This is a compact fake pop3 daemon that logs password attacks.
6606163274f3cfc9bf7e8b5a1201ab59ffdc8e9baedab41009ce14200a0d62a3/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id: fake-pop3.c,v 1.2 2012/02/05 17:38:14 james.stevenson Exp $
*
* Author:
* NAME: James Stevenson
* WWW: http://www.stev.org
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <unistd.h>
#include <signal.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
int use_syslog = 0;
int verbose = 0;
int backlog = 5;
int max_attempts = 5;
int delay = 0;
int auth_delay = 3;
void print_help(FILE *fp, char *app) {
fprintf(fp, "Usage: %s [<options>]\n", app);
fprintf(fp, "\n");
fprintf(fp, " -a <delay> Failed auth delay\n");
fprintf(fp, " -p <port> Port to listen on\n");
fprintf(fp, " -s Use syslog\n");
fprintf(fp, " -v Verbose. Repeat for more info\n");
fprintf(fp, " -m <n> Maximum number attempts\n");
fprintf(fp, " -w <delay> Delay until banner is sent to client\n");
fprintf(fp, "\n");
}
void logger(const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
vprintf(fmt, ap);
printf("\n");
if (use_syslog)
vsyslog(LOG_NOTICE, fmt, ap);
va_end(ap);
}
void handle_sigchild(int signum) {
int status = -1;
int pid = 0;
do {
pid = waitpid(-1, &status, WNOHANG);
if (verbose > 0)
logger("Process %d Exited", pid);
} while(pid > 0);
}
void strip(char *str) {
while(*str != 0) {
if (*str == '\r'
|| *str == '\n') {
*str = 0;
return;
}
str++;
}
}
void start(int fd, struct sockaddr_in *client) {
FILE *fp = fdopen(fd, "r+");
char *buf = 0;
size_t buflen = 0;
char *user = 0, *pass = 0;
char *client_ip = inet_ntoa(client->sin_addr);
int attempts = 0;
logger("Connection From %s:%d", client_ip, client->sin_port);
if (!fp) {
logger("fdopen: %s", strerror(errno));
return;
}
if (delay)
sleep(delay);
fprintf(fp, "+OK POP3 Server Reader\r\n");
fflush(fp);
while(getline(&buf, &buflen, fp) >= 0) {
strip(buf);
if (verbose >= 2)
logger("%s", buf);
if (strncasecmp("QUIT", buf, 4) == 0) {
fprintf(fp, "+OK Closing Connection\r\n");
fflush(fp);
break;
} else if (strncasecmp("USER", buf, 4) == 0) {
char *tmp = strchr(buf, ' ');
if (tmp == NULL) {
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
} else {
if (user != NULL)
free(user);
tmp++;
user = strdup(tmp);
fprintf(fp, "+OK Send Password\r\n");
fflush(fp);
}
} else if (strncasecmp("PASS", buf, 4) == 0) {
char *tmp = strchr(buf, ' ');
if (tmp == NULL || user == NULL) {
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
} else {
if (pass != NULL)
free(pass);
tmp++;
pass = strdup(tmp);
logger("IP: %s USER: %s PASS: %s", client_ip, user, pass);
fprintf(fp, "-ERR Invalid login\r\n");
fflush(fp);
if (auth_delay)
sleep(auth_delay);
attempts++;
if (attempts > max_attempts)
break;
}
} else {
logger("Unknown Command: %s", buf);
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
}
}
logger("Closed Connection From %s:%d", client_ip, client->sin_port);
if (user)
free(user);
if (pass)
free(pass);
if (fp)
fclose(fp);
if (buf)
free(buf);
close(fd);
}
int main(int argc, char **argv) {
struct sockaddr_in server, client;
socklen_t addr_len = sizeof(client);
int port = 110;
int c;
int sockfd;
int one = 1;
while( (c = getopt(argc, argv, "a:hp:svm:w:")) != -1) {
switch(c) {
case 'a':
auth_delay = atoi(optarg);
break;
case 'h':
print_help(stdout, argv[0]);
exit(EXIT_SUCCESS);
break;
case 'p':
port = atoi(optarg);
break;
case 's':
use_syslog = 1;
break;
case 'v':
verbose++;
break;
case 'm':
max_attempts = atoi(optarg);
break;
case 'w':
delay = atoi(optarg);
default:
break;
}
}
signal(SIGCHLD, &handle_sigchild);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
perror("socket");
exit(EXIT_FAILURE);
}
memset(&server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons(port);
server.sin_addr.s_addr = INADDR_ANY;
if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) {
perror("setsockopt");
}
if (bind(sockfd, (struct sockaddr *) &server, sizeof(server)) < 0) {
perror("bind");
exit(EXIT_FAILURE);
}
if (listen(sockfd, backlog) < 0) {
perror("listen");
exit(EXIT_FAILURE);
}
while(1) {
int fd = accept(sockfd, (struct sockaddr *) &client, &addr_len);
if (fd < 0) {
logger("accept: %s", strerror(errno));
continue;
}
int ret = fork();
if (ret < 0) {
logger("fork: %s", strerror(errno));
close(fd);
continue;
}
if (ret == 0) {
start(fd, &client);
exit(EXIT_SUCCESS);
} else {
if (verbose > 0)
logger("Started Process %d", ret);
close(fd);
}
}
return 0;
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed