
|
+ prelude_string_set_constant(string, analyzerClass.c_str()); |
|
|
+ |
|
|
+ ret = idmef_analyzer_new_manufacturer(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ if ( ret < 0 ) |
|
|
+ return false; |
|
|
+ prelude_string_set_constant(string, ANALYZER_MANUFACTURER); |
|
|
+ |
|
|
+ ret = idmef_analyzer_new_version(prelude_client_get_analyzer(m_PreludeClient), &string); |
|
|
+ if ( ret < 0 ) |
|
|
+ return false; |
|
|
+ |
|
|
+ prelude_string_set_constant(string, NEPENTHES_VERSION); |
|
|
+ |
|
|
+// start the Prelude Client |
|
|
+ ret = prelude_client_start(m_PreludeClient); |
|
|
+ if ( ret < 0 ) |
|
|
+ { |
|
|
+ if ( prelude_client_is_setup_needed(ret) ) |
|
|
+ prelude_client_print_setup_error(m_PreludeClient); |
|
|
+ |
|
|
+ logCrit("%s: Unable to initialize prelude client: %s.\n", |
|
|
+ prelude_strsource(ret), prelude_strerror(ret)); |
|
|
+ } |
|
|
+ |
|
|
+// set async Prelude Flags for the client, makes the application multithreaded |
|
|
+ ret = prelude_client_set_flags(m_PreludeClient, (prelude_client_flags_t) (PRELUDE_CLIENT_FLAGS_CONNECT | PRELUDE_CLIENT_FLAGS_ASYNC_SEND | PRELUDE_CLIENT_FLAGS_ASYNC_TIMER)); |
|
|
+ if ( ret < 0 ) |
|
|
+ logCrit("%s: Unable to set asynchronous send and timer: %s.\n", |
|
|
+ prelude_strsource(ret), |
|
|
+ prelude_strerror(ret)); |
|
|
+ |
|
|
+ |
|
|
+ REG_EVENT_HANDLER(this); |
|
|
+ return true; |
|
|
+#else |
|
|
+ logCrit("Module log-prelude is compiled without libprelude, this wont work, reconfigure the whole source and recompile"); |
|
|
+ return false; |
|
|
+#endif |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * unregister as EventHandler, destroy the Prelude Client |
|
|
+ * |
|
|
+ * @return returns true if everything was fine |
|
|
+ */ |
|
|
+bool LogPrelude::Exit() |
|
|
+{ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ if( m_PreludeClient != NULL) |
|
|
+ { |
|
|
+ prelude_client_destroy(m_PreludeClient, (prelude_client_exit_status_t)(PRELUDE_CLIENT_EXIT_STATUS_SUCCESS)); |
|
|
+ prelude_deinit(); |
|
|
+ } |
|
|
+ // disabled by harald due to segfaults |
|
|
+ //UNREG_EVENT_HANDLER(this); |
|
|
+#endif |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * This function adds char * idmef values into an idmef message |
|
|
+ * |
|
|
+ */ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+int32_t add_idmef_object(idmef_message_t *message, const char *object, const char *value) |
|
|
+{ |
|
|
+ int32_t ret=0; |
|
|
+ idmef_value_t *val; |
|
|
+ idmef_path_t *path; |
|
|
+ |
|
|
+ ret = idmef_path_new(&path, object); |
|
|
+ if ( ret < 0 ) |
|
|
+ { |
|
|
+ logWarn("imdef error #1 %s -> %s %i (%s) \n",object,value,ret, prelude_strerror(ret)); |
|
|
+ return -1; |
|
|
+ } |
|
|
+ |
|
|
+ ret = idmef_value_new_from_path(&val, path, value); |
|
|
+ if ( ret < 0 ) |
|
|
+ { |
|
|
+ idmef_path_destroy(path); |
|
|
+ logWarn("imdef error #2 %s -> %s %i (%s) \n",object,value,ret, prelude_strerror(ret)); |
|
|
+ return -1; |
|
|
+ } |
|
|
+ |
|
|
+ ret = idmef_path_set(path, message, val); |
|
|
+ |
|
|
+ idmef_value_destroy(val); |
|
|
+ idmef_path_destroy(path); |
|
|
+ return ret; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * |
|
|
+ * This function adds int32_t idmef values into an idmef message |
|
|
+ */ |
|
|
+int32_t add_idmef_object(idmef_message_t *message, const char *object, int32_t i) |
|
|
+{ |
|
|
+ char value[20]; |
|
|
+ memset(value,0,20); |
|
|
+ snprintf(value,19,"%i",i); |
|
|
+ return add_idmef_object(message,object,value); |
|
|
+} |
|
|
+ |
|
|
+#endif |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * the handleEvent method is called whenever an event occurs |
|
|
+ * the EventHandler wanted to have. |
|
|
+ * |
|
|
+ * @param event the Event |
|
|
+ * |
|
|
+ * @return return 0 |
|
|
+ */ |
|
|
+uint32_t LogPrelude::handleEvent(Event *event) |
|
|
+{ |
|
|
+// logPF(); |
|
|
+// logInfo("Event %i\n",event->getType()); |
|
|
+ switch(event->getType()) |
|
|
+ { |
|
|
+ |
|
|
+ case EV_SOCK_TCP_ACCEPT: |
|
|
+ handleTCPaccept(event); |
|
|
+ break; |
|
|
+ |
|
|
+ case EV_SOCK_TCP_CLOSE: |
|
|
+ handleTCPclose(event); |
|
|
+ break; |
|
|
+ |
|
|
+ case EV_SUBMISSION: |
|
|
+ handleSubmission(event); |
|
|
+ break; |
|
|
+ |
|
|
+ case EV_DIALOGUE_ASSIGN_AND_DONE: |
|
|
+ handleDialogueAssignAndDone(event); |
|
|
+ break; |
|
|
+ |
|
|
+ case EV_SHELLCODE_DONE: |
|
|
+ handleShellcodeDone(event); |
|
|
+ break; |
|
|
+ |
|
|
+ |
|
|
+ case EV_DOWNLOAD: |
|
|
+ handleDownload(event); |
|
|
+ break; |
|
|
+ |
|
|
+ default: |
|
|
+ logWarn("this should not happen\n"); |
|
|
+ } |
|
|
+ return 0; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+void LogPrelude::handleTCPaccept(Event *event) |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+ logInfo("LogPrelude EVENT EV_SOCK_TCP_ACCEPT\n"); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ Socket *socket = ((SocketEvent *)event)->getSocket(); |
|
|
+ |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.classification.text" ,"TCP Connection established"); |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_SOCK_TCP_ACCEPT); |
|
|
+// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Spoofed" ,"no"); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.port" ,socket->getRemotePort()); |
|
|
+ |
|
|
+ uint32_t addr = socket->getRemoteHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.target(0).Decoy" ,"yes"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.port" ,socket->getLocalPort()); |
|
|
+ |
|
|
+ addr = socket->getLocalHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ idmef_time_t *time; |
|
|
+ |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ |
|
|
+ //prelude_string_t *field = idmef_alert_get_messageid(idmef_message_get_alert(idmef)); |
|
|
+ //const char *msgid = prelude_string_get_string(field); |
|
|
+ |
|
|
+ //logInfo("PreludeMessageID = %s \n",msgid); |
|
|
+ |
|
|
+ idmef_message_destroy(idmef); |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+void LogPrelude::handleTCPclose(Event *event) |
|
|
+{ |
|
|
+ |
|
|
+ Socket *socket = ((SocketEvent *)event)->getSocket(); |
|
|
+ |
|
|
+ if (! socket->isAccept()) |
|
|
+ { |
|
|
+ return; |
|
|
+ } |
|
|
+ |
|
|
+ logInfo("LogPrelude EVENT EV_SOCK_TCP_CLOSE\n"); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.classification.text" ,"TCP Connection closed"); |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_SOCK_TCP_CLOSE); |
|
|
+// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.port" ,socket->getRemotePort()); |
|
|
+ |
|
|
+ uint32_t addr = socket->getRemoteHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.port" ,socket->getLocalPort()); |
|
|
+ |
|
|
+ addr = socket->getLocalHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address",address.c_str()); |
|
|
+ |
|
|
+ idmef_time_t *time; |
|
|
+ |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ |
|
|
+// prelude_string_t *field = idmef_alert_get_messageid(idmef_message_get_alert(idmef)); |
|
|
+// const char *msgid = prelude_string_get_string(field); |
|
|
+ |
|
|
+// logInfo("CloseMessageID = %s \n",msgid); |
|
|
+ |
|
|
+ idmef_message_destroy(idmef); |
|
|
+ |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * Send idmef message when finished with the Shellcode |
|
|
+ * |
|
|
+ */ |
|
|
+void LogPrelude::handleShellcodeDone(Event *event) |
|
|
+{ |
|
|
+ logInfo("LogPrelude EVENT EV_SHELLCODE_DONE\n"); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ |
|
|
+ ShellcodeHandler *handler = ((ShellcodeEvent *)event)->getShellcodeHandler(); |
|
|
+ Socket *socket = ((ShellcodeEvent *)event)->getSocket(); |
|
|
+ |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ string shellcodeText = "Shellcode detected: " + handler->getShellcodeHandlerName(); |
|
|
+ add_idmef_object(idmef, "alert.classification.text", shellcodeText.c_str()); |
|
|
+ // hl: added ident |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_SHELLCODE_DONE); |
|
|
+ |
|
|
+ // add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Spoofed" ,"no"); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.port" ,socket->getRemotePort()); |
|
|
+ |
|
|
+ uint32_t addr = socket->getRemoteHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.target(0).Decoy" ,"yes"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.protocol" ,"TCP"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Service.port" ,socket->getLocalPort()); |
|
|
+ |
|
|
+ addr = socket->getLocalHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.description" ,"possible Shellcode has been detected."); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.severity" ,"medium"); |
|
|
+// add_idmef_object(idmef, "alert.assessment.impact.completion" ,"succeeded"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.type" ,"other"); |
|
|
+ |
|
|
+ |
|
|
+ // hl: added for additional information |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).type", "string"); |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).meaning", "Shellcode"); |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).data", handler->getShellcodeHandlerName().c_str()); |
|
|
+ |
|
|
+ |
|
|
+ idmef_time_t *time; |
|
|
+ |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ |
|
|
+// prelude_string_t *field = idmef_alert_get_messageid(idmef_message_get_alert(idmef)); |
|
|
+// const char *msgid = prelude_string_get_string(field); |
|
|
+// logInfo("RecvMessageID = %s \n",msgid); |
|
|
+ |
|
|
+ idmef_message_destroy(idmef); |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * |
|
|
+ * handle submitted files |
|
|
+ */ |
|
|
+void LogPrelude::handleSubmission(Event *event) |
|
|
+{ |
|
|
+ SubmitEvent *se = (SubmitEvent *)event; |
|
|
+ Download *down = se->getDownload(); |
|
|
+ |
|
|
+ logInfo("LogPrelude EVENT EV_SUBMISSION %s %s %i \n",down->getUrl().c_str(), |
|
|
+ down->getMD5Sum().c_str(), |
|
|
+ down->getDownloadBuffer()->getSize()); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ |
|
|
+ // generic information |
|
|
+ // hl: changed submited to submitted, added ident |
|
|
+ add_idmef_object(idmef, "alert.classification.text" ,"Malware submitted"); |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_SUBMISSION); |
|
|
+ |
|
|
+ string url = "http://nepenthes.sf.net/wiki/submission/" + down->getMD5Sum(); |
|
|
+ add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ add_idmef_object(idmef, "alert.classification.reference(0).url" ,url.c_str() ); |
|
|
+ |
|
|
+ |
|
|
+ // file name and info |
|
|
+ // hl: changed file tags because of DTD violation |
|
|
+ add_idmef_object(idmef, "alert.target(0).file(0).name" ,down->getDownloadUrl()->getFile().c_str()); |
|
|
+ add_idmef_object(idmef, "alert.target(0).file(0).path" ,down->getUrl().c_str()); |
|
|
+ add_idmef_object(idmef, "alert.target(0).file(0).category" ,"current"); |
|
|
+ add_idmef_object(idmef, "alert.target(0).file(0).ident" ,down->getMD5Sum().c_str()); |
|
|
+ add_idmef_object(idmef, "alert.target(0).file(0).data_size" ,down->getDownloadBuffer()->getSize()); |
|
|
+ |
|
|
+ //hl: some debug stuff, prelude-manager doesnt write the checksums into xml |
|
|
+ ret = add_idmef_object(idmef, "alert.target(0).file(0).checksum(0).algorithm" ,"MD5"); |
|
|
+ //logInfo("LogPrelude DEBUG MD5 %i\n", ret); |
|
|
+ ret = add_idmef_object(idmef, "alert.target(0).file(0).checksum(0).value" ,down->getMD5Sum().c_str()); |
|
|
+ //logInfo("LogPrelude DEBUG Hash %i\n", ret); |
|
|
+ ret = add_idmef_object(idmef, "alert.target(0).file(0).checksum(1).algorithm" ,"SHA2-512"); |
|
|
+ //logInfo("LogPrelude DEBUG SHA %i\n", ret); |
|
|
+ ret = add_idmef_object(idmef, "alert.target(0).file(0).checksum(1).value" ,down->getSHA512Sum().c_str()); |
|
|
+ //logInfo("LogPrelude DEBUG Hash %i\n", ret); |
|
|
+ |
|
|
+ uint32_t addr = down->getLocalHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ // infection host |
|
|
+ addr = down->getRemoteHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ // download source |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.port", down->getDownloadUrl()->getPort()); |
|
|
+ |
|
|
+ /* hl: previous dirty workaround -> commented |
|
|
+ string protocol; |
|
|
+ if (down->getDownloadUrl()->getProtocol() == "tftp" ) |
|
|
+ protocol = "UDP"; |
|
|
+ else |
|
|
+ protocol = "TCP"; |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.protocol" ,protocol.c_str()); |
|
|
+ */ |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.web_service.url" ,down->getUrl().c_str()); |
|
|
+ // hl: not needed |
|
|
+ //add_idmef_object(idmef, "alert.source(0).Service.web_service.http_method" ,"get"); |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.description" ,"possible Malware stored for further analysis"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.severity" ,"high"); |
|
|
+// add_idmef_object(idmef, "alert.assessment.impact.completion" ,"succeeded"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.type" ,"other"); |
|
|
+ |
|
|
+ // time |
|
|
+ idmef_time_t *time; |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ idmef_message_destroy(idmef); |
|
|
+ |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ */ |
|
|
+void LogPrelude::handleDialogueAssignAndDone(Event *event) |
|
|
+{ |
|
|
+ logInfo("LogPrelude EVENT EV_ASSIGN_AND_DONE\n"); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ |
|
|
+ Dialogue *dia = ((DialogueEvent *)event)->getDialogue(); |
|
|
+ Socket *socket = ((DialogueEvent *)event)->getSocket(); |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ |
|
|
+ string attack = "Exploit attempt: " + dia->getDialogueName(); |
|
|
+ |
|
|
+ // generic information |
|
|
+ add_idmef_object(idmef, "alert.classification.text", attack.c_str()); |
|
|
+ // hl: added ident field |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_DIALOGUE_ASSIGN_AND_DONE); |
|
|
+ |
|
|
+// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ |
|
|
+ |
|
|
+ // attacker |
|
|
+ uint32_t addr = socket->getRemoteHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address", address.c_str()); |
|
|
+ |
|
|
+ // target |
|
|
+ addr = socket->getLocalHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address", address.c_str()); |
|
|
+ |
|
|
+// string protocol; |
|
|
+// if (down->getDownloadUrl()->getProtocol() == "tftp" ) |
|
|
+// protocol = "UDP"; |
|
|
+// else |
|
|
+// protocol = "TCP"; |
|
|
+// |
|
|
+// add_idmef_object(idmef, "alert.source(0).Service.protocol" ,protocol.c_str()); |
|
|
+// add_idmef_object(idmef, "alert.source(0).Service.web_service.url" ,down->getUrl().c_str()); |
|
|
+// add_idmef_object(idmef, "alert.source(0).Service.web_service.http_method" ,"get"); |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.description" ,"An exploit attempt is getting handled."); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.severity" ,"low"); |
|
|
+// add_idmef_object(idmef, "alert.assessment.impact.completion" ,"succeeded"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.type" ,"other"); |
|
|
+ |
|
|
+ |
|
|
+ // hl: added |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).type", "string"); |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).meaning", "Dialogue"); |
|
|
+ add_idmef_object(idmef, "alert.additional_data(0).data", dia->getDialogueName().c_str()); |
|
|
+ |
|
|
+ // time |
|
|
+ idmef_time_t *time; |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ |
|
|
+ |
|
|
+ idmef_message_destroy(idmef); |
|
|
+ |
|
|
+#endif |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * |
|
|
+ * |
|
|
+ */ |
|
|
+void LogPrelude::handleDownload(Event *event) |
|
|
+{ |
|
|
+ SubmitEvent *se = (SubmitEvent *)event; |
|
|
+ Download *down = se->getDownload(); |
|
|
+ string url = se->getDownload()->getUrl(); |
|
|
+ |
|
|
+ se->getType(); |
|
|
+ logInfo("LogPrelude EVENT EV_DOWNLOAD %s %s %i \n",down->getUrl().c_str(), |
|
|
+ down->getMD5Sum().c_str(), |
|
|
+ down->getDownloadBuffer()->getSize()); |
|
|
+ |
|
|
+#ifdef HAVE_LIBPRELUDE |
|
|
+ |
|
|
+ idmef_message_t *idmef; |
|
|
+ |
|
|
+ int32_t ret = idmef_message_new(&idmef); |
|
|
+ if ( ret < 0 ) |
|
|
+ return; |
|
|
+ |
|
|
+ // generic information |
|
|
+ // hl: changed message |
|
|
+ string message = "possible Malware offered: " + down->getUrl(); |
|
|
+ |
|
|
+ add_idmef_object(idmef, "alert.classification.text", message.c_str()); |
|
|
+ // hl: changed to ident number |
|
|
+ add_idmef_object(idmef, "alert.classification.ident", EV_DOWNLOAD); |
|
|
+ |
|
|
+// add_idmef_object(idmef, "alert.classification.reference(0).origin" ,"vendor-specific" ); |
|
|
+ |
|
|
+ |
|
|
+ // infection host |
|
|
+ uint32_t addr = down->getRemoteHost(); |
|
|
+ string address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ //target host |
|
|
+ addr = down->getLocalHost(); |
|
|
+ address = inet_ntoa(*(in_addr *)&addr); |
|
|
+ add_idmef_object(idmef, "alert.target(0).Node.Address(0).address" ,address.c_str()); |
|
|
+ |
|
|
+ |
|
|
+ // download source |
|
|
+ // hl: removed protocol, added url |
|
|
+ /* |
|
|
+ string protocol; |
|
|
+ if (down->getDownloadUrl()->getProtocol() == "tftp" ) |
|
|
+ protocol = "UDP"; |
|
|
+ else |
|
|
+ protocol = "TCP"; |
|
|
+ */ |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.port" ,down->getDownloadUrl()->getPort()); |
|
|
+ //add_idmef_object(idmef, "alert.source(0).Service.protocol" ,protocol.c_str()); |
|
|
+ add_idmef_object(idmef, "alert.source(0).Service.web_service.url" ,down->getUrl().c_str()); |
|
|
+// add_idmef_object(idmef, "alert.source(0).Service.web_service.http_method" ,"get"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.description" ,"Parsing the Shellcode has unrevealed a URL."); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.severity" ,"medium"); |
|
|
+// add_idmef_object(idmef, "alert.assessment.impact.completion" ,"succeeded"); |
|
|
+ add_idmef_object(idmef, "alert.assessment.impact.type" ,"other"); |
|
|
+ |
|
|
+ // time |
|
|
+ idmef_time_t *time; |
|
|
+ ret = idmef_time_new_from_gettimeofday(&time); |
|
|
+ idmef_alert_set_create_time(idmef_message_get_alert(idmef), |
|
|
+ time); |
|
|
+ |
|
|
+ |
|
|
+ // analyzer id |
|
|
+ idmef_alert_set_analyzer(idmef_message_get_alert(idmef), |
|
|
+ idmef_analyzer_ref(prelude_client_get_analyzer(m_PreludeClient)), |
|
|
+ IDMEF_LIST_PREPEND); |
|
|
+ |
|
|
+ |
|
|
+ prelude_client_send_idmef(m_PreludeClient, idmef); |
|
|
+ |
|
|
+ |
|
|
+ idmef_message_destroy(idmef); |
|
|
+#endif |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+extern "C" int32_t module_init(int32_t version, Module **module, Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ if (version == MODULE_IFACE_VERSION) { |
|
|
+ *module = new LogPrelude(nepenthes); |
|
|
+ return 1; |
|
|
+ } else { |
|
|
+ return 0; |
|
|
+ } |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/log-prelude/log-prelude.hpp nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.hpp |
|
|
--- nepenthes-0.2.0/modules/log-prelude/log-prelude.hpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-prelude/log-prelude.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -30,7 +30,7 @@ |
|
|
#include "config.h" |
|
|
|
|
|
#ifdef HAVE_LIBPRELUDE |
|
|
-#include <prelude.h> |
|
|
+#include <libprelude/prelude.h> |
|
|
#endif |
|
|
|
|
|
#include <string> |
|
|
diff -ruN nepenthes-0.2.0/modules/log-surfnet/Makefile.am nepenthes-0.2.0-r1345/modules/log-surfnet/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/log-surfnet/Makefile.am 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-surfnet/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -6,7 +6,6 @@ |
|
|
|
|
|
AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -I/usr/include/postgresql -pipe -D _GNU_SOURCE |
|
|
AM_CXXFLAGS = -Wall -Werror |
|
|
-AM_LDFLAGS = ${LIB_POSTGRES} |
|
|
|
|
|
pkglib_LTLIBRARIES = logsurfnet.la |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/log-surfnet/log-surfnet.conf.dist nepenthes-0.2.0-r1345/modules/log-surfnet/log-surfnet.conf.dist |
|
|
--- nepenthes-0.2.0/modules/log-surfnet/log-surfnet.conf.dist 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-surfnet/log-surfnet.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,175 +49,3 @@ |
|
|
|
|
|
}; |
|
|
|
|
|
- |
|
|
-/* |
|
|
- |
|
|
-don't forget to create these fn's in your surfnet ids database. |
|
|
- |
|
|
- |
|
|
-CREATE PROCEDURAL LANGUAGE plpgsql; |
|
|
- |
|
|
-CREATE FUNCTION surfnet_attack_add(integer, inet, integer, inet, integer, macaddr, inet) RETURNS integer |
|
|
- AS $_$DECLARE |
|
|
- p_severity ALIAS FOR $1; |
|
|
- p_attackerip ALIAS FOR $2; |
|
|
- p_attackerport ALIAS FOR $3; |
|
|
- p_decoyip ALIAS FOR $4; |
|
|
- p_decoyport ALIAS FOR $5; |
|
|
- p_hwa ALIAS FOR $6; |
|
|
- p_localhost ALIAS FOR $7; |
|
|
- m_attackid INTEGER; |
|
|
- m_sensorid INTEGER; |
|
|
-BEGIN |
|
|
- |
|
|
- SELECT INTO m_sensorid surfnet_sensorid_get(p_localhost); |
|
|
- SELECT INTO m_attackid surfnet_attack_add_by_id(p_severity, |
|
|
- p_attackerip, p_attackerport, p_decoyip, |
|
|
- p_decoyport, p_hwa, m_sensorid); |
|
|
- |
|
|
- return m_attackid; |
|
|
-END$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_attack_add_by_id(integer, inet, integer, inet, integer, macaddr, integer) RETURNS integer |
|
|
- AS $_$DECLARE |
|
|
- p_severity ALIAS FOR $1; |
|
|
- p_attackerip ALIAS FOR $2; |
|
|
- p_attackerport ALIAS FOR $3; |
|
|
- p_decoyip ALIAS FOR $4; |
|
|
- p_decoyport ALIAS FOR $5; |
|
|
- p_hwa ALIAS FOR $6; |
|
|
- p_sensorid ALIAS FOR $7; |
|
|
- m_attackid INTEGER; |
|
|
-BEGIN |
|
|
- INSERT INTO attacks |
|
|
- (severity, |
|
|
- timestamp, |
|
|
- dest, |
|
|
- dport, |
|
|
- source, |
|
|
- sport, |
|
|
- sensorid, |
|
|
- src_mac) |
|
|
- VALUES |
|
|
- (p_severity, |
|
|
- extract(epoch from current_timestamp(0))::integer, |
|
|
- p_attackerip, |
|
|
- p_attackerport, |
|
|
- p_decoyip, |
|
|
- p_decoyport, |
|
|
- p_sensorid, |
|
|
- p_hwa); |
|
|
- |
|
|
- SELECT INTO m_attackid currval('attacks_id_seq'); |
|
|
- return m_attackid; |
|
|
-END$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_attack_update_severity(integer, integer) RETURNS void |
|
|
- AS $_$DECLARE |
|
|
- p_attackid ALIAS FOR $1; |
|
|
- p_severity ALIAS FOR $2; |
|
|
-BEGIN |
|
|
- UPDATE attacks SET severity = p_severity WHERE id = p_attackid; |
|
|
- return; |
|
|
-END;$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_detail_add(integer, inet, integer, character varying) RETURNS void |
|
|
- AS $_$DECLARE |
|
|
- p_attackid ALIAS FOR $1; |
|
|
- p_localhost ALIAS FOR $2; |
|
|
- p_type ALIAS FOR $3; |
|
|
- p_data ALIAS FOR $4; |
|
|
- |
|
|
- m_sensorid INTEGER; |
|
|
-BEGIN |
|
|
- SELECT INTO m_sensorid surfnet_sensorid_get(p_localhost); |
|
|
- |
|
|
- INSERT INTO details |
|
|
- (attackid,sensorid,type,text) |
|
|
- VALUES |
|
|
- (p_attackid,m_sensorid,p_type,p_data); |
|
|
-END$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_detail_add_by_id(integer, integer, integer, character varying) RETURNS void |
|
|
- AS $_$DECLARE |
|
|
- p_attackid ALIAS FOR $1; |
|
|
- m_sensorid ALIAS FOR $2; |
|
|
- p_type ALIAS FOR $3; |
|
|
- p_data ALIAS FOR $4; |
|
|
-BEGIN |
|
|
- INSERT INTO details |
|
|
- (attackid,sensorid,type,text) |
|
|
- VALUES |
|
|
- (p_attackid,m_sensorid,p_type,p_data); |
|
|
-END$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_detail_add_download(inet, inet, character varying, character varying) RETURNS void |
|
|
- AS $_$DECLARE |
|
|
- p_remotehost ALIAS FOR $1; |
|
|
- p_localhost ALIAS FOR $2; |
|
|
- p_url ALIAS FOR $3; |
|
|
- p_hash ALIAS FOR $4; |
|
|
- |
|
|
- m_sensorid INTEGER; |
|
|
- m_attackid INTEGER; |
|
|
-BEGIN |
|
|
- SELECT INTO m_sensorid surfnet_sensorid_get(p_localhost); |
|
|
- SELECT INTO m_attackid surfnet_attack_add_by_id(32,p_remotehost, 0, |
|
|
- p_localhost, 0, |
|
|
- NULL,m_sensorid); |
|
|
- |
|
|
- PERFORM surfnet_detail_add_by_id(m_attackid, |
|
|
- m_sensorid,4,p_url); |
|
|
- PERFORM surfnet_detail_add_by_id(m_attackid, |
|
|
- m_sensorid,8,p_hash); |
|
|
- |
|
|
- return; |
|
|
-END; $_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_detail_add_offer(inet, inet, character varying) RETURNS void |
|
|
- AS $_$DECLARE |
|
|
- p_remotehost ALIAS FOR $1; |
|
|
- p_localhost ALIAS FOR $2; |
|
|
- p_url ALIAS FOR $3; |
|
|
- |
|
|
- m_sensorid INTEGER; |
|
|
- m_attackid INTEGER; |
|
|
-BEGIN |
|
|
- SELECT INTO m_sensorid surfnet_sensorid_get(p_localhost); |
|
|
- SELECT INTO m_attackid surfnet_attack_add_by_id(16,p_remotehost, 0, |
|
|
- p_localhost, 0, |
|
|
- NULL,m_sensorid); |
|
|
- |
|
|
- PERFORM surfnet_detail_add_by_id(m_attackid, |
|
|
- m_sensorid,4,p_url); |
|
|
- return; |
|
|
-END; $_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-CREATE FUNCTION surfnet_sensorid_get(inet) RETURNS integer |
|
|
- AS $_$DECLARE |
|
|
- p_localhost ALIAS FOR $1; |
|
|
- m_sensorid INTEGER; |
|
|
-BEGIN |
|
|
- SELECT INTO m_sensorid id FROM sensors WHERE tapip = p_localhost; |
|
|
- return m_sensorid; |
|
|
-END |
|
|
-$_$ |
|
|
- LANGUAGE plpgsql; |
|
|
- |
|
|
- |
|
|
-*/ |
|
|
diff -ruN nepenthes-0.2.0/modules/log-surfnet/log-surfnet.cpp nepenthes-0.2.0-r1345/modules/log-surfnet/log-surfnet.cpp |
|
|
--- nepenthes-0.2.0/modules/log-surfnet/log-surfnet.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/log-surfnet/log-surfnet.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -76,7 +76,7 @@ |
|
|
m_attackID = 0; |
|
|
m_closed = false; |
|
|
|
|
|
- m_severity = 0; |
|
|
+ m_severity = -1; |
|
|
} |
|
|
|
|
|
|
|
|
@@ -471,7 +471,13 @@ |
|
|
(uint32_t) ((intptr_t)socket), |
|
|
attackid); |
|
|
|
|
|
- m_SocketTracker[(uintptr_t) socket].m_closed = true; |
|
|
+ if (m_SocketTracker[(uintptr_t) socket].m_Details.size() > 0) |
|
|
+ { |
|
|
+ m_SocketTracker[(uintptr_t) socket].m_closed = true; |
|
|
+ }else |
|
|
+ { |
|
|
+ m_SocketTracker.erase((uintptr_t)socket); |
|
|
+ } |
|
|
} |
|
|
|
|
|
void LogSurfNET::handleDialogueAssignAndDone(Socket *socket, Dialogue *dia, uint32_t attackid) |
|
|
@@ -649,6 +655,19 @@ |
|
|
m_SocketTracker[(uintptr_t)s].m_Details.pop_front(); |
|
|
} |
|
|
|
|
|
+ if (m_SocketTracker[(uintptr_t)s].m_severity != -1) |
|
|
+ { |
|
|
+ string query; |
|
|
+ |
|
|
+ query = "SELECT surfnet_attack_update_severity('"; |
|
|
+ query += itos(m_SocketTracker[(uintptr_t)s].m_attackID); |
|
|
+ query += "','"; |
|
|
+ query += itos(m_SocketTracker[(uintptr_t)s].m_severity); |
|
|
+ query += "');"; |
|
|
+ |
|
|
+ m_SQLHandler->addQuery(&query,NULL,NULL); |
|
|
+ } |
|
|
+ |
|
|
if (m_SocketTracker[(uintptr_t)s].m_closed == true) |
|
|
{ |
|
|
m_SocketTracker.erase((uintptr_t)s); |
|
|
@@ -660,6 +679,11 @@ |
|
|
bool LogSurfNET::sqlFailure(SQLResult *result) |
|
|
{ |
|
|
logPF(); |
|
|
+ |
|
|
+ Socket *s; |
|
|
+ s = (Socket *)result->getObject(); |
|
|
+ logCrit("Getting attackid for socket %x failed, dropping the whole attack, forgetting all details\n",(uintptr_t)s); |
|
|
+ m_SocketTracker.erase((uintptr_t)s); |
|
|
return true; |
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/module-honeytrap/Makefile.am nepenthes-0.2.0-r1345/modules/module-honeytrap/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/module-honeytrap/Makefile.am 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/module-honeytrap/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -15,4 +15,4 @@ |
|
|
modulehoneytrap_la_SOURCES += TrapSocket.cpp TrapSocket.hpp |
|
|
modulehoneytrap_la_SOURCES += module-honeytrap.conf.dist |
|
|
|
|
|
-modulehoneytrap_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+modulehoneytrap_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/module-honeytrap/TrapSocket.cpp nepenthes-0.2.0-r1345/modules/module-honeytrap/TrapSocket.cpp |
|
|
--- nepenthes-0.2.0/modules/module-honeytrap/TrapSocket.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/module-honeytrap/TrapSocket.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -782,11 +782,18 @@ |
|
|
{ |
|
|
printIPpacket(data,size); |
|
|
|
|
|
+ uint16_t port; |
|
|
+ |
|
|
+ if ( tcp->th_flags & TH_SYN && !(tcp->th_flags & TH_ACK) ) |
|
|
+ port = ntohs(tcp->th_dport); // inline mode |
|
|
+ else |
|
|
+ port = ntohs(tcp->th_sport); // pcap mode |
|
|
+ |
|
|
if (1)// isPortListening(ntohs(tcp->th_dport),*(uint32_t *)&(ip->ip_dst)) == false ) |
|
|
{ |
|
|
- logInfo("Connection to unbound port %i requested, binding port\n",ntohs(tcp->th_dport)); |
|
|
+ logInfo("Connection to unbound port %i requested, binding port\n",port); |
|
|
|
|
|
- Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,ntohs(tcp->th_dport),60,60); |
|
|
+ Socket *sock = g_Nepenthes->getSocketMgr()->bindTCPSocket(INADDR_ANY,port,60,60); |
|
|
if ( sock != NULL && (sock->getDialogst()->size() == 0 && sock->getFactories()->size() == 0) ) |
|
|
{ |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/module-peiros/module-peiros.cpp nepenthes-0.2.0-r1345/modules/module-peiros/module-peiros.cpp |
|
|
--- nepenthes-0.2.0/modules/module-peiros/module-peiros.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/module-peiros/module-peiros.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -29,6 +29,7 @@ |
|
|
|
|
|
#include <ctype.h> |
|
|
#include <string.h> |
|
|
+#include <sys/types.h> |
|
|
#include <sys/socket.h> |
|
|
#include <netinet/in.h> |
|
|
#include <arpa/inet.h> |
|
|
diff -ruN nepenthes-0.2.0/modules/module-portwatch/WatchDialogue.cpp nepenthes-0.2.0-r1345/modules/module-portwatch/WatchDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/module-portwatch/WatchDialogue.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/module-portwatch/WatchDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -47,6 +47,9 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -77,7 +80,7 @@ |
|
|
WatchDialogue::~WatchDialogue() |
|
|
{ |
|
|
logWarn("Unknown WatchDialogue %i bytes, port %i\n",m_Buffer->getSize(), m_Socket->getLocalPort()); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
delete m_Buffer; |
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-generic/Makefile.am nepenthes-0.2.0-r1345/modules/shellcode-generic/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/shellcode-generic/Makefile.am 2006-11-13 20:40:07.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-generic/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -32,4 +32,4 @@ |
|
|
shellcodegeneric_la_SOURCES += sch_generic_leimbach_url_xor.cpp sch_generic_leimbach_url_xor.hpp |
|
|
shellcodegeneric_la_SOURCES += sch_generic_wget.cpp sch_generic_wget.hpp |
|
|
|
|
|
-shellcodegeneric_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+shellcodegeneric_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-generic/sch_generic_cmd.cpp nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_cmd.cpp |
|
|
--- nepenthes-0.2.0/modules/shellcode-generic/sch_generic_cmd.cpp 2006-11-13 20:40:07.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_cmd.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -95,7 +95,7 @@ |
|
|
if((iResult = pcre_exec(m_pcre, 0, (char *) shellcode, len, 0, 0, (int *)piOutput, sizeof(piOutput)/sizeof(int32_t))) > 0) |
|
|
{ |
|
|
// logDebug("GenricCMD (improve pcre debug) (%i bytes)\n",(*msg)->getSize()); |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)(*msg)->getMsg(),(*msg)->getSize()); |
|
|
+// HEXDUMP(m_Socket,(byte *)(*msg)->getMsg(),(*msg)->getSize()); |
|
|
|
|
|
const char * pRemoteCommand; |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp |
|
|
--- nepenthes-0.2.0/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp 2006-11-13 20:40:07.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_leimbach_url_xor.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -203,7 +203,7 @@ |
|
|
pcre_free_substring(preload); |
|
|
pcre_free_substring(xordecoder); |
|
|
|
|
|
- g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(l_crit,(byte *)newshellcode, len); |
|
|
|
|
|
Message *newMessage = new Message((char *)newshellcode, len, (*msg)->getLocalPort(), (*msg)->getRemotePort(), |
|
|
(*msg)->getLocalHost(), (*msg)->getRemoteHost(), (*msg)->getResponder(), (*msg)->getSocket()); |
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-generic/sch_generic_url.cpp nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_url.cpp |
|
|
--- nepenthes-0.2.0/modules/shellcode-generic/sch_generic_url.cpp 2006-11-13 20:40:07.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-generic/sch_generic_url.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -119,7 +119,7 @@ |
|
|
|
|
|
if((iResult = pcre_exec(m_pcre, 0, (char *) shellcode, len, 0, 0, (int *)piOutput, sizeof(piOutput)/sizeof(int32_t))) > 0) |
|
|
{ |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,shellcode,len); |
|
|
+// HEXDUMP(m_Socket,shellcode,len); |
|
|
const char * pUrl; |
|
|
|
|
|
pcre_get_substring((char *) shellcode, (int *)piOutput, (int)iResult, 1, &pUrl); |
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-signatures/Makefile.am nepenthes-0.2.0-r1345/modules/shellcode-signatures/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/shellcode-signatures/Makefile.am 2006-11-13 20:40:04.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-signatures/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -33,5 +33,5 @@ |
|
|
shellcodesignatures_la_SOURCES += sch_namespace_konstanzxor.cpp sch_namespace_konstanzxor.hpp |
|
|
shellcodesignatures_la_SOURCES += sch_namespace_alphanumericxor.cpp sch_namespace_alphanumericxor.hpp |
|
|
|
|
|
-shellcodesignatures_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+shellcodesignatures_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/shellcode-signatures/shellcode-signatures.sc nepenthes-0.2.0-r1345/modules/shellcode-signatures/shellcode-signatures.sc |
|
|
--- nepenthes-0.2.0/modules/shellcode-signatures/shellcode-signatures.sc 2006-11-13 20:40:04.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellcode-signatures/shellcode-signatures.sc 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -178,6 +178,13 @@ |
|
|
mapping (none,pre,decoder,size,key,post); |
|
|
}; |
|
|
|
|
|
+xor::marburganderlahn |
|
|
+{ |
|
|
+ pattern |
|
|
+ "(.*)(\\xEB\\x0E\\x5A\\x4A\\x31\\xC9\\xB1(.)\\x80\\x34\\x11(.)\\xE2\\xFA\\xEB\\x05\\xE8\\xED\xFF\xFF\xFF)(.*)$"; |
|
|
+ mapping (none,pre,decoder,size,key,post); |
|
|
+}; |
|
|
+ |
|
|
/* |
|
|
* too inaccurate |
|
|
* |
|
|
@@ -944,8 +951,8 @@ |
|
|
pattern |
|
|
"\\xeb\\x02\\xeb\\x6b" |
|
|
"\\xe8\\xf9\\xff\\xff\\xff\\x53\\x55\\x56\\x57\\x8b\\x6c\\x24\\x18\\x8b\\x45\\x3c" |
|
|
- "\\x8b\\x54\\x05\\x78\\x03\\xd5\\x8b\\x4a\\x18\\x8b\\x5a\\x20\\x03\\xdd\\xe3\\x32" |
|
|
- "\\x49\\x8b\\x34\\x8b\\x03\\xf5\\x33\\xff\\xfc\\x33\\xc0\\xac\\x3a\\xc4\\x74\\x07" |
|
|
+ "\\x8b\\x54.\\x78\\x03\\xd5\\x8b\\x4a\\x18\\x8b\\x5a\\x20\\x03\\xdd\\xe3\\x32" |
|
|
+ "\\x49\\x8b\\x34\\x8b\\x03\\xf5\\x33\\xff\\xfc\\x33\\xc0\\xac..\\x74\\x07" |
|
|
"\\xc1\\xcf\\x0d\\x03\\xf8\\xeb\\xf2\\x3b\\x7c\\x24\\x14\\x75\\xe1\\x8b\\x5a\\x24" |
|
|
"\\x03\\xdd\\x66\\x8b\\x0c\\x4b\\x8b\\x5a\\x1c\\x03\\xdd\\x8b\\x04\\x8b\\x03\\xc5" |
|
|
"\\xeb\\x02\\x33\\xc0\\x5f\\x5e\\x5d\\x5b\\x89\\x44\\x24\\x04\\x8b\\x04\\x24\\x89" |
|
|
diff -ruN nepenthes-0.2.0/modules/shellemu-winnt/VFSCommandFTP.cpp nepenthes-0.2.0-r1345/modules/shellemu-winnt/VFSCommandFTP.cpp |
|
|
--- nepenthes-0.2.0/modules/shellemu-winnt/VFSCommandFTP.cpp 2006-11-13 20:40:06.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/shellemu-winnt/VFSCommandFTP.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -425,7 +425,6 @@ |
|
|
logSpam("VFSCommandFTP Setting Hosts %i %i\n",remotehost,localhost); |
|
|
remotehost = m_VFS->getDialogue()->getSocket()->getRemoteHost(); |
|
|
localhost = m_VFS->getDialogue()->getSocket()->getLocalHost(); |
|
|
- |
|
|
} |
|
|
|
|
|
logSpam("VFSCommandFTP LocalHost %s\n",inet_ntoa(*(in_addr *)&localhost)); |
|
|
diff -ruN nepenthes-0.2.0/modules/sqlhandler-postgres/Makefile.am nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/sqlhandler-postgres/Makefile.am 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -12,4 +12,4 @@ |
|
|
|
|
|
sqlhandlerpostgres_la_SOURCES = sqlhandler-postgres.cpp sqlhandler-postgres.hpp |
|
|
|
|
|
-sqlhandlerpostgres_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+sqlhandlerpostgres_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/sqlhandler-postgres/sqlhandler-postgres.cpp nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/sqlhandler-postgres.cpp |
|
|
--- nepenthes-0.2.0/modules/sqlhandler-postgres/sqlhandler-postgres.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/sqlhandler-postgres.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -145,6 +145,7 @@ |
|
|
m_PGTable = table; |
|
|
m_PGUser = user; |
|
|
m_PGPass = passwd; |
|
|
+ m_PGOptions = options; |
|
|
|
|
|
m_Callback = cb; |
|
|
} |
|
|
@@ -760,6 +761,10 @@ |
|
|
"' user = '" + m_PGUser + |
|
|
"' password = '" + m_PGPass +"'"; |
|
|
|
|
|
+ if ( m_PGOptions.size() > 0 ) |
|
|
+ ConnectString += m_PGOptions; |
|
|
+ |
|
|
+ |
|
|
if (m_PGConnection != NULL) |
|
|
PQfinish(m_PGConnection); |
|
|
else |
|
|
diff -ruN nepenthes-0.2.0/modules/sqlhandler-postgres/sqlhandler-postgres.hpp nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/sqlhandler-postgres.hpp |
|
|
--- nepenthes-0.2.0/modules/sqlhandler-postgres/sqlhandler-postgres.hpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/sqlhandler-postgres/sqlhandler-postgres.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -141,6 +141,7 @@ |
|
|
string m_PGTable; |
|
|
string m_PGUser; |
|
|
string m_PGPass; |
|
|
+ string m_PGOptions; |
|
|
|
|
|
}; |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/submit-gotek/gotekCTRLDialogue.cpp nepenthes-0.2.0-r1345/modules/submit-gotek/gotekCTRLDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-gotek/gotekCTRLDialogue.cpp 2006-11-13 20:40:11.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-gotek/gotekCTRLDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -112,7 +112,7 @@ |
|
|
|
|
|
unsigned char sessionkey[8]; |
|
|
memcpy((char *)sessionkey,(char *)m_Buffer->getData(),8); |
|
|
- g_Nepenthes->getUtilities()->hexdump(sessionkey,8); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(sessionkey,8); |
|
|
|
|
|
|
|
|
|
|
|
@@ -128,13 +128,13 @@ |
|
|
byte hashme[1032]; |
|
|
memset(hashme,0,1032); |
|
|
|
|
|
- g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
memcpy(hashme,g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
memcpy(hashme+1024,sessionkey,8); |
|
|
- g_Nepenthes->getUtilities()->hexdump(hashme, 1032); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(hashme, 1032); |
|
|
|
|
|
g_Nepenthes->getUtilities()->sha512(hashme, 1032, hash); |
|
|
- g_Nepenthes->getUtilities()->hexdump(hash,64); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(hash,64); |
|
|
|
|
|
m_Socket->doRespond((char *)hash,64); |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/submit-gotek/gotekDATADialogue.cpp nepenthes-0.2.0-r1345/modules/submit-gotek/gotekDATADialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-gotek/gotekDATADialogue.cpp 2006-11-13 20:40:11.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-gotek/gotekDATADialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -173,7 +173,7 @@ |
|
|
byte hashme[1032]; |
|
|
memset(hashme,0,1032); |
|
|
|
|
|
- g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
memcpy(hashme,g_GotekSubmitHandler->getCommunityKey(),1024); |
|
|
memcpy(hashme+1024,&sessionkey,8); |
|
|
g_Nepenthes->getUtilities()->sha512(hashme, 1032, hash); |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/HTTPSession.cpp nepenthes-0.2.0-r1345/modules/submit-http/HTTPSession.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-http/HTTPSession.cpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/HTTPSession.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,187 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2006 Niklas Schiffler <nick@digitician.eu> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ |
|
|
+#include <curl/curl.h> |
|
|
+#include <curl/types.h> /* new for v7 */ |
|
|
+#include <curl/easy.h> /* new for v7 */ |
|
|
+#include <sstream> |
|
|
+#include <netinet/in.h> |
|
|
+ |
|
|
+#include "HTTPSession.hpp" |
|
|
+#include "submit-http.hpp" |
|
|
+#include "DownloadBuffer.hpp" |
|
|
+#include "DownloadUrl.hpp" |
|
|
+ |
|
|
+using namespace nepenthes; |
|
|
+ |
|
|
+HTTPSession::HTTPSession(string &url, string &email, string &user, string &password, Download* down) |
|
|
+{ |
|
|
+ state = S_ERROR; |
|
|
+ postInfo = NULL; |
|
|
+ postFile = NULL; |
|
|
+ curlInfoHandle = NULL; |
|
|
+ curlFileHandle = NULL; |
|
|
+ |
|
|
+ submitURL = url; |
|
|
+ |
|
|
+ if ( user.length() > 0 && password.length() > 0 ) |
|
|
+ submitAuthStr = user + ":" + password; |
|
|
+ |
|
|
+ md5 = down->getMD5Sum(); |
|
|
+ sha512 = down->getSHA512Sum(); |
|
|
+ fileSize = down->getDownloadBuffer()->getSize(); |
|
|
+ fileName = down->getDownloadUrl()->getFile(); |
|
|
+ fileSourceURL = down->getUrl(); |
|
|
+ |
|
|
+ fileBuffer = new uint8_t[fileSize]; |
|
|
+ fileBuffer = (uint8_t*)memcpy(fileBuffer, down->getDownloadBuffer()->getData(), fileSize); |
|
|
+ |
|
|
+ curlInfoHandle = curl_easy_init(); |
|
|
+ if ( curlInfoHandle ) |
|
|
+ { |
|
|
+ struct curl_httppost* last = NULL; |
|
|
+ |
|
|
+ if ( email.length() > 0 ) |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_COPYNAME, "email", CURLFORM_COPYCONTENTS, email.c_str(), CURLFORM_END); |
|
|
+ |
|
|
+ stringstream sSourceHost; sSourceHost << htonl(down->getRemoteHost()); |
|
|
+ stringstream sTargetHost; sTargetHost << htonl(down->getLocalHost()); |
|
|
+ |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "url", CURLFORM_COPYCONTENTS, fileSourceURL.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "trigger", CURLFORM_COPYCONTENTS, down->getTriggerLine().c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "md5", CURLFORM_COPYCONTENTS, md5.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "sha512", CURLFORM_COPYCONTENTS, sha512.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "filetype", CURLFORM_COPYCONTENTS, down->getFileType().c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "source_host", CURLFORM_COPYCONTENTS, sSourceHost.str().c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "target_host", CURLFORM_COPYCONTENTS, sTargetHost.str().c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postInfo, &last, CURLFORM_PTRNAME, "filename", CURLFORM_COPYCONTENTS, down->getDownloadUrl()->getFile().c_str(), CURLFORM_END); |
|
|
+ |
|
|
+ setCURLOpts(curlInfoHandle, postInfo); |
|
|
+ } |
|
|
+} |
|
|
+ |
|
|
+HTTPSession::~HTTPSession() |
|
|
+{ |
|
|
+ delete [] fileBuffer; |
|
|
+ curl_formfree(postInfo); |
|
|
+ if ( postFile ) |
|
|
+ curl_formfree(postFile); |
|
|
+ curl_easy_cleanup(curlInfoHandle); |
|
|
+ if ( curlFileHandle ) |
|
|
+ curl_easy_cleanup(curlFileHandle); |
|
|
+} |
|
|
+ |
|
|
+CURL* HTTPSession::getSubmitInfoHandle() |
|
|
+{ |
|
|
+ return curlInfoHandle; |
|
|
+} |
|
|
+ |
|
|
+CURL* HTTPSession::getSubmitFileHandle() |
|
|
+{ |
|
|
+ curlFileHandle = curl_easy_init(); |
|
|
+ if ( curlFileHandle ) |
|
|
+ { |
|
|
+ postFile = NULL; |
|
|
+ struct curl_httppost* last = NULL; |
|
|
+ |
|
|
+ curl_formadd(&postFile, &last, CURLFORM_PTRNAME, "md5", CURLFORM_COPYCONTENTS, md5.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&postFile, &last, CURLFORM_PTRNAME, "sha512", CURLFORM_COPYCONTENTS, sha512.c_str(), CURLFORM_END); |
|
|
+ |
|
|
+ curl_formadd(&postFile, &last, |
|
|
+ CURLFORM_COPYNAME, "file", |
|
|
+ CURLFORM_BUFFER, fileName.c_str(), |
|
|
+ CURLFORM_BUFFERPTR, fileBuffer, |
|
|
+ CURLFORM_BUFFERLENGTH, fileSize, |
|
|
+ CURLFORM_END); |
|
|
+ |
|
|
+ setCURLOpts(curlFileHandle, postFile); |
|
|
+ } |
|
|
+ return curlFileHandle; |
|
|
+} |
|
|
+ |
|
|
+string HTTPSession::getMD5() |
|
|
+{ |
|
|
+ return md5; |
|
|
+} |
|
|
+ |
|
|
+string HTTPSession::getSHA512() |
|
|
+{ |
|
|
+ return sha512; |
|
|
+} |
|
|
+ |
|
|
+void HTTPSession::setCURLOpts(CURL* c, curl_httppost* post) |
|
|
+{ |
|
|
+ curl_easy_setopt(c, CURLOPT_HTTPPOST, post); |
|
|
+ curl_easy_setopt(c, CURLOPT_SSL_VERIFYHOST, false); |
|
|
+ curl_easy_setopt(c, CURLOPT_SSL_VERIFYPEER, false); |
|
|
+ curl_easy_setopt(c, CURLOPT_URL, submitURL.c_str()); |
|
|
+ curl_easy_setopt(c, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; nepenthes; Linux)"); |
|
|
+ curl_easy_setopt(c, CURLOPT_PRIVATE, (char*) this); |
|
|
+ curl_easy_setopt(c, CURLOPT_WRITEDATA, this); |
|
|
+ curl_easy_setopt(c, CURLOPT_WRITEFUNCTION, HTTPSession::WriteCallback); |
|
|
+ |
|
|
+ if ( submitAuthStr.length() > 0 ) |
|
|
+ curl_easy_setopt(c, CURLOPT_USERPWD, submitAuthStr.c_str()); |
|
|
+} |
|
|
+ |
|
|
+size_t HTTPSession::WriteCallback(char *buffer, size_t size, size_t nitems, void *p) |
|
|
+{ |
|
|
+ HTTPSession* s = (HTTPSession*)p; |
|
|
+ int32_t iSize = size * nitems; |
|
|
+ |
|
|
+ string res(buffer, iSize); |
|
|
+ if ( res.find("S_FILEREQUEST") != string::npos ) |
|
|
+ s->setState(S_FILEREQUEST); |
|
|
+ else |
|
|
+ if ( res.find("S_FILEKNOWN") != string::npos ) |
|
|
+ s->setState(S_FILEKNOWN); |
|
|
+ else |
|
|
+ if ( res.find("S_FILEOK") != string::npos ) |
|
|
+ s->setState(S_FILEOK); |
|
|
+ else |
|
|
+ s->setState(S_ERROR); |
|
|
+ |
|
|
+// delete(strBuf); |
|
|
+ return iSize; |
|
|
+} |
|
|
+ |
|
|
+uint8_t HTTPSession::getState() |
|
|
+{ |
|
|
+ return state; |
|
|
+} |
|
|
+ |
|
|
+void HTTPSession::setState(uint8_t s) |
|
|
+{ |
|
|
+ this->state = s; |
|
|
+} |
|
|
+ |
|
|
+string HTTPSession::getFileSourceURL() |
|
|
+{ |
|
|
+ return fileSourceURL; |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/HTTPSession.hpp nepenthes-0.2.0-r1345/modules/submit-http/HTTPSession.hpp |
|
|
--- nepenthes-0.2.0/modules/submit-http/HTTPSession.hpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/HTTPSession.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,82 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2006 Niklas Schiffler <nick@digitician.eu> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id$ */ |
|
|
+ |
|
|
+#include <curl/curl.h> |
|
|
+#include <curl/types.h> |
|
|
+ |
|
|
+#include "Download.hpp" |
|
|
+ |
|
|
+using namespace std; |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+ class HTTPSession |
|
|
+ { |
|
|
+ public: |
|
|
+ static const uint8_t S_FILEKNOWN = 0; |
|
|
+ static const uint8_t S_FILEREQUEST = 1; |
|
|
+ static const uint8_t S_FILEOK = 2; |
|
|
+ static const uint8_t S_FILEPENDING = 3; |
|
|
+ static const uint8_t S_ERROR = 4; |
|
|
+ |
|
|
+ HTTPSession(string &url, string &email, string &user, string &password, Download* down); |
|
|
+ ~HTTPSession(); |
|
|
+ CURL* getSubmitInfoHandle(); |
|
|
+ CURL* getSubmitFileHandle(); |
|
|
+ string getMD5(); |
|
|
+ string getSHA512(); |
|
|
+ void setCURLOpts(CURL* c, curl_httppost* post); |
|
|
+ uint8_t getState(); |
|
|
+ void setState(uint8_t s); |
|
|
+ string getFileSourceURL(); |
|
|
+ |
|
|
+ static size_t WriteCallback(char *buffer, size_t size, size_t nitems, void *userp); |
|
|
+ |
|
|
+ protected: |
|
|
+ CURL* curlInfoHandle; |
|
|
+ CURL* curlFileHandle; |
|
|
+ uint8_t* fileBuffer; |
|
|
+ size_t fileSize; |
|
|
+ struct curl_httppost* postInfo; |
|
|
+ struct curl_httppost* postFile; |
|
|
+ string fileName; |
|
|
+ string fileSourceURL; |
|
|
+ string md5; |
|
|
+ string sha512; |
|
|
+ string submitURL; |
|
|
+ string submitAuthStr; |
|
|
+ uint8_t state; |
|
|
+ |
|
|
+ }; |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/Makefile.am nepenthes-0.2.0-r1345/modules/submit-http/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/submit-http/Makefile.am 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,14 @@ |
|
|
+AUTOMAKE_OPTIONS = foreign |
|
|
+ |
|
|
+AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE |
|
|
+AM_CXXFLAGS = -Wall -Werror |
|
|
+ |
|
|
+AM_LDFLAGS = $(LIB_CURL) |
|
|
+ |
|
|
+pkglib_LTLIBRARIES = submithttp.la |
|
|
+ |
|
|
+submithttp_la_SOURCES = submit-http.cpp submit-http.hpp |
|
|
+submithttp_la_SOURCES += HTTPSession.hpp HTTPSession.cpp |
|
|
+submithttp_la_SOURCES += submit-http.conf.dist |
|
|
+ |
|
|
+submithttp_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/submit-http.conf.dist nepenthes-0.2.0-r1345/modules/submit-http/submit-http.conf.dist |
|
|
--- nepenthes-0.2.0/modules/submit-http/submit-http.conf.dist 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/submit-http.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,8 @@ |
|
|
+submit-http |
|
|
+{ |
|
|
+ url "http://somehost.de/submit.php"; |
|
|
+ email "your@email"; // optional |
|
|
+ user "httpuser"; // optional |
|
|
+ pass "httppass"; // optional |
|
|
+}; |
|
|
+ |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/submit-http.cpp nepenthes-0.2.0-r1345/modules/submit-http/submit-http.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-http/submit-http.cpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/submit-http.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,231 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2006 Niklas Schiffler <nick@digitician.eu> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id$ */ |
|
|
+ |
|
|
+#include "submit-http.hpp" |
|
|
+#include "Download.hpp" |
|
|
+#include "Utilities.hpp" |
|
|
+#include "SubmitManager.hpp" |
|
|
+#include "LogManager.hpp" |
|
|
+#include "Event.hpp" |
|
|
+#include "EventManager.hpp" |
|
|
+#include "EventHandler.cpp" // das ist Mist! |
|
|
+#include "Config.hpp" |
|
|
+#include "ModuleManager.hpp" |
|
|
+ |
|
|
+#include "HTTPSession.hpp" |
|
|
+ |
|
|
+using namespace nepenthes; |
|
|
+ |
|
|
+ |
|
|
+Nepenthes *g_Nepenthes; |
|
|
+ |
|
|
+ |
|
|
+HTTPSubmitHandler::HTTPSubmitHandler(Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ m_ModuleName = "submit-http"; |
|
|
+ m_ModuleDescription = "HTTP submit handler"; |
|
|
+ m_ModuleRevision = "$Rev$"; |
|
|
+ m_Nepenthes = nepenthes; |
|
|
+ m_SubmitterName = "submit-http"; |
|
|
+ m_SubmitterDescription = "submit binary file via HTTP POST request"; |
|
|
+ g_Nepenthes = nepenthes; |
|
|
+ |
|
|
+ m_Queued = 0; |
|
|
+ m_Timeout = time(NULL); |
|
|
+ m_Events.reset(); |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+HTTPSubmitHandler::~HTTPSubmitHandler() |
|
|
+{ |
|
|
+} |
|
|
+ |
|
|
+bool HTTPSubmitHandler::Init() |
|
|
+{ |
|
|
+ logPF(); |
|
|
+ |
|
|
+ if ( m_Config == NULL ) |
|
|
+ { |
|
|
+ logCrit("I need a config\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ try |
|
|
+ { |
|
|
+ m_URL = m_Config->getValString("submit-http.url"); |
|
|
+ } |
|
|
+ catch ( ... ) |
|
|
+ { |
|
|
+ logCrit("Error: Config property \"url\" missing\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ try |
|
|
+ { |
|
|
+ m_Email = m_Config->getValString("submit-http.email"); |
|
|
+ m_User = m_Config->getValString("submit-http.user"); |
|
|
+ m_Password = m_Config->getValString("submit-http.pass"); |
|
|
+ } |
|
|
+ catch ( ... ) |
|
|
+ { |
|
|
+ } |
|
|
+ |
|
|
+ m_ModuleManager = m_Nepenthes->getModuleMgr(); |
|
|
+ |
|
|
+ if ( (m_CurlStack = curl_multi_init()) == NULL ) |
|
|
+ { |
|
|
+ logCrit("Could not init Curl Multi Perform Stack %s\n",strerror(errno)); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ REG_SUBMIT_HANDLER(this); |
|
|
+ REG_EVENT_HANDLER(this); |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+bool HTTPSubmitHandler::Exit() |
|
|
+{ |
|
|
+ curl_multi_cleanup(m_CurlStack); |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+void HTTPSubmitHandler::Submit(Download *down) |
|
|
+{ |
|
|
+ logPF(); |
|
|
+ |
|
|
+ if ( m_Events.test(EV_TIMEOUT) == false ) |
|
|
+ m_Events.set(EV_TIMEOUT); |
|
|
+ |
|
|
+ HTTPSession* session = new HTTPSession(m_URL, m_Email, m_User, m_Password, down); |
|
|
+ curl_multi_add_handle(m_CurlStack, session->getSubmitInfoHandle()); |
|
|
+ m_Queued++; |
|
|
+} |
|
|
+ |
|
|
+void HTTPSubmitHandler::Hit(Download *down) |
|
|
+{ |
|
|
+ Submit(down); |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+uint32_t HTTPSubmitHandler::handleEvent(Event *event) |
|
|
+{ |
|
|
+ logPF(); |
|
|
+ if ( event->getType() != EV_TIMEOUT ) |
|
|
+ { |
|
|
+ logCrit("Unwanted event %i\n",event->getType()); |
|
|
+ return 1; |
|
|
+ } |
|
|
+ |
|
|
+ // do file info submits |
|
|
+ int32_t iQueue = 0; |
|
|
+ while ( curl_multi_perform(m_CurlStack, (int *)&iQueue) == CURLM_CALL_MULTI_PERFORM ); |
|
|
+ |
|
|
+ if ( m_Queued > iQueue ) |
|
|
+ { |
|
|
+ logSpam("m_Queued (%i) > (%i) iQueue\n", m_Queued, iQueue); |
|
|
+ CURLMsg * pMessage; |
|
|
+ |
|
|
+ while ( (pMessage = curl_multi_info_read(m_CurlStack, (int *)&iQueue)) ) |
|
|
+ { |
|
|
+ if ( pMessage->msg == CURLMSG_DONE ) |
|
|
+ { |
|
|
+ HTTPSession *session; |
|
|
+ char *cSession; |
|
|
+ |
|
|
+ curl_easy_getinfo(pMessage->easy_handle, CURLINFO_PRIVATE, (char**)&cSession); |
|
|
+ session = (HTTPSession *)cSession; |
|
|
+ |
|
|
+ uint8_t sessionState = session->getState(); |
|
|
+ |
|
|
+ if ( sessionState == HTTPSession::S_FILEKNOWN || sessionState == HTTPSession::S_FILEREQUEST ) |
|
|
+ { |
|
|
+ if ( pMessage->data.result ) |
|
|
+ { |
|
|
+ logInfo("Error: Submitting file info (%s, %s) failed: %s\n", session->getMD5().c_str(), session->getFileSourceURL().c_str(), curl_easy_strerror(pMessage->data.result)); |
|
|
+ delete session; |
|
|
+ curl_multi_remove_handle(m_CurlStack, pMessage->easy_handle); |
|
|
+ --m_Queued; |
|
|
+ continue; |
|
|
+ } |
|
|
+ logInfo("File info submitted (%s, %s)\n", session->getMD5().c_str(), session->getFileSourceURL().c_str()); |
|
|
+ } |
|
|
+ |
|
|
+ switch ( sessionState ) |
|
|
+ { |
|
|
+ case HTTPSession::S_FILEKNOWN: |
|
|
+ logInfo("File already known (%s, %s)\n", session->getMD5().c_str(), session->getFileSourceURL().c_str()); |
|
|
+ break; |
|
|
+ case HTTPSession::S_FILEREQUEST: |
|
|
+ logInfo("File upload requested (%s, %s)\n", session->getMD5().c_str(), session->getFileSourceURL().c_str()); |
|
|
+ session->setState(HTTPSession::S_FILEPENDING); |
|
|
+ curl_multi_add_handle(m_CurlStack, session->getSubmitFileHandle()); |
|
|
+ break; |
|
|
+ case HTTPSession::S_FILEOK: |
|
|
+ logInfo("File uploaded (%s, %s)\n", session->getMD5().c_str(), session->getFileSourceURL().c_str()); |
|
|
+ break; |
|
|
+ case HTTPSession::S_ERROR: |
|
|
+ logInfo("Error handling file (%s, %s)\n", session->getMD5().c_str(), session->getFileSourceURL().c_str()); |
|
|
+ break; |
|
|
+ } |
|
|
+ |
|
|
+ curl_multi_remove_handle(m_CurlStack, pMessage->easy_handle); |
|
|
+ |
|
|
+ if ( sessionState == HTTPSession::S_FILEKNOWN || |
|
|
+ sessionState == HTTPSession::S_FILEOK || |
|
|
+ sessionState == HTTPSession::S_ERROR ) |
|
|
+ { |
|
|
+ delete session; |
|
|
+ --m_Queued; |
|
|
+ } |
|
|
+ } |
|
|
+ } |
|
|
+ } |
|
|
+ |
|
|
+ if ( m_Queued == 0 ) |
|
|
+ m_Events.reset(EV_TIMEOUT); |
|
|
+ |
|
|
+ m_Timeout = time(NULL) + 1; |
|
|
+ return 0; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+extern "C" int32_t module_init(int32_t version, Module **module, Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ if ( version == MODULE_IFACE_VERSION ) |
|
|
+ { |
|
|
+ *module = new HTTPSubmitHandler(nepenthes); |
|
|
+ return 1; |
|
|
+ } |
|
|
+ else |
|
|
+ { |
|
|
+ return 0; |
|
|
+ } |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-http/submit-http.hpp nepenthes-0.2.0-r1345/modules/submit-http/submit-http.hpp |
|
|
--- nepenthes-0.2.0/modules/submit-http/submit-http.hpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-http/submit-http.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,72 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2006 Niklas Schiffler <nick@digitician.eu> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id$ */ |
|
|
+ |
|
|
+#include <curl/curl.h> |
|
|
+#include <curl/types.h> /* new for v7 */ |
|
|
+#include <curl/easy.h> /* new for v7 */ |
|
|
+ |
|
|
+#include "Nepenthes.hpp" |
|
|
+#include "Module.hpp" |
|
|
+#include "SubmitHandler.hpp" |
|
|
+#include "EventHandler.hpp" |
|
|
+#include "Download.hpp" |
|
|
+ |
|
|
+ |
|
|
+using namespace std; |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ class HTTPSubmitHandler : public Module , public SubmitHandler, public EventHandler |
|
|
+ { |
|
|
+ public: |
|
|
+ HTTPSubmitHandler(Nepenthes *nep); |
|
|
+ ~HTTPSubmitHandler(); |
|
|
+ bool Init(); |
|
|
+ bool Exit(); |
|
|
+ |
|
|
+ void Submit(Download *down); |
|
|
+ void Hit(Download *down); |
|
|
+ |
|
|
+ uint32_t handleEvent(Event *event); |
|
|
+ |
|
|
+ protected: |
|
|
+ CURLM* m_CurlStack; |
|
|
+ int32_t m_Queued; |
|
|
+ string m_URL; |
|
|
+ string m_Email; |
|
|
+ string m_User; |
|
|
+ string m_Password; |
|
|
+ |
|
|
+ }; |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+extern nepenthes::Nepenthes *g_Nepenthes; |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/Makefile.am nepenthes-0.2.0-r1345/modules/submit-mwserv/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/Makefile.am 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,19 @@ |
|
|
+# nepenthes module Makefile |
|
|
+# Paul Baecher, Maximillian Dornseif, Markus Koetter |
|
|
+# $Id: Makefile.am 718 2006-12-28 23:29:59Z common $ |
|
|
+ |
|
|
+AUTOMAKE_OPTIONS = foreign |
|
|
+ |
|
|
+AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE |
|
|
+AM_CXXFLAGS = -Wall -Werror |
|
|
+ |
|
|
+AM_LDFLAGS = $(LIB_CURL) |
|
|
+ |
|
|
+pkglib_LTLIBRARIES = submitmwserv.la |
|
|
+ |
|
|
+submitmwserv_la_SOURCES = submit-mwserv.cpp submit-mwserv.hpp |
|
|
+submitmwserv_la_SOURCES += TransferSession.cpp TransferSession.hpp |
|
|
+submitmwserv_la_SOURCES += submit-mwserv.conf.dist |
|
|
+ |
|
|
+submitmwserv_la_CXXFLAGS = -fno-strict-aliasing |
|
|
+submitmwserv_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/TransferSession.cpp nepenthes-0.2.0-r1345/modules/submit-mwserv/TransferSession.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/TransferSession.cpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/TransferSession.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,402 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2007 Georg Wicherski <gw@mwcollect.org> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+#include "submit-mwserv.hpp" |
|
|
+ |
|
|
+#include "LogManager.hpp" |
|
|
+#include "EventManager.hpp" |
|
|
+ |
|
|
+#include "POLLSocket.cpp" |
|
|
+#include "Socket.cpp" |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+#if defined(__GNUG__) |
|
|
+ #define MY_COMPILER "g++" |
|
|
+#elif defined(__CYGWIN__) |
|
|
+ #define MY_COMPILER "cygwin" |
|
|
+#else |
|
|
+ #define MY_COMPILER "unknown Compiler" |
|
|
+#endif |
|
|
+ |
|
|
+#if defined(__FreeBSD__) |
|
|
+# define MY_OS "FreeBSD" |
|
|
+#elif defined(linux) || defined (__linux) |
|
|
+# define MY_OS "Linux" |
|
|
+#elif defined (__MACOSX__) || defined (__APPLE__) |
|
|
+# define MY_OS "Mac OS X" |
|
|
+#elif defined(__NetBSD__) |
|
|
+# define MY_OS "NetBSD" |
|
|
+#elif defined(__OpenBSD__) |
|
|
+# define MY_OS "OpenBSD" |
|
|
+#elif defined(_WIN32) || defined(__WIN32__) || defined(__TOS_WIN__) |
|
|
+# define MY_OS "Windows" |
|
|
+#elif defined(CYGWIN) |
|
|
+# define MY_OS "Cygwin\Windows" |
|
|
+#else |
|
|
+# define MY_OS "Unknown OS" |
|
|
+#endif |
|
|
+ |
|
|
+#if defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA) |
|
|
+# define MY_ARCH "Alpha" |
|
|
+#elif defined(__arm__) |
|
|
+# if defined(__ARMEB__) |
|
|
+# define MY_ARCH "ARMeb" |
|
|
+# else |
|
|
+# define MY_ARCH "ARM" |
|
|
+# endif |
|
|
+#elif defined(i386) || defined(__i386__) || defined(__i386) || defined(_M_IX86) || defined(_X86_) || defined(__THW_INTEL) |
|
|
+# define MY_ARCH "x86" |
|
|
+#elif defined(__x86_64__) || defined(__amd64__) |
|
|
+# define MY_ARCH "x86_64" |
|
|
+#elif defined(__ia64__) || defined(_IA64) || defined(__IA64__) || defined(_M_IA64) |
|
|
+# define MY_ARCH "Intel Architecture-64" |
|
|
+#elif defined(__mips__) || defined(__mips) || defined(__MIPS__) |
|
|
+# if defined(__mips32__) || defined(__mips32) |
|
|
+# define MY_ARCH "MIPS32" |
|
|
+# else |
|
|
+# define MY_ARCH "MIPS" |
|
|
+# endif |
|
|
+#elif defined(__hppa__) || defined(__hppa) |
|
|
+# define MY_ARCH "PA RISC" |
|
|
+#elif defined(__powerpc) || defined(__powerpc__) || defined(__POWERPC__) || defined(__ppc__) || defined(_M_PPC) || defined(__PPC) || defined(__PPC__) |
|
|
+# define MY_ARCH "PowerPC" |
|
|
+#elif defined(__THW_RS6000) || defined(_IBMR2) || defined(_POWER) || defined(_ARCH_PWR) || defined(_ARCH_PWR2) |
|
|
+# define MY_ARCH "RS/6000" |
|
|
+#elif defined(__sparc__) || defined(sparc) || defined(__sparc) |
|
|
+# define MY_ARCH "SPARC" |
|
|
+#else |
|
|
+# define MY_ARCH "Unknown Architecture" |
|
|
+#endif |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+TransferSession::TransferSession(Type type, SubmitMwservModule * parent) |
|
|
+{ |
|
|
+ m_type = type; |
|
|
+ m_parent = parent; |
|
|
+ |
|
|
+ m_sample.binary = 0; |
|
|
+ m_multiHandle = 0; |
|
|
+ m_postInfo = m_postInfoLast = 0; |
|
|
+ m_curlHandle = 0; |
|
|
+ |
|
|
+ m_Type |= ST_NODEL; |
|
|
+} |
|
|
+ |
|
|
+void TransferSession::transfer(TransferSample& sample, string url) |
|
|
+{ |
|
|
+ m_sample = sample; |
|
|
+ |
|
|
+ if(!(m_curlHandle = curl_easy_init()) || !(m_multiHandle = |
|
|
+ curl_multi_init())) |
|
|
+ { |
|
|
+ logCrit("%s failed!\n", __PRETTY_FUNCTION__); |
|
|
+ return; |
|
|
+ } |
|
|
+ |
|
|
+ m_targetUrl = url; |
|
|
+ m_sample = sample; |
|
|
+ |
|
|
+ initializeHandle(); |
|
|
+} |
|
|
+ |
|
|
+TransferSession::~TransferSession() |
|
|
+{ |
|
|
+ Exit(); |
|
|
+} |
|
|
+ |
|
|
+void TransferSession::initializeHandle() |
|
|
+{ |
|
|
+ m_postInfo = m_postInfoLast = 0; |
|
|
+ |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "guid", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.guid.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, |
|
|
+ "maintainer", CURLFORM_COPYCONTENTS, m_sample.maintainer.c_str(), |
|
|
+ CURLFORM_END); |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "secret", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.secret.c_str(), CURLFORM_END); |
|
|
+ |
|
|
+ if(m_type != TST_HEARTBEAT) |
|
|
+ { |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "url", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.url.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "sha512", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.sha512.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "saddr", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.saddr.c_str(), CURLFORM_END); |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "daddr", |
|
|
+ CURLFORM_COPYCONTENTS, m_sample.daddr.c_str(), CURLFORM_END); |
|
|
+ |
|
|
+ if(m_type == TST_SAMPLE) |
|
|
+ { |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "data", |
|
|
+ CURLFORM_PTRCONTENTS, m_sample.binary, CURLFORM_CONTENTSLENGTH, |
|
|
+ m_sample.binarySize, CURLFORM_END); |
|
|
+ } |
|
|
+ } |
|
|
+ else |
|
|
+ { |
|
|
+ curl_formadd(&m_postInfo, &m_postInfoLast, CURLFORM_PTRNAME, "software", |
|
|
+ CURLFORM_COPYCONTENTS, "nepenthes " VERSION " (" MY_OS ", " MY_ARCH |
|
|
+ ", " MY_COMPILER ")", CURLFORM_END); |
|
|
+ } |
|
|
+ |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_HTTPPOST, m_postInfo); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_FORBID_REUSE, 1); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_SSL_VERIFYHOST, false); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_SSL_VERIFYPEER, false); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_URL, m_targetUrl.c_str()); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_USERAGENT, |
|
|
+ "nepenthes " VERSION " (" MY_OS ", " MY_ARCH ", " MY_COMPILER ")"); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_WRITEDATA, this); |
|
|
+ curl_easy_setopt(m_curlHandle, CURLOPT_WRITEFUNCTION, |
|
|
+ TransferSession::readData); |
|
|
+ |
|
|
+ CURLMcode error; |
|
|
+ |
|
|
+ if((error = curl_multi_add_handle(m_multiHandle, m_curlHandle))) |
|
|
+ logCrit("Error adding easy to multi: %s\n", curl_multi_strerror(error)); |
|
|
+ |
|
|
+ int handles = 0; |
|
|
+ |
|
|
+ while(curl_multi_perform(m_multiHandle, &handles) == |
|
|
+ CURLM_CALL_MULTI_PERFORM && handles); |
|
|
+} |
|
|
+ |
|
|
+//size_t function( void *ptr, size_t size, size_t nmemb, void *stream); |
|
|
+size_t TransferSession::readData(void *buffer, size_t s, size_t n, void *data) |
|
|
+{ |
|
|
+ ((TransferSession *) data)->m_buffer.append((const char *)buffer, s * n); |
|
|
+ return s * n; |
|
|
+} |
|
|
+ |
|
|
+TransferSession::Status TransferSession::getTransferStatus() |
|
|
+{ |
|
|
+ if(m_type != TST_HEARTBEAT) |
|
|
+ { |
|
|
+ if(m_buffer == "OK") |
|
|
+ return TSS_OK; |
|
|
+ else if(m_buffer == "UNKNOWN") |
|
|
+ return TSS_UNKNOWN; |
|
|
+ else |
|
|
+ return TSS_ERROR; |
|
|
+ } |
|
|
+ else |
|
|
+ { |
|
|
+ if(m_buffer.substr(0, 4) == "OK: ") |
|
|
+ return TSS_HEARTBEAT; |
|
|
+ else |
|
|
+ return TSS_ERROR; |
|
|
+ } |
|
|
+} |
|
|
+ |
|
|
+bool TransferSession::Init() |
|
|
+{ |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+bool TransferSession::Exit() |
|
|
+{ |
|
|
+ if(m_multiHandle) |
|
|
+ curl_multi_remove_handle(m_multiHandle, m_curlHandle); |
|
|
+ |
|
|
+ if(m_postInfo) |
|
|
+ curl_formfree(m_postInfo); |
|
|
+ |
|
|
+ if(m_curlHandle) |
|
|
+ curl_easy_cleanup(m_curlHandle); |
|
|
+ |
|
|
+ if(m_multiHandle) |
|
|
+ { |
|
|
+ curl_multi_cleanup(m_multiHandle); |
|
|
+ m_multiHandle = 0; |
|
|
+ } |
|
|
+ |
|
|
+ if(m_sample.binary) |
|
|
+ { |
|
|
+ delete [] m_sample.binary; |
|
|
+ m_sample.binary = 0; |
|
|
+ } |
|
|
+ |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+bool TransferSession::wantSend() |
|
|
+{ |
|
|
+ fd_set readSet, writeSet, errorSet; |
|
|
+ int maxFd = 0; |
|
|
+ CURLMcode error; |
|
|
+ FD_ZERO(&readSet); FD_ZERO(&writeSet); FD_ZERO(&errorSet); |
|
|
+ |
|
|
+ if((error = curl_multi_fdset(m_multiHandle, &readSet, &writeSet, &errorSet, |
|
|
+ &maxFd))) |
|
|
+ { |
|
|
+ logCrit("Obtaining write socket failed: %s\n", |
|
|
+ curl_multi_strerror(error)); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ return FD_ISSET(maxFd, &writeSet); |
|
|
+} |
|
|
+ |
|
|
+int32_t TransferSession::doSend() |
|
|
+{ |
|
|
+ return doRecv(); |
|
|
+} |
|
|
+ |
|
|
+int32_t TransferSession::doRecv() |
|
|
+{ |
|
|
+ int handles = 0, queued = 0; |
|
|
+ |
|
|
+ while(curl_multi_perform(m_multiHandle, &handles) == |
|
|
+ CURLM_CALL_MULTI_PERFORM && handles); |
|
|
+ |
|
|
+ CURLMsg * message; |
|
|
+ |
|
|
+ while((message = curl_multi_info_read(m_multiHandle, &queued))) |
|
|
+ { |
|
|
+ if(message->msg == CURLMSG_DONE) |
|
|
+ { |
|
|
+ if(message->data.result) |
|
|
+ { |
|
|
+ logCrit("Connection to %s failed: %s [\"%s\"]\n", |
|
|
+ m_targetUrl.c_str(), curl_easy_strerror(message-> |
|
|
+ data.result), m_buffer.c_str()); |
|
|
+ |
|
|
+ if(m_type == TST_HEARTBEAT) |
|
|
+ m_parent->scheduleHeartbeat(DEFAULT_HEARTBEAT_DELTA); |
|
|
+ else |
|
|
+ { |
|
|
+ m_parent->retrySample(m_sample); |
|
|
+ m_sample.binary = 0; |
|
|
+ } |
|
|
+ } |
|
|
+ else |
|
|
+ { |
|
|
+ switch(getTransferStatus()) |
|
|
+ { |
|
|
+ case TransferSession::TSS_OK: |
|
|
+ logInfo("Transmitted %s to %s.\n", m_sample.url.c_str(), |
|
|
+ m_targetUrl.c_str()); |
|
|
+ |
|
|
+ break; |
|
|
+ |
|
|
+ case TransferSession::TSS_UNKNOWN: |
|
|
+ logInfo("submit-mwserv: uploading data for %s\n", |
|
|
+ m_sample.url.c_str()); |
|
|
+ |
|
|
+ m_parent->submitSample(m_sample); |
|
|
+ m_sample.binary = 0; |
|
|
+ |
|
|
+ break; |
|
|
+ |
|
|
+ case TransferSession::TSS_HEARTBEAT: |
|
|
+ { |
|
|
+ unsigned long delta = strtoul(m_buffer.substr(4). |
|
|
+ c_str(), 0, 0); |
|
|
+ logDebug("Next heartbeat in %u seconds.\n", delta); |
|
|
+ |
|
|
+ m_parent->scheduleHeartbeat(delta); |
|
|
+ |
|
|
+ break; |
|
|
+ } |
|
|
+ |
|
|
+ case TransferSession::TSS_ERROR: |
|
|
+ if(m_type == TST_HEARTBEAT) |
|
|
+ m_parent->scheduleHeartbeat(DEFAULT_HEARTBEAT_DELTA); |
|
|
+ |
|
|
+ logCrit("%s reported \"%s\"\n", m_targetUrl.c_str(), |
|
|
+ m_buffer.c_str()); |
|
|
+ |
|
|
+ break; |
|
|
+ } |
|
|
+ } |
|
|
+ |
|
|
+ m_Type |= ~ST_NODEL; |
|
|
+ m_Status = SS_CLOSED; |
|
|
+ } |
|
|
+ } |
|
|
+ |
|
|
+ return 0; |
|
|
+} |
|
|
+ |
|
|
+int32_t TransferSession::getSocket() |
|
|
+{ |
|
|
+ if(!m_multiHandle) |
|
|
+ return -1; |
|
|
+ |
|
|
+ fd_set readSet, writeSet, errorSet; |
|
|
+ int maxFd = 0; |
|
|
+ CURLMcode error; |
|
|
+ FD_ZERO(&readSet); FD_ZERO(&writeSet); FD_ZERO(&errorSet); |
|
|
+ |
|
|
+ if((error = curl_multi_fdset(m_multiHandle, &readSet, &writeSet, &errorSet, |
|
|
+ &maxFd))) |
|
|
+ { |
|
|
+ logCrit("Obtaining read socket failed: %s\n", |
|
|
+ curl_multi_strerror(error)); |
|
|
+ return -1; |
|
|
+ } |
|
|
+ |
|
|
+ if(maxFd == -1) |
|
|
+ return -1; |
|
|
+ |
|
|
+ if(!FD_ISSET(maxFd, &readSet) && !FD_ISSET(maxFd, &writeSet) && |
|
|
+ !FD_ISSET(maxFd, &errorSet)) |
|
|
+ { |
|
|
+ logCrit("maxFd not in set: %i!\n", maxFd); |
|
|
+ return -1; |
|
|
+ } |
|
|
+ |
|
|
+ return maxFd; |
|
|
+} |
|
|
+ |
|
|
+int32_t TransferSession::getsockOpt(int32_t level, int32_t optname, |
|
|
+ void *optval, socklen_t *optlen) |
|
|
+{ |
|
|
+ return getsockopt(getSocket(), level, optname, optval, optlen); |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+bool TransferSession::checkTimeout() |
|
|
+{ |
|
|
+ // if the connection is bad, give curl a chance to take care, so we can get rid of the connection |
|
|
+ if (getSocket() == -1) |
|
|
+ doRecv(); |
|
|
+ |
|
|
+ return false; |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/TransferSession.hpp nepenthes-0.2.0-r1345/modules/submit-mwserv/TransferSession.hpp |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/TransferSession.hpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/TransferSession.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,129 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2007 Georg Wicherski <gw@mwcollect.org> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+#include <curl/curl.h> |
|
|
+#include <curl/types.h> |
|
|
+#include <curl/easy.h> |
|
|
+ |
|
|
+#include <string> |
|
|
+using namespace std; |
|
|
+ |
|
|
+#include "Nepenthes.hpp" |
|
|
+#include "Module.hpp" |
|
|
+#include "SubmitHandler.hpp" |
|
|
+#include "Download.hpp" |
|
|
+ |
|
|
+#include "POLLSocket.hpp" |
|
|
+ |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+struct TransferSample |
|
|
+{ |
|
|
+ string guid; |
|
|
+ string maintainer; |
|
|
+ string secret; |
|
|
+ |
|
|
+ string url; |
|
|
+ string saddr, daddr; |
|
|
+ string sha512; |
|
|
+ |
|
|
+ char * binary; |
|
|
+ unsigned int binarySize; |
|
|
+}; |
|
|
+ |
|
|
+ |
|
|
+class SubmitMwservModule; |
|
|
+ |
|
|
+class TransferSession : public POLLSocket |
|
|
+{ |
|
|
+public: |
|
|
+ enum Type |
|
|
+ { |
|
|
+ TST_INSTANCE, |
|
|
+ TST_SAMPLE, |
|
|
+ TST_HEARTBEAT, |
|
|
+ }; |
|
|
+ |
|
|
+ TransferSession(Type type, SubmitMwservModule * parent); |
|
|
+ virtual ~TransferSession(); |
|
|
+ |
|
|
+ enum Status |
|
|
+ { |
|
|
+ TSS_OK, |
|
|
+ TSS_UNKNOWN, |
|
|
+ TSS_HEARTBEAT, |
|
|
+ TSS_ERROR, |
|
|
+ }; |
|
|
+ |
|
|
+ TransferSession::Status getTransferStatus(); |
|
|
+ |
|
|
+ void transfer(TransferSample& sample, string url); |
|
|
+ |
|
|
+ // POLLSocket |
|
|
+ bool Init(); |
|
|
+ bool Exit(); |
|
|
+ |
|
|
+ bool wantSend(); |
|
|
+ |
|
|
+ int32_t doSend(); |
|
|
+ int32_t doRecv(); |
|
|
+ int32_t getSocket(); |
|
|
+ int32_t getsockOpt(int32_t level, int32_t optname, |
|
|
+ void *optval, socklen_t *optlen); |
|
|
+ bool checkTimeout(); |
|
|
+ |
|
|
+protected: |
|
|
+ string m_targetUrl; |
|
|
+ TransferSample m_sample; |
|
|
+ |
|
|
+ CURL * m_curlHandle; |
|
|
+ CURLM * m_multiHandle; |
|
|
+ curl_httppost * m_postInfo, * m_postInfoLast; |
|
|
+ |
|
|
+ char * m_dataCopy; |
|
|
+ unsigned int m_dataSize; |
|
|
+ |
|
|
+ void initializeHandle(); |
|
|
+ void recreateWithSampleData(); |
|
|
+ |
|
|
+ string m_buffer; |
|
|
+ |
|
|
+ Type m_type; |
|
|
+ SubmitMwservModule * m_parent; |
|
|
+ |
|
|
+ unsigned long m_heartbeatDelta; |
|
|
+ |
|
|
+private: |
|
|
+ static size_t readData(void *buffer, size_t size, size_t n, void *data); |
|
|
+}; |
|
|
+ |
|
|
+ |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.conf.dist nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.conf.dist |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.conf.dist 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,18 @@ |
|
|
+// lightweight libcurl based module for file submission via HTTP to the mwserv |
|
|
+// python script suite (typically running on an apache2 with mod_python) |
|
|
+// This is primarily used by the mwcollect Alliance - alliance.mwcollect.org |
|
|
+ |
|
|
+submit-mwserv |
|
|
+{ |
|
|
+ // the url to send the submission requests to |
|
|
+ url = ""; |
|
|
+ |
|
|
+ // username of the maintainer of this sensor |
|
|
+ maintainer = ""; |
|
|
+ |
|
|
+ // guid of this sensor, as generated serverside; typically 8 chars |
|
|
+ guid = ""; |
|
|
+ |
|
|
+ // shared secret used for authentication aka `password'; typically 48 chars |
|
|
+ secret = ""; |
|
|
+}; |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.cpp nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.cpp |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.cpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,224 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2007 Georg Wicherski <gw@mwcollect.org> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+#include "Download.hpp" |
|
|
+#include "Utilities.hpp" |
|
|
+#include "SubmitManager.hpp" |
|
|
+#include "LogManager.hpp" |
|
|
+#include "Event.hpp" |
|
|
+#include "EventManager.hpp" |
|
|
+#include "EventHandler.cpp" |
|
|
+#include "Config.hpp" |
|
|
+#include "ModuleManager.hpp" |
|
|
+#include "SocketManager.hpp" |
|
|
+ |
|
|
+#include "DownloadBuffer.hpp" |
|
|
+#include "DownloadUrl.hpp" |
|
|
+ |
|
|
+#include "submit-mwserv.hpp" |
|
|
+ |
|
|
+#include <unistd.h> |
|
|
+#include <sys/socket.h> |
|
|
+#include <netinet/in.h> |
|
|
+#include <arpa/inet.h> |
|
|
+ |
|
|
+ |
|
|
+#define SUBMIT_URI "nepenthes/submit" |
|
|
+#define HEARTBEAT_URI "heartbeat" |
|
|
+ |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+SubmitMwservModule::SubmitMwservModule(Nepenthes * nepenthes) |
|
|
+{ |
|
|
+ m_ModuleName = "submit-mwserv"; |
|
|
+ m_ModuleDescription = "mwserv.py HTTP Post Submission"; |
|
|
+ m_ModuleRevision = "$Rev: 921 $"; |
|
|
+ m_Nepenthes = nepenthes; |
|
|
+ m_SubmitterName = "submit-mwserv"; |
|
|
+ m_SubmitterDescription = "mwserv.py HTTP Post Submission"; |
|
|
+ |
|
|
+ m_Timeout = 0; |
|
|
+ m_TimeoutIntervall = 0; |
|
|
+} |
|
|
+ |
|
|
+bool SubmitMwservModule::Init() |
|
|
+{ |
|
|
+ if(!m_Config) |
|
|
+ { |
|
|
+ logCrit("No configuration for submit-mwserv provided.\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ try |
|
|
+ { |
|
|
+ m_url = m_Config->getValString("submit-mwserv.url"); |
|
|
+ m_guid = m_Config->getValString("submit-mwserv.guid"); |
|
|
+ m_maintainer = m_Config->getValString("submit-mwserv.maintainer"); |
|
|
+ m_secret = m_Config->getValString("submit-mwserv.secret"); |
|
|
+ } |
|
|
+ catch(...) |
|
|
+ { |
|
|
+ logCrit("Missing configuration option for submit-mwserv.\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ if(m_guid.find(":") != string::npos || m_maintainer.find(":") |
|
|
+ != string::npos || m_secret.find(":") != string::npos || |
|
|
+ m_guid.find("+") != string::npos || m_maintainer.find("+") |
|
|
+ != string::npos || m_secret.find("+") != string::npos) |
|
|
+ { |
|
|
+ logCrit("submit-mwserv: guid, maintainer or secret from configuration" |
|
|
+ "contained ':' or '+'; this is not allowed.\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+ |
|
|
+ if(* m_url.rbegin() != '/') |
|
|
+ m_url += "/"; |
|
|
+ |
|
|
+ REG_SUBMIT_HANDLER(this); |
|
|
+ REG_EVENT_HANDLER(this); |
|
|
+ |
|
|
+ handleEvent(0); |
|
|
+ |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+bool SubmitMwservModule::Exit() |
|
|
+{ |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+void SubmitMwservModule::Submit(Download * download) |
|
|
+{ |
|
|
+ Hit(download); |
|
|
+} |
|
|
+ |
|
|
+void SubmitMwservModule::Hit(Download * download) |
|
|
+{ |
|
|
+ TransferSample sample; |
|
|
+ TransferSession * session = new TransferSession(TransferSession:: |
|
|
+ TST_INSTANCE, this); |
|
|
+ |
|
|
+ { |
|
|
+ struct in_addr saddr, daddr; |
|
|
+ |
|
|
+ saddr.s_addr = download->getRemoteHost(); |
|
|
+ daddr.s_addr = download->getLocalHost(); |
|
|
+ |
|
|
+ sample.saddr = inet_ntoa(saddr); |
|
|
+ sample.daddr = inet_ntoa(daddr); |
|
|
+ |
|
|
+ sample.guid = m_guid; |
|
|
+ sample.maintainer = m_maintainer; |
|
|
+ sample.secret = m_secret; |
|
|
+ |
|
|
+ sample.url = download->getUrl(); |
|
|
+ sample.sha512 = download->getSHA512Sum(); |
|
|
+ |
|
|
+ sample.binarySize = download->getDownloadBuffer()->getSize(); |
|
|
+ sample.binary = new char[sample.binarySize]; |
|
|
+ memcpy(sample.binary, download->getDownloadBuffer()->getData(), |
|
|
+ sample.binarySize); |
|
|
+ } |
|
|
+ |
|
|
+ session->transfer(sample, m_url + SUBMIT_URI); |
|
|
+ g_Nepenthes->getSocketMgr()->addPOLLSocket(session); |
|
|
+} |
|
|
+ |
|
|
+void SubmitMwservModule::retrySample(TransferSample& sample) |
|
|
+{ |
|
|
+ TransferSession * session = new TransferSession(TransferSession:: |
|
|
+ TST_INSTANCE, this); |
|
|
+ |
|
|
+ session->transfer(sample, m_url + SUBMIT_URI); |
|
|
+ g_Nepenthes->getSocketMgr()->addPOLLSocket(session); |
|
|
+} |
|
|
+ |
|
|
+void SubmitMwservModule::submitSample(TransferSample& sample) |
|
|
+{ |
|
|
+ TransferSession * session = new TransferSession(TransferSession:: |
|
|
+ TST_SAMPLE, this); |
|
|
+ |
|
|
+ session->transfer(sample, m_url + SUBMIT_URI); |
|
|
+ g_Nepenthes->getSocketMgr()->addPOLLSocket(session); |
|
|
+} |
|
|
+ |
|
|
+uint32_t SubmitMwservModule::handleEvent(Event * ev) |
|
|
+{ |
|
|
+ m_Events.reset(EV_TIMEOUT); |
|
|
+ |
|
|
+ TransferSample sample; |
|
|
+ TransferSession * session = new TransferSession(TransferSession:: |
|
|
+ TST_HEARTBEAT, this); |
|
|
+ |
|
|
+ sample.guid = m_guid; |
|
|
+ sample.maintainer = m_maintainer; |
|
|
+ sample.secret = m_secret; |
|
|
+ sample.binary = 0; |
|
|
+ |
|
|
+ session->transfer(sample, m_url + HEARTBEAT_URI); |
|
|
+ g_Nepenthes->getSocketMgr()->addPOLLSocket(session); |
|
|
+ |
|
|
+ return 0; |
|
|
+} |
|
|
+ |
|
|
+void SubmitMwservModule::scheduleHeartbeat(unsigned long delta) |
|
|
+{ |
|
|
+ if(delta > MAX_HEARTBEAT_DELTA) |
|
|
+ { |
|
|
+ logInfo("Capping server heartbeat delta of %u sec to %u sec.\n", delta, |
|
|
+ MAX_HEARTBEAT_DELTA); |
|
|
+ |
|
|
+ delta = MAX_HEARTBEAT_DELTA; |
|
|
+ } |
|
|
+ |
|
|
+ m_Events.set(EV_TIMEOUT); |
|
|
+ m_Timeout = time(0) + delta; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+extern "C" int32_t module_init(int32_t version, Module **module, Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ g_Nepenthes = nepenthes; |
|
|
+ |
|
|
+ if(version == MODULE_IFACE_VERSION) |
|
|
+ { |
|
|
+ * module = new SubmitMwservModule(nepenthes); |
|
|
+ return 1; |
|
|
+ } |
|
|
+ |
|
|
+ return 0; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+Nepenthes * g_Nepenthes; |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.hpp nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.hpp |
|
|
--- nepenthes-0.2.0/modules/submit-mwserv/submit-mwserv.hpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-mwserv/submit-mwserv.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,78 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2007 Georg Wicherski <gw@mwcollect.org> |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+#include <curl/curl.h> |
|
|
+#include <curl/types.h> |
|
|
+#include <curl/easy.h> |
|
|
+ |
|
|
+#include "Nepenthes.hpp" |
|
|
+#include "Module.hpp" |
|
|
+#include "SubmitHandler.hpp" |
|
|
+#include "EventHandler.hpp" |
|
|
+#include "Download.hpp" |
|
|
+ |
|
|
+#include "TransferSession.hpp" |
|
|
+ |
|
|
+ |
|
|
+#define DEFAULT_HEARTBEAT_DELTA 30 |
|
|
+#define MAX_HEARTBEAT_DELTA 300 |
|
|
+ |
|
|
+ |
|
|
+using namespace std; |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ |
|
|
+class SubmitMwservModule : public Module , public SubmitHandler, |
|
|
+ public EventHandler |
|
|
+{ |
|
|
+public: |
|
|
+ SubmitMwservModule(Nepenthes * nepenthes); |
|
|
+ |
|
|
+ bool Init(); |
|
|
+ bool Exit(); |
|
|
+ |
|
|
+ void Submit(Download * download); |
|
|
+ void Hit(Download * download); |
|
|
+ |
|
|
+ uint32_t handleEvent(Event *event); |
|
|
+ |
|
|
+ void submitSample(TransferSample& sample); |
|
|
+ void retrySample(TransferSample& sample); |
|
|
+ void scheduleHeartbeat(unsigned long delta); |
|
|
+ |
|
|
+protected: |
|
|
+ string m_url, m_guid, m_maintainer, m_secret; |
|
|
+ uint32_t m_inTransfer; |
|
|
+}; |
|
|
+ |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+extern nepenthes::Nepenthes *g_Nepenthes; |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-norman/Makefile.am nepenthes-0.2.0-r1345/modules/submit-norman/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/submit-norman/Makefile.am 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-norman/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -12,4 +12,4 @@ |
|
|
|
|
|
submitnorman_la_SOURCES = submit-norman.conf.dist submit-norman.hpp submit-norman.cpp |
|
|
|
|
|
-submitnorman_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+submitnorman_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-norman/submit-norman.conf.dist nepenthes-0.2.0-r1345/modules/submit-norman/submit-norman.conf.dist |
|
|
--- nepenthes-0.2.0/modules/submit-norman/submit-norman.conf.dist 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-norman/submit-norman.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -1,8 +1,8 @@ |
|
|
submit-norman |
|
|
{ |
|
|
// this is the adress where norman sandbox reports will be sent |
|
|
- email "malware@mac.com"; |
|
|
- urls ("http://sandbox.norman.no/live_4.html", |
|
|
+ email "nsbx@mwcollect.org"; |
|
|
+ urls ("http://www.norman.com/microsites/nsic/Submit/Special/45773/", |
|
|
"http://luigi.informatik.uni-mannheim.de/submit.php?action=verify"); |
|
|
|
|
|
}; |
|
|
diff -ruN nepenthes-0.2.0/modules/submit-postgres/Makefile.am nepenthes-0.2.0-r1345/modules/submit-postgres/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/submit-postgres/Makefile.am 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/submit-postgres/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -13,5 +13,6 @@ |
|
|
submitpostgres_la_SOURCES = submit-postgres.cpp submit-postgres.hpp |
|
|
submitpostgres_la_SOURCES += PGDownloadContext.cpp PGDownloadContext.hpp |
|
|
submitpostgres_la_SOURCES += bencoding.c bencoding.h |
|
|
+submitpostgres_la_SOURCES += submit-postgres.conf.dist |
|
|
|
|
|
submitpostgres_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-asn1/IISDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-asn1/IISDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-asn1/IISDialogue.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-asn1/IISDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -43,6 +43,9 @@ |
|
|
|
|
|
#include "Socket.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -79,7 +82,7 @@ |
|
|
case IIS_POST: |
|
|
case IIS_GET: |
|
|
logWarn("Unknown IIS %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
break; |
|
|
|
|
|
case IIS_SEARCH: |
|
|
@@ -102,7 +105,7 @@ |
|
|
ConsumeLevel IISDialogue::incomingData(Message *msg) |
|
|
{ |
|
|
m_Buffer->add(msg->getMsg(),msg->getSize()); |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+// HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
|
|
|
// FIXME this can only recognize urldownloadtofile foobar |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-asn1/SMBDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-asn1/SMBDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-asn1/SMBDialogue.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-asn1/SMBDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -43,8 +43,13 @@ |
|
|
#include "Utilities.hpp" |
|
|
#include "ShellcodeManager.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#include "vuln-asn1.hpp" |
|
|
|
|
|
+ |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -227,5 +232,5 @@ |
|
|
void SMBDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","ASN1_SMB",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-bagle/BagleDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-bagle/BagleDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-bagle/BagleDialogue.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-bagle/BagleDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -124,7 +124,7 @@ |
|
|
} |
|
|
|
|
|
logCrit("Unknown Bagle Auth (%i)\n",m_Buffer->getSize()); |
|
|
- g_Nepenthes->getUtilities()->hexdump(l_crit | STDTAGS ,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(l_crit | STDTAGS ,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
if (m_Buffer->getSize() > 128 ) |
|
|
return CL_DROP; |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-bagle/Makefile.am nepenthes-0.2.0-r1345/modules/vuln-bagle/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/vuln-bagle/Makefile.am 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-bagle/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -6,7 +6,6 @@ |
|
|
|
|
|
AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE |
|
|
AM_CXXFLAGS = -Wall -Werror |
|
|
-AM_LDFLAGS = -lpcre |
|
|
|
|
|
pkglib_LTLIBRARIES = vulnbagle.la |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-dameware/DWDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-dameware/DWDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-dameware/DWDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-dameware/DWDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -48,6 +48,9 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -209,5 +212,5 @@ |
|
|
void DWDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","DameWare",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-dcom/DCOMDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-dcom/DCOMDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-dcom/DCOMDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-dcom/DCOMDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -39,6 +39,10 @@ |
|
|
#include "Utilities.hpp" |
|
|
|
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -234,5 +238,5 @@ |
|
|
void DCOMDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","DCOM",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-ftpd/vuln-ftpd.cpp nepenthes-0.2.0-r1345/modules/vuln-ftpd/vuln-ftpd.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-ftpd/vuln-ftpd.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-ftpd/vuln-ftpd.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -55,6 +55,9 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -220,7 +223,7 @@ |
|
|
uint32_t i = 0; |
|
|
bool buffercut=false; |
|
|
|
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *) m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *) m_Buffer->getData(),m_Buffer->getSize()); |
|
|
while ( i < m_Buffer->getSize() ) |
|
|
{ |
|
|
buffercut = false; |
|
|
@@ -418,7 +421,7 @@ |
|
|
void FTPdDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown exploit %i bytes \n",m_Shellcode->getSize()); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Shellcode->getData(), m_Shellcode->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Shellcode->getData(), m_Shellcode->getSize()); |
|
|
} |
|
|
|
|
|
ftp_exploit FTPdDialogue::identExploit(string line) |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-iis/IISDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-iis/IISDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-iis/IISDialogue.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-iis/IISDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,9 @@ |
|
|
#include "Message.hpp" |
|
|
#include "Message.cpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -85,7 +88,7 @@ |
|
|
case IIS_NULL: |
|
|
case IIS_SSL: |
|
|
logWarn("Unknown IIS SSL exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
break; |
|
|
|
|
|
case IIS_DONE: |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-lsass/LSASSDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-lsass/LSASSDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-lsass/LSASSDialogue.cpp 2006-11-13 20:40:11.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-lsass/LSASSDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -46,6 +46,8 @@ |
|
|
#include "Buffer.hpp" |
|
|
#include "Buffer.cpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -281,6 +283,6 @@ |
|
|
void LSASSDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","LSASS",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-msdtc/MSDTCDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-msdtc/MSDTCDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-msdtc/MSDTCDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-msdtc/MSDTCDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -38,6 +38,8 @@ |
|
|
#include "ShellcodeManager.hpp" |
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -181,5 +183,5 @@ |
|
|
void MSDTCDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","MSDTC",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-msmq/MSMQDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-msmq/MSMQDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-msmq/MSMQDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-msmq/MSMQDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -43,6 +43,8 @@ |
|
|
#include "Nepenthes.hpp" |
|
|
#include "LogManager.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
using namespace nepenthes; |
|
|
|
|
|
@@ -73,7 +75,7 @@ |
|
|
case MSMQ_NULL: |
|
|
case MSMQ_SHELLCODE: |
|
|
logWarn("Unknown MSMQ exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
break; |
|
|
|
|
|
case MSMQ_DONE: |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-mssql/MSSQLDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-mssql/MSSQLDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-mssql/MSSQLDialogue.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-mssql/MSSQLDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -41,6 +41,9 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -115,7 +118,7 @@ |
|
|
} |
|
|
else |
|
|
{ // hexdump it |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte*)msg->getMsg(),msg->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte*)msg->getMsg(),msg->getSize()); |
|
|
|
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-netbiosname/SMBNameDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-netbiosname/SMBNameDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-netbiosname/SMBNameDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-netbiosname/SMBNameDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,8 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -146,7 +148,7 @@ |
|
|
case SMBName_NEGOTIATE: |
|
|
case SMBName_NULL: |
|
|
logWarn("Unknown SMBName exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
-// g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+// HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
break; |
|
|
|
|
|
|
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-netdde/NETDDEDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-netdde/NETDDEDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-netdde/NETDDEDialogue.cpp 2006-11-13 20:40:05.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-netdde/NETDDEDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,8 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -201,5 +203,5 @@ |
|
|
void NETDDEDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown NETDDE exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-optix/Makefile.am nepenthes-0.2.0-r1345/modules/vuln-optix/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/vuln-optix/Makefile.am 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-optix/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -12,4 +12,4 @@ |
|
|
|
|
|
vulnoptix_la_SOURCES = vuln-optix.conf.dist OPTIXBindDialogue.hpp OPTIXDownloadDialogue.hpp OPTIXDownloadHandler.hpp OPTIXShellDialogue.hpp vuln-optix.hpp OPTIXBindDialogue.cpp OPTIXDownloadDialogue.cpp OPTIXDownloadHandler.cpp OPTIXShellDialogue.cpp vuln-optix.cpp |
|
|
|
|
|
-vulnoptix_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+vulnoptix_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-optix/OPTIXShellDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-optix/OPTIXShellDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-optix/OPTIXShellDialogue.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-optix/OPTIXShellDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -107,7 +107,7 @@ |
|
|
case OPTIX_AUTHED: |
|
|
if (m_Buffer->getSize() >= 6) |
|
|
{ |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
// we could do this with pcre ... |
|
|
if (memcmp(m_Buffer->getData(),"019<EFBFBD>\r\n",6) == 0) |
|
|
{ |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-pnp/PNPDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-pnp/PNPDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-pnp/PNPDialogue.cpp 2006-11-13 20:40:08.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-pnp/PNPDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -47,6 +47,8 @@ |
|
|
#include "Buffer.hpp" |
|
|
#include "Buffer.cpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -276,5 +278,5 @@ |
|
|
void PNPDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown %s Shellcode (Buffer %i bytes) (State %i)\n","PNP",m_Buffer->getSize(),m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-realvnc/vuln-realvnc.cpp nepenthes-0.2.0-r1345/modules/vuln-realvnc/vuln-realvnc.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-realvnc/vuln-realvnc.cpp 2006-11-13 20:40:07.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-realvnc/vuln-realvnc.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -246,7 +246,7 @@ |
|
|
{ |
|
|
|
|
|
logSpam("VNC_HANDSHAKE\n"); |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
if (m_Buffer->getSize() >= strlen(rfb_version_003_008) && |
|
|
memcmp(m_Buffer->getData(),rfb_version_003_008,strlen(rfb_version_003_008)) == 0) |
|
|
{ |
|
|
@@ -262,7 +262,7 @@ |
|
|
if ( m_State == VNC_AUTH) |
|
|
{ |
|
|
logSpam("VNC_AUTH\n"); |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
if (m_Buffer->getSize() >= 1 ) |
|
|
{ |
|
|
if (1)// *(char *) (m_Buffer->getData()) == 1) |
|
|
@@ -546,7 +546,7 @@ |
|
|
|
|
|
case 6: |
|
|
logSpam("ClientReq: CutEvent\n"); |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)m_Buffer->getData(),m_Buffer->getSize()); |
|
|
if (m_Buffer->getSize() >= 8 ) |
|
|
{ |
|
|
uint32_t cpbytes; |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-sasserftpd/SasserFTPDDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,8 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -219,5 +221,5 @@ |
|
|
void SasserFTPDDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown SasserFTPD exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-sav/Makefile.am nepenthes-0.2.0-r1345/modules/vuln-sav/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/vuln-sav/Makefile.am 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-sav/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,14 @@ |
|
|
+# nepenthes module Makefile |
|
|
+# Paul Baecher, Maximillian Dornseif, Markus Koetter |
|
|
+# $Id$ |
|
|
+ |
|
|
+AUTOMAKE_OPTIONS = foreign |
|
|
+ |
|
|
+AM_CPPFLAGS = -I$(top_srcdir)/nepenthes-core/include -I$(top_srcdir)/nepenthes-core/src -pipe -D _GNU_SOURCE |
|
|
+AM_CXXFLAGS = -Wall -Werror |
|
|
+ |
|
|
+pkglib_LTLIBRARIES = vulnsav.la |
|
|
+ |
|
|
+vulnsav_la_SOURCES = vuln-sav.cpp vuln-sav.hpp |
|
|
+ |
|
|
+vulnsav_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-sav/vuln-sav.cpp nepenthes-0.2.0-r1345/modules/vuln-sav/vuln-sav.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-sav/vuln-sav.cpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-sav/vuln-sav.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,278 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id$ */ |
|
|
+ |
|
|
+#include <ctype.h> |
|
|
+ |
|
|
+#include "vuln-sav.hpp" |
|
|
+ |
|
|
+#include "SocketManager.hpp" |
|
|
+ |
|
|
+#include "DownloadManager.hpp" |
|
|
+#include "LogManager.hpp" |
|
|
+#include "DialogueFactoryManager.hpp" |
|
|
+ |
|
|
+ |
|
|
+#include "Buffer.hpp" |
|
|
+#include "Buffer.cpp" |
|
|
+ |
|
|
+#include "Message.hpp" |
|
|
+#include "Message.cpp" |
|
|
+ |
|
|
+#include "ShellcodeManager.hpp" |
|
|
+ |
|
|
+#include "Config.hpp" |
|
|
+ |
|
|
+#include "Download.hpp" |
|
|
+ |
|
|
+#ifdef STDTAGS |
|
|
+#undef STDTAGS |
|
|
+#endif |
|
|
+#define STDTAGS l_mod |
|
|
+ |
|
|
+using namespace nepenthes; |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * as we may need a global pointer to our Nepenthes in our modules, |
|
|
+ * and cant access the cores global pointer to nepenthes |
|
|
+ * we have to use a own global pointer to nepenthes per module |
|
|
+ * we need this pointer for logInfo() etc |
|
|
+ */ |
|
|
+Nepenthes *g_Nepenthes; |
|
|
+ |
|
|
+/** |
|
|
+ * The Constructor |
|
|
+ * creates a new VulnSAV Module, |
|
|
+ * VulnSAV is an example for binding a socket & setting up the Dialogue & DialogueFactory |
|
|
+ * |
|
|
+ * |
|
|
+ * it can be used as a shell emu to allow trigger commands |
|
|
+ * |
|
|
+ * |
|
|
+ * sets the following values: |
|
|
+ * - m_DialogueFactoryName |
|
|
+ * - m_DialogueFactoryDescription |
|
|
+ * |
|
|
+ * @param nepenthes the pointer to our Nepenthes |
|
|
+ */ |
|
|
+VulnSAV::VulnSAV(Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ m_ModuleName = "vuln-sav"; |
|
|
+ m_ModuleDescription = "emulate the bug in symantec antivirus product"; |
|
|
+ m_ModuleRevision = "$Rev$"; |
|
|
+ m_Nepenthes = nepenthes; |
|
|
+ |
|
|
+ m_DialogueFactoryName = "SAV Factory"; |
|
|
+ m_DialogueFactoryDescription = "Symantec Antivirus Client Dialogue Factory"; |
|
|
+ |
|
|
+ g_Nepenthes = nepenthes; |
|
|
+} |
|
|
+ |
|
|
+VulnSAV::~VulnSAV() |
|
|
+{ |
|
|
+ |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * Module::Init() |
|
|
+ * |
|
|
+ * binds the port, adds the DialogueFactory to the Socket |
|
|
+ * |
|
|
+ * @return returns true if everything was fine, else false |
|
|
+ * false indicates a fatal error |
|
|
+ */ |
|
|
+bool VulnSAV::Init() |
|
|
+{ |
|
|
+/* if ( m_Config == NULL ) |
|
|
+ { |
|
|
+ logCrit("I need a config\n"); |
|
|
+ return false; |
|
|
+ } |
|
|
+*/ |
|
|
+ m_Nepenthes->getSocketMgr()->bindTCPSocket(0,2967,0,30,this); |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+bool VulnSAV::Exit() |
|
|
+{ |
|
|
+ return true; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * DialogueFactory::createDialogue(Socket *) |
|
|
+ * |
|
|
+ * creates a new SAVDialogue |
|
|
+ * |
|
|
+ * @param socket the socket the DIalogue has to use, can be NULL if the Dialogue can handle it |
|
|
+ * |
|
|
+ * @return returns the new created dialogue |
|
|
+ */ |
|
|
+Dialogue *VulnSAV::createDialogue(Socket *socket) |
|
|
+{ |
|
|
+ return new SAVDialogue(socket); |
|
|
+// return g_Nepenthes->getFactoryMgr()->getFactory("WinNTShell DialogueFactory")->createDialogue(socket); |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::Dialogue(Socket *) |
|
|
+ * construktor for the SAVDialogue, creates a new SAVDialogue |
|
|
+ * |
|
|
+ * replies some crap to the socket |
|
|
+ * |
|
|
+ * @param socket the Socket the Dialogue has to use |
|
|
+ */ |
|
|
+SAVDialogue::SAVDialogue(Socket *socket) |
|
|
+{ |
|
|
+ m_Socket = socket; |
|
|
+ m_DialogueName = "SAVDialogue"; |
|
|
+ m_DialogueDescription = "Symantec Antivirus Dialogue"; |
|
|
+ |
|
|
+ m_ConsumeLevel = CL_ASSIGN; |
|
|
+ |
|
|
+ m_Buffer = new Buffer(512); |
|
|
+} |
|
|
+ |
|
|
+SAVDialogue::~SAVDialogue() |
|
|
+{ |
|
|
+ delete m_Buffer; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::incomingData(Message *) |
|
|
+ * |
|
|
+ * a small and ugly shell where we can use |
|
|
+ * "download protocol://localction:port/path/to/file |
|
|
+ * to trigger a download |
|
|
+ * |
|
|
+ * @param msg the Message the Socker received. |
|
|
+ * |
|
|
+ * |
|
|
+ * @return CL_ASSIGN |
|
|
+ */ |
|
|
+ConsumeLevel SAVDialogue::incomingData(Message *msg) |
|
|
+{ |
|
|
+ |
|
|
+ m_Buffer->add(msg->getMsg(),msg->getSize()); |
|
|
+ |
|
|
+ if ( m_Buffer->getSize() > 0xcd0 ) |
|
|
+ { |
|
|
+ Message *Msg = new Message((char *)m_Buffer->getData(), m_Buffer->getSize(),m_Socket->getLocalPort(), m_Socket->getRemotePort(), |
|
|
+ m_Socket->getLocalHost(), m_Socket->getRemoteHost(), m_Socket, m_Socket); |
|
|
+ sch_result sch; |
|
|
+ sch = g_Nepenthes->getShellcodeMgr()->handleShellcode(&Msg); |
|
|
+ delete Msg; |
|
|
+ |
|
|
+ if ( sch == SCH_DONE ) |
|
|
+ { |
|
|
+ m_Buffer->clear(); |
|
|
+ return CL_ASSIGN_AND_DONE; |
|
|
+ } |
|
|
+ |
|
|
+ } |
|
|
+ |
|
|
+ return CL_ASSIGN; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::outgoingData(Message *) |
|
|
+ * as we are not interested in these socket actions |
|
|
+ * we simply return CL_DROP to show the socket |
|
|
+ * |
|
|
+ * @param msg |
|
|
+ * |
|
|
+ * @return CL_DROP |
|
|
+ */ |
|
|
+ConsumeLevel SAVDialogue::outgoingData(Message *msg) |
|
|
+{ |
|
|
+ return CL_ASSIGN; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::handleTimeout(Message *) |
|
|
+ * as we are not interested in these socket actions |
|
|
+ * we simply return CL_DROP to show the socket |
|
|
+ * |
|
|
+ * @param msg |
|
|
+ * |
|
|
+ * @return CL_DROP |
|
|
+ */ |
|
|
+ConsumeLevel SAVDialogue::handleTimeout(Message *msg) |
|
|
+{ |
|
|
+ return CL_DROP; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::connectionLost(Message *) |
|
|
+ * as we are not interested in these socket actions |
|
|
+ * we simply return CL_DROP to show the socket |
|
|
+ * |
|
|
+ * @param msg |
|
|
+ * |
|
|
+ * @return CL_DROP |
|
|
+ */ |
|
|
+ConsumeLevel SAVDialogue::connectionLost(Message *msg) |
|
|
+{ |
|
|
+ return CL_DROP; |
|
|
+} |
|
|
+ |
|
|
+/** |
|
|
+ * Dialogue::connectionShutdown(Message *) |
|
|
+ * as we are not interested in these socket actions |
|
|
+ * we simply return CL_DROP to show the socket |
|
|
+ * |
|
|
+ * @param msg |
|
|
+ * |
|
|
+ * @return CL_DROP |
|
|
+ */ |
|
|
+ConsumeLevel SAVDialogue::connectionShutdown(Message *msg) |
|
|
+{ |
|
|
+ return CL_DROP; |
|
|
+} |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+extern "C" int32_t module_init(int32_t version, Module **module, Nepenthes *nepenthes) |
|
|
+{ |
|
|
+ if ( version == MODULE_IFACE_VERSION ) |
|
|
+ { |
|
|
+ *module = new VulnSAV(nepenthes); |
|
|
+ return (1); |
|
|
+ } else |
|
|
+ { |
|
|
+ return (0); |
|
|
+ } |
|
|
+} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-sav/vuln-sav.hpp nepenthes-0.2.0-r1345/modules/vuln-sav/vuln-sav.hpp |
|
|
--- nepenthes-0.2.0/modules/vuln-sav/vuln-sav.hpp 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-sav/vuln-sav.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,72 @@ |
|
|
+/******************************************************************************** |
|
|
+ * Nepenthes |
|
|
+ * - finest collection - |
|
|
+ * |
|
|
+ * |
|
|
+ * |
|
|
+ * Copyright (C) 2005 Paul Baecher & Markus Koetter |
|
|
+ * |
|
|
+ * This program is free software; you can redistribute it and/or |
|
|
+ * modify it under the terms of the GNU General Public License |
|
|
+ * as published by the Free Software Foundation; either version 2 |
|
|
+ * of the License, or (at your option) any later version. |
|
|
+ * |
|
|
+ * This program is distributed in the hope that it will be useful, |
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
|
+ * GNU General Public License for more details. |
|
|
+ * |
|
|
+ * You should have received a copy of the GNU General Public License |
|
|
+ * along with this program; if not, write to the Free Software |
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
|
|
+ * |
|
|
+ * |
|
|
+ * contact nepenthesdev@users.sourceforge.net |
|
|
+ * |
|
|
+ *******************************************************************************/ |
|
|
+ |
|
|
+ /* $Id$ */ |
|
|
+ |
|
|
+#include "DialogueFactory.hpp" |
|
|
+#include "Module.hpp" |
|
|
+#include "ModuleManager.hpp" |
|
|
+#include "SocketManager.hpp" |
|
|
+#include "Nepenthes.hpp" |
|
|
+#include "Dialogue.hpp" |
|
|
+#include "Socket.hpp" |
|
|
+ |
|
|
+using namespace std; |
|
|
+ |
|
|
+namespace nepenthes |
|
|
+{ |
|
|
+ |
|
|
+ class Buffer; |
|
|
+ |
|
|
+ class VulnSAV : public Module , public DialogueFactory |
|
|
+ { |
|
|
+ public: |
|
|
+ VulnSAV(Nepenthes *); |
|
|
+ ~VulnSAV(); |
|
|
+ Dialogue *createDialogue(Socket *socket); |
|
|
+ bool Init(); |
|
|
+ bool Exit(); |
|
|
+ }; |
|
|
+ |
|
|
+ class SAVDialogue : public Dialogue |
|
|
+ { |
|
|
+ public: |
|
|
+ SAVDialogue(Socket *socket); |
|
|
+ ~SAVDialogue(); |
|
|
+ ConsumeLevel incomingData(Message *msg); |
|
|
+ ConsumeLevel outgoingData(Message *msg); |
|
|
+ ConsumeLevel handleTimeout(Message *msg); |
|
|
+ ConsumeLevel connectionLost(Message *msg); |
|
|
+ ConsumeLevel connectionShutdown(Message *msg); |
|
|
+ |
|
|
+ protected: |
|
|
+ Buffer *m_Buffer; |
|
|
+ |
|
|
+ }; |
|
|
+ |
|
|
+} |
|
|
+extern nepenthes::Nepenthes *g_Nepenthes; |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-sav/x-2.conf.dist nepenthes-0.2.0-r1345/modules/vuln-sav/x-2.conf.dist |
|
|
--- nepenthes-0.2.0/modules/vuln-sav/x-2.conf.dist 1970-01-01 01:00:00.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-sav/x-2.conf.dist 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -0,0 +1,5 @@ |
|
|
+x-2 |
|
|
+{ |
|
|
+ ports ("10002"); |
|
|
+ accepttimeout "45"; |
|
|
+}; |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-ssh/Makefile.am nepenthes-0.2.0-r1345/modules/vuln-ssh/Makefile.am |
|
|
--- nepenthes-0.2.0/modules/vuln-ssh/Makefile.am 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-ssh/Makefile.am 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -10,6 +10,6 @@ |
|
|
|
|
|
pkglib_LTLIBRARIES = vulnssh.la |
|
|
|
|
|
-vulnssh_la_SOURCES = vuln-ssh.cpp vuln-ssh.hpp SSHSocket.cpp SSHSocket.hpp SSHDialogue.cpp SSHDialogue.hpp vuln-ssh.conf.dist |
|
|
+vulnssh_la_SOURCES = vuln-ssh.cpp vuln-ssh.hpp SSHSocket.cpp SSHSocket.hpp SSHDialogue.cpp SSHDialogue.hpp |
|
|
|
|
|
-vulnssh_la_LDFLAGS = -module -no-undefined -avoid-version |
|
|
+vulnssh_la_LDFLAGS = -module -no-undefined -avoid-version $(AM_LDFLAGS) |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-upnp/UPNPDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-upnp/UPNPDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-upnp/UPNPDialogue.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-upnp/UPNPDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,8 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -190,5 +192,5 @@ |
|
|
void UPNPDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown UPNP exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-veritas/VERITASDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-veritas/VERITASDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-veritas/VERITASDialogue.cpp 2006-11-13 20:40:09.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-veritas/VERITASDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -49,6 +49,8 @@ |
|
|
|
|
|
#include "Utilities.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
|
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
@@ -98,7 +100,7 @@ |
|
|
m_Buffer->add(msg->getMsg(),msg->getSize()); |
|
|
|
|
|
logInfo("Traffic for VERITAS (%i bytes)\n",msg->getSize()); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS|l_warn,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+// g_Nepenthes->getUtilities()->hexdump(STDTAGS|l_warn,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
|
|
|
/* |
|
|
switch (m_State) |
|
|
@@ -189,5 +191,5 @@ |
|
|
void VERITASDialogue::dump() |
|
|
{ |
|
|
logWarn("Unknown VERITAS exploit %i bytes State %i\n",m_Buffer->getSize(), m_State); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/vuln-wins/WINSDialogue.cpp nepenthes-0.2.0-r1345/modules/vuln-wins/WINSDialogue.cpp |
|
|
--- nepenthes-0.2.0/modules/vuln-wins/WINSDialogue.cpp 2006-11-13 20:40:10.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/vuln-wins/WINSDialogue.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -41,6 +41,9 @@ |
|
|
|
|
|
#include "Socket.hpp" |
|
|
|
|
|
+#include "EventManager.hpp" |
|
|
+#include "SocketEvent.hpp" |
|
|
+ |
|
|
#ifdef STDTAGS |
|
|
#undef STDTAGS |
|
|
#endif |
|
|
@@ -123,5 +126,5 @@ |
|
|
{ |
|
|
|
|
|
logWarn("WINS unknown shellcode %i bytes State 0\n",m_Buffer->getSize()); |
|
|
- g_Nepenthes->getUtilities()->hexdump(STDTAGS,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
+ HEXDUMP(m_Socket,(byte *) m_Buffer->getData(), m_Buffer->getSize()); |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/modules/x-4/x-4.cpp nepenthes-0.2.0-r1345/modules/x-4/x-4.cpp |
|
|
--- nepenthes-0.2.0/modules/x-4/x-4.cpp 2006-11-13 20:40:11.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/modules/x-4/x-4.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -118,7 +118,7 @@ |
|
|
*/ |
|
|
void X4::Submit(Download *down) |
|
|
{ |
|
|
- m_Nepenthes->getUtilities()->hexdump((byte *)down->getDownloadBuffer()->getData(),down->getDownloadBuffer()->getSize()); |
|
|
+// m_Nepenthes->getUtilities()->hexdump((byte *)down->getDownloadBuffer()->getData(),down->getDownloadBuffer()->getSize()); |
|
|
} |
|
|
|
|
|
/** |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/include/DNSQuery.hpp nepenthes-0.2.0-r1345/nepenthes-core/include/DNSQuery.hpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/include/DNSQuery.hpp 2006-11-13 20:40:01.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/include/DNSQuery.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -56,6 +56,7 @@ |
|
|
virtual ~DNSQuery(); |
|
|
|
|
|
virtual DNSCallback *getCallback(); |
|
|
+ virtual void cancelCallback(); |
|
|
virtual string getDNS(); |
|
|
virtual uint16_t getQueryType(); |
|
|
virtual void *getObject(); |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/include/Event.hpp nepenthes-0.2.0-r1345/nepenthes-core/include/Event.hpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/include/Event.hpp 2006-11-13 20:40:01.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/include/Event.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -71,6 +71,8 @@ |
|
|
|
|
|
#define EV_SHELLCODE_DONE 24 |
|
|
|
|
|
+#define EV_HEXDUMP 25 |
|
|
+ |
|
|
class Event |
|
|
{ |
|
|
public: |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/include/SocketEvent.hpp nepenthes-0.2.0-r1345/nepenthes-core/include/SocketEvent.hpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/include/SocketEvent.hpp 2006-11-13 20:40:01.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/include/SocketEvent.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -137,5 +137,50 @@ |
|
|
Dialogue *m_Dialogue; |
|
|
}; |
|
|
|
|
|
+#ifdef HAVE_DEBUG_LOGGING |
|
|
+#define HEXDUMP(socket,data,size) \ |
|
|
+{ \ |
|
|
+ HexdumpEvent *he = new HexdumpEvent(socket,data,size); \ |
|
|
+ g_Nepenthes->getEventMgr()->handleEvent(he); \ |
|
|
+ delete he; \ |
|
|
+} |
|
|
+#else // HAVE_DEBUG_LOGGING |
|
|
+#define HEXDUMP(socket,data,size) |
|
|
+#endif // HAVE_DEBUG_LOGGING |
|
|
+ |
|
|
+ |
|
|
+ |
|
|
+ class HexdumpEvent : public Event |
|
|
+ { |
|
|
+ public: |
|
|
+ HexdumpEvent(Socket *s, void *data, uint32_t size) |
|
|
+ { |
|
|
+ m_EventType = EV_HEXDUMP; |
|
|
+ m_Socket = s; |
|
|
+ m_Size = size; |
|
|
+ m_Data = data; |
|
|
+ } |
|
|
+ |
|
|
+ virtual Socket *getSocket() |
|
|
+ { |
|
|
+ return m_Socket; |
|
|
+ } |
|
|
+ |
|
|
+ virtual void *getData() |
|
|
+ { |
|
|
+ return m_Data; |
|
|
+ } |
|
|
+ |
|
|
+ virtual uint32_t getSize() |
|
|
+ { |
|
|
+ return m_Size; |
|
|
+ } |
|
|
+ |
|
|
+ private: |
|
|
+ Socket *m_Socket; |
|
|
+ void *m_Data; |
|
|
+ uint32_t m_Size; |
|
|
+ }; |
|
|
+ |
|
|
|
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/include/Utilities.hpp nepenthes-0.2.0-r1345/nepenthes-core/include/Utilities.hpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/include/Utilities.hpp 2006-11-13 20:40:01.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/include/Utilities.hpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -130,10 +130,10 @@ |
|
|
void MD5Init(struct MD5Context *context); |
|
|
void MD5Update(struct MD5Context *context, unsigned char const *buf,unsigned len); |
|
|
void MD5Final(unsigned char digest[16], struct MD5Context *context); |
|
|
- |
|
|
+/* |
|
|
virtual void hexdump(byte *data, uint32_t len); |
|
|
virtual void hexdump(uint32_t mask, byte *data, uint32_t len); |
|
|
- |
|
|
+*/ |
|
|
virtual unsigned char *b64encode_alloc(unsigned char *in); |
|
|
virtual unsigned char *b64encode_alloc(unsigned char *in, int32_t inlen); |
|
|
virtual unsigned char *b64decode_alloc(unsigned char *in); |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/DNSQuery.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/DNSQuery.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/DNSQuery.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/DNSQuery.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -54,6 +54,15 @@ |
|
|
return m_Callback; |
|
|
} |
|
|
|
|
|
+ |
|
|
+/** |
|
|
+ * chancel the callback |
|
|
+ */ |
|
|
+void DNSQuery::cancelCallback() |
|
|
+{ |
|
|
+ m_Callback = NULL; |
|
|
+} |
|
|
+ |
|
|
/** |
|
|
* get the dns to resolve |
|
|
* |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/DNSResult.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/DNSResult.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/DNSResult.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/DNSResult.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -89,7 +89,7 @@ |
|
|
while ( test->i != -1 ) |
|
|
{ |
|
|
m_TXT.append(test->str,test->i); |
|
|
- g_Nepenthes->getUtilities()->hexdump((byte *)test->str,test->i); |
|
|
+// g_Nepenthes->getUtilities()->hexdump((byte *)test->str,test->i); |
|
|
test++; |
|
|
} |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/LogManager.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/LogManager.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/LogManager.cpp 2006-11-13 20:40:02.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/LogManager.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -146,7 +146,7 @@ |
|
|
{ |
|
|
if ( m_Loggers.size() == 0) |
|
|
{ |
|
|
- printf("%s",message); |
|
|
+// printf("%s",message); |
|
|
return; |
|
|
} |
|
|
|
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/Nepenthes.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/Nepenthes.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/Nepenthes.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/Nepenthes.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -43,6 +43,8 @@ |
|
|
#include <dirent.h> |
|
|
#include <sys/utsname.h> |
|
|
#include <ctype.h> |
|
|
+#include <errno.h> |
|
|
+#include <string.h> |
|
|
|
|
|
#ifdef HAVE_LIBCAP |
|
|
#undef _POSIX_SOURCE |
|
|
@@ -211,7 +213,7 @@ |
|
|
{ "user", 1, 0, 'u' }, |
|
|
{ "version", 0, 0, 'V' }, |
|
|
{ "verbose", 0, 0, 'v' }, |
|
|
- { "workingdir", 0, 0, 'w' }, |
|
|
+ { "workingdir", 1, 0, 'w' }, |
|
|
{ 0, 0, 0, 0 } |
|
|
}; |
|
|
|
|
|
@@ -370,26 +372,27 @@ |
|
|
|
|
|
|
|
|
|
|
|
+ m_LogManager->registerTag(l_crit, "crit"); |
|
|
+ m_LogManager->registerTag(l_warn, "warn"); |
|
|
+ m_LogManager->registerTag(l_debug, "debug"); |
|
|
+ m_LogManager->registerTag(l_info, "info"); |
|
|
+ m_LogManager->registerTag(l_spam, "spam"); |
|
|
+ m_LogManager->registerTag(l_net, "net"); |
|
|
+ m_LogManager->registerTag(l_script, "script"); |
|
|
+ m_LogManager->registerTag(l_shell, "shell"); |
|
|
+ m_LogManager->registerTag(l_mem, "mem"); |
|
|
+ m_LogManager->registerTag(l_sc, "sc"); |
|
|
+ m_LogManager->registerTag(l_dl, "down"); |
|
|
+ m_LogManager->registerTag(l_mgr, "mgr"); |
|
|
+ m_LogManager->registerTag(l_hlr, "handler"); |
|
|
+ m_LogManager->registerTag(l_dia, "dia"); |
|
|
+ m_LogManager->registerTag(l_sub, "submit"); |
|
|
+ m_LogManager->registerTag(l_ev, "event"); |
|
|
+ m_LogManager->registerTag(l_mod, "module"); |
|
|
+ m_LogManager->registerTag(l_stdtag, "fixme"); |
|
|
+ |
|
|
if ( opt.m_runMode != runFileCheck || opt.m_verbose ) |
|
|
{ |
|
|
- m_LogManager->registerTag(l_crit, "crit"); |
|
|
- m_LogManager->registerTag(l_warn, "warn"); |
|
|
- m_LogManager->registerTag(l_debug, "debug"); |
|
|
- m_LogManager->registerTag(l_info, "info"); |
|
|
- m_LogManager->registerTag(l_spam, "spam"); |
|
|
- m_LogManager->registerTag(l_net, "net"); |
|
|
- m_LogManager->registerTag(l_script, "script"); |
|
|
- m_LogManager->registerTag(l_shell, "shell"); |
|
|
- m_LogManager->registerTag(l_mem, "mem"); |
|
|
- m_LogManager->registerTag(l_sc, "sc"); |
|
|
- m_LogManager->registerTag(l_dl, "down"); |
|
|
- m_LogManager->registerTag(l_mgr, "mgr"); |
|
|
- m_LogManager->registerTag(l_hlr, "handler"); |
|
|
- m_LogManager->registerTag(l_dia, "dia"); |
|
|
- m_LogManager->registerTag(l_sub, "submit"); |
|
|
- m_LogManager->registerTag(l_ev, "event"); |
|
|
- m_LogManager->registerTag(l_mod, "module"); |
|
|
- m_LogManager->registerTag(l_stdtag, "fixme"); |
|
|
|
|
|
if ( opt.m_consoleTags ) |
|
|
m_LogManager->addLogger(new ConsoleLogger(m_LogManager), m_LogManager->parseTagString(opt.m_consoleTags)); |
|
|
@@ -460,52 +463,53 @@ |
|
|
return 0; |
|
|
|
|
|
|
|
|
- if ( opt.m_ringLogger == true ) |
|
|
+ if ( opt.m_runMode != runFileCheck || opt.m_verbose ) |
|
|
{ |
|
|
- string rlpath; |
|
|
- try |
|
|
- { |
|
|
- rlpath = m_Config->getValString("nepenthes.logmanager.ring_logging_file"); |
|
|
- } |
|
|
- catch ( ... ) |
|
|
+ |
|
|
+ if ( opt.m_ringLogger == true ) |
|
|
{ |
|
|
- logCrit("Could not find nepenthes.logmanager.ring_logging_file in Config\n"); |
|
|
- return false; |
|
|
- } |
|
|
+ string rlpath; |
|
|
+ try |
|
|
+ { |
|
|
+ rlpath = m_Config->getValString("nepenthes.logmanager.ring_logging_file"); |
|
|
+ } catch ( ... ) |
|
|
+ { |
|
|
+ logCrit("Could not find nepenthes.logmanager.ring_logging_file in Config\n"); |
|
|
+ return (false); |
|
|
+ } |
|
|
|
|
|
|
|
|
- RingFileLogger *fl = new RingFileLogger(m_LogManager); |
|
|
+ RingFileLogger *fl = new RingFileLogger(m_LogManager); |
|
|
|
|
|
- fl->setLogFileFormat((char *)rlpath.c_str()); |
|
|
- fl->setMaxFiles(5); |
|
|
- fl->setMaxSize(1024 * 1024); |
|
|
+ fl->setLogFileFormat((char *)rlpath.c_str()); |
|
|
+ fl->setMaxFiles(5); |
|
|
+ fl->setMaxSize(1024 * 1024); |
|
|
|
|
|
- if ( opt.m_diskTags ) |
|
|
- m_LogManager->addLogger(fl, m_LogManager->parseTagString(opt.m_diskTags)); |
|
|
- else |
|
|
- m_LogManager->addLogger(fl, l_all); |
|
|
+ if ( opt.m_diskTags ) |
|
|
+ m_LogManager->addLogger(fl, m_LogManager->parseTagString(opt.m_diskTags)); |
|
|
+ else |
|
|
+ m_LogManager->addLogger(fl, l_all); |
|
|
|
|
|
- } |
|
|
- else |
|
|
- { |
|
|
- string flpath; |
|
|
- try |
|
|
- { |
|
|
- flpath = m_Config->getValString("nepenthes.logmanager.file_logging_file"); |
|
|
- } |
|
|
- catch ( ... ) |
|
|
+ } else |
|
|
{ |
|
|
- logCrit("Could not find nepenthes.logmanager.file_logging_file in Config\n"); |
|
|
- return false; |
|
|
- } |
|
|
+ string flpath; |
|
|
+ try |
|
|
+ { |
|
|
+ flpath = m_Config->getValString("nepenthes.logmanager.file_logging_file"); |
|
|
+ } catch ( ... ) |
|
|
+ { |
|
|
+ logCrit("Could not find nepenthes.logmanager.file_logging_file in Config\n"); |
|
|
+ return (false); |
|
|
+ } |
|
|
|
|
|
- FileLogger *fl = new FileLogger(m_LogManager); |
|
|
- fl->setLogFile(flpath.c_str()); |
|
|
- if ( opt.m_diskTags ) |
|
|
- m_LogManager->addLogger(fl, m_LogManager->parseTagString(opt.m_diskTags)); |
|
|
- else |
|
|
- m_LogManager->addLogger(fl, l_all); |
|
|
+ FileLogger *fl = new FileLogger(m_LogManager); |
|
|
+ fl->setLogFile(flpath.c_str()); |
|
|
+ if ( opt.m_diskTags ) |
|
|
+ m_LogManager->addLogger(fl, m_LogManager->parseTagString(opt.m_diskTags)); |
|
|
+ else |
|
|
+ m_LogManager->addLogger(fl, l_all); |
|
|
|
|
|
+ } |
|
|
} |
|
|
|
|
|
if (opt.m_daemonize == true) |
|
|
@@ -665,7 +669,7 @@ |
|
|
struct stat fileinfo; |
|
|
if ( stat((const char*)argv[opti],&fileinfo) != 0 ) |
|
|
{ |
|
|
- printf("failed\n"); |
|
|
+ printf("Could not stat %s: %s", (const char*)argv[opti], strerror(errno)); |
|
|
return -1; |
|
|
} |
|
|
|
|
|
@@ -680,7 +684,10 @@ |
|
|
) |
|
|
|
|
|
{ |
|
|
- unlink(argv[opti]); |
|
|
+ if (unlink(argv[opti]) != 0) |
|
|
+ { |
|
|
+ printf("could not remove file %s (%s)\n",argv[opti],strerror(errno)); |
|
|
+ } |
|
|
} |
|
|
|
|
|
}else |
|
|
@@ -693,7 +700,7 @@ |
|
|
while ( (dirnode = readdir(bindir)) != NULL && m_running == true ) |
|
|
{ |
|
|
|
|
|
-#if !defined(CYGWIN) && !defined(CYGWIN32) &&!defined(__CYGWIN__) || !defined(__CYGWIN32__) |
|
|
+#if defined(d_type_IS_NOT_A_POSIX_SPEC) |
|
|
if ( dirnode->d_type == 8 ) |
|
|
#else |
|
|
if (1) |
|
|
@@ -708,7 +715,10 @@ |
|
|
) |
|
|
|
|
|
{ |
|
|
- unlink(filepath.c_str()); |
|
|
+ if (unlink(filepath.c_str()) != 0) |
|
|
+ { |
|
|
+ printf("could not remove file %s (%s)\n",filepath.c_str(),strerror(errno)); |
|
|
+ } |
|
|
} |
|
|
} |
|
|
} |
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/SocketManager.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/SocketManager.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/SocketManager.cpp 2006-11-13 20:40:03.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/SocketManager.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -273,13 +273,17 @@ |
|
|
} |
|
|
} |
|
|
|
|
|
+ int32_t socketcounter, socketmax; |
|
|
+ socketcounter=0; |
|
|
+ socketmax = m_Sockets.size(); |
|
|
+ |
|
|
int32_t iPollRet = poll(polls,i,50); |
|
|
|
|
|
if (iPollRet != 0) |
|
|
{ |
|
|
// read sockets |
|
|
i=0; |
|
|
- for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(); itSocket++) |
|
|
+ for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(), socketcounter < socketmax ; itSocket++, socketcounter++) |
|
|
{ |
|
|
if ( (*itSocket)->isPolled() == true ) |
|
|
{ |
|
|
@@ -303,7 +307,8 @@ |
|
|
|
|
|
// write sockets |
|
|
i=0; |
|
|
- for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(); itSocket++) |
|
|
+ socketcounter=0; |
|
|
+ for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(), socketcounter < socketmax; itSocket++, socketcounter++) |
|
|
{ |
|
|
if ( (*itSocket)->isPolled() == true ) |
|
|
{ |
|
|
@@ -331,7 +336,8 @@ |
|
|
|
|
|
// accept new, non udp clients as udp does not accept() |
|
|
i=0; |
|
|
- for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(); itSocket++) |
|
|
+ socketcounter=0; |
|
|
+ for (itSocket = m_Sockets.begin();itSocket != m_Sockets.end(), socketcounter < socketmax; itSocket++, socketcounter++) |
|
|
{ |
|
|
|
|
|
|
|
|
diff -ruN nepenthes-0.2.0/nepenthes-core/src/Utilities.cpp nepenthes-0.2.0-r1345/nepenthes-core/src/Utilities.cpp |
|
|
--- nepenthes-0.2.0/nepenthes-core/src/Utilities.cpp 2006-11-13 20:40:02.000000000 +0100 |
|
|
+++ nepenthes-0.2.0-r1345/nepenthes-core/src/Utilities.cpp 2007-08-06 00:46:15.000000000 +0200 |
|
|
@@ -339,7 +339,7 @@ |
|
|
|
|
|
// ENDOF MD5Sum |
|
|
|
|
|
- |
|
|
+/* |
|
|
|
|
|
void Utilities::hexdump(byte *data, uint32_t len) |
|
|
{ |
|
|
@@ -430,7 +430,7 @@ |
|
|
|
|
|
} |
|
|
|
|
|
- |
|
|
+*/ |
|
|
|
|
|
|
|
|
|
|
|
|