new post and updates to layoutHEADmaster

3 files changed, 86 insertions, 3 deletions

diff --git a/source/_posts/2020-09-30-operation-honeypot-02-ftp-impl.md b/source/_posts/2020-09-30-operation-honeypot-02-ftp-impl.md
new file mode 100644
index 0000000..62a415a
--- /dev/null
+++ b/source/_posts/2020-09-30-operation-honeypot-02-ftp-impl.md
@@ -0,0 +1,84 @@
+---
+title: Operation Honeypot - 02 FTP Impl
+date: 2020-09-30 12:53:27
+tags: security
+---
+
+## Intro
+
+In my previous post, we investigated the inner workings of the File Transfer Protocol, at least the subset of commands that we deemed necessary for our purposes. Now we will take that information and implement it in Scala to create our rudimentary honeypot.
+
+I will be leveraging the [Akka](https://akka.io/) and laying out most of the system through their Actor system. This approach will allow many different pieces to run concurrently and give us an excellent basis to extend this honeypot in the future to handle more protocols. To keep this post concise, I won't go into depth about setting up the project or the Akka library's specifics. The entire project exists on my [local git repository](https://git.tylerstonge.com).
+
+## Basic Architecture
+
+At the core of this honeypot, implementation is the idea of having a root Supervisor, which will read a configuration file to create child actors responsible for handling server input for one mock protocol. I chose to use JSON for the configuration file since I'm not too fond of whitespace and curly braces spark joy in me, but if you aren't so inclined, I'm sure switching to YML would be trivial.
+
+### Supervisor
+
+Within the [Supervisor](https://git.tylerstonge.com/honeypot/tree/src/main/scala/com/tylerstonge/honeypot/Supervisor.scala) we can see the looping over configuration file and instantiate of each components, for each component we send ourselves a `MStartComponent` message containing the information necessary to create it, using `self ! MStartComponent(...)`. Most of this is straightforward with the interesting function being `startComponent`. This is where we will extend support for further protocols in the future, but right now only supports FTP.
+
+```scala
+  private def startComponent(msg: MStartComponent) {
+    log.info("starting component :: {}", msg.name)
+    msg.ctype match {
+      case "ftp" => context.actorOf(FtpListener.props(msg.port), name = msg.name)
+      case _ => log.error("unknown component type: ", msg.ctype, msg.name);
+    }
+  }
+```
+
+### FTP Package
+
+Within the FTP Package of our project lies all the real goodness that mimics an FTP server's functionality enough to accept logins and files. The [FtpListener](https://git.tylerstonge.com/honeypot/tree/src/main/scala/com/tylerstonge/honeypot/ftp/FtpListener.scala) is the entry file that is stood up by the Supervisor and is responsible for handling initial FTP connections into our system. Just a quick FYI also, this is configured to run on port 21, just like a real default FTP server, to make it easy for hackers to identify what the server is for, but this may require root privileges depending on your system.
+
+Our `receive` function is where most of the magic happens, which is true for most actors. We can see that most of this is boilerplate stuff for handling a UDP connection. Under the case for the `Connected` message, we are creating a handler, and sending our FTP version `vulnFTPd 2.0.1`. The version string should eventually be configurable and probably accept a list of names it can randomly choose, but for now, it just hardcoded to this value.
+
+
+```scala
+  override def receive: Receive = {
+    case Bound(localAddress) =>
+      log.info("listening on {}", localAddress)
+    case CommandFailed(_: Bind) => context.stop(self)
+    case Connected(_, _) =>
+      val connection = sender()
+      val handler = context.actorOf(FtpHandler.props(connection), name = "handler")
+      connection ! Register(handler)
+      connection ! Write(ByteString.apply("220 (vulnFTPd 2.0.1)\n"))
+  }
+```
+
+Once [FtpHandler](https://git.tylerstonge.com/honeypot/tree/src/main/scala/com/tylerstonge/honeypot/ftp/FtpHandler.scala) is instantiated and registered to handle the connection, it will begin parsing data sent from the client using the `parse` function. Inside this function are all the supported commands, most of which will be familiar to anybody who read the previous post. Most of this information is just output to the console; in the future, it will need to be collected and sent somewhere else (the observant may notice an `add_reporting` branch in the repository).
+
+```scala
+  def parse(msg: Array[String]): String = msg(0) match {
+    case "user" =>
+      log.info("attempted login with username: {}", msg(1))
+      "331 Please specify password.\n"
+    case "pass" =>
+      log.info("attempted login with password: {}", msg(1))
+      "230 Login successful.\n"
+    case "pwd" => "257 \"/\" is the current directory\n"
+    case "quit" => "221 Goodbye.\n"
+    case "pasv" =>
+      log.info("entering passive mode")
+      val r = new Random()
+      val p1 = r.nextInt(200)
+      val p2 = r.nextInt(200)
+      context.actorOf(FtpFileReceiver.props(p1 * 256 + p2, client), name = "passive-connection-" + (p1 * 256 + p2))
+      Thread.sleep(256)
+      "227 entering passive mode (127,0,0,1," + p1 + "," + p2 + ")\n"
+    case "stor" =>
+      log.info("stor: {}", msg(1))
+      "150 File status okay; about to open data connection.\n"
+    case _ =>
+      log.info("unsupported command received: {}", msg.mkString(" "))
+      "451 Requested action aborted. Local error in processing.\n"
+  }
+```
+
+The last piece of this package is the [FtpFileReceiver](https://git.tylerstonge.com/honeypot/tree/src/main/scala/com/tylerstonge/honeypot/ftp/FtpFileReceiver.scala). This component is responsible for handling the passive data connection from a client. You'll remember that the passive connection means the server sends an IP and port for the client to connect to and transfer data. It currently just stores the binaries with a randomly generated UUID in a specific folder on the machine. Eventually, the destination for recieved files will be configurable.
+
+## Outro
+
+Well that is just a current update on the status of my honeypot. As I hinted at before, I have begun adding some reporting features to allow the exporting of events to various other services (discord notifier?!). I will continue work on the FTP aspect of the project, but look forward to another recon post where I will look into implementing a whole new protocol!
\ No newline at end of file
diff --git a/themes/hexo-theme-freemind.bithack/_config.yml b/themes/hexo-theme-freemind.bithack/_config.yml
index 9bf42fa..1969f69 100644
--- a/themes/hexo-theme-freemind.bithack/_config.yml
+++ b/themes/hexo-theme-freemind.bithack/_config.yml
@@ -19,7 +19,7 @@ links:
     url: https://github.com/tylerstonge

     intro: ""

     icon: false

-  - title: local repository

+  - title: Local Repository

     url: http://git.tylerstonge.com

     intro: ""

     icon: false

@@ -44,7 +44,7 @@ favicon: favicon.png
 

 # Analytics (change to yours)

 google_analytics:

-  enable: true

+  enable: false

   siteid: UA-70812759-1

 

 

diff --git a/themes/hexo-theme-freemind.bithack/layout/_partial/sidebar.ejs b/themes/hexo-theme-freemind.bithack/layout/_partial/sidebar.ejs
index 6760acf..472d333 100644
--- a/themes/hexo-theme-freemind.bithack/layout/_partial/sidebar.ejs
+++ b/themes/hexo-theme-freemind.bithack/layout/_partial/sidebar.ejs
@@ -5,6 +5,5 @@
 	<% }); %>

 	<br />

 	<script src="https://tryhackme.com/badge/179611"></script>

-	<img src="http://www.hackthebox.eu/badge/image/389297" alt="Hack The Box">

 	</div> <!-- sidebar -->

 </div> <!-- col-md-3 -->