glutton icon indicating copy to clipboard operation
glutton copied to clipboard
verified publisher icon mushorg

SSH User login denied

Open Ijlalh90 opened this issue 7 years ago • 9 comments

I am facing an issue with docker build and also with normal running of glutton. When i try to login ssh using glutton it denies to allow my login.

Ijlalh90 avatar Apr 14 '18 09:04 Ijlalh90

Did you try port 5001 as per documentation?

glaslos avatar Apr 14 '18 13:04 glaslos

THe issue with ssh is that when i try to forward to the target machine.Glutton successfully detects the incoming connection but user session closes immediately after typing password. Here is what shows 2018/04/18 11:34:29 DEBUG [freki ] new TCP connection 192.168.0.100:52534->22 2018/04/18 11:34:29 DEBUG [contable] registering 192.168.0.100:52534->22 2018/04/18 11:34:29 ERROR user.tcp: close tcp 172.17.0.3:5000->192.168.0.100:52534: use of closed network connection 2018/04/18 11:34:43 DEBUG [freki ] new TCP connection 192.168.0.100:52536->22 2018/04/18 11:34:43 DEBUG [contable] registering 192.168.0.100:52536->22 2018/04/18 11:34:49 DEBUG [freki ] new TCP connection 172.17.0.3:39454->22 2018/04/18 11:34:49 DEBUG [contable] registering 172.17.0.3:39454->22 2018/04/18 11:34:49 DEBUG [freki ] new TCP connection 172.17.0.3:39456->22 2018/04/18 11:34:49 DEBUG [contable] registering 172.17.0.3:39456->22 2018/04/18 11:34:49 DEBUG [freki ] new TCP connection 172.17.0.3:39458->22 2018/04/18 11:34:49 DEBUG [contable] registering 172.17.0.3:39458->22 2018/04/18 11:34:51 DEBUG [freki ] new TCP connection 172.17.0.3:39460->22 2018/04/18 11:34:51 DEBUG [contable] registering 172.17.0.3:39460->22 2018/04/18 11:34:51 DEBUG [freki ] new TCP connection 172.17.0.3:39462->22 2018/04/18 11:34:51 DEBUG [contable] registering 172.17.0.3:39462->22 2018/04/18 11:34:51 DEBUG [freki ] new TCP connection 172.17.0.3:39464->22 2018/04/18 11:34:51 DEBUG [contable] registering 172.17.0.3:39464->22 2018/04/18 11:34:54 DEBUG [freki ] new TCP connection 172.17.0.3:39466->22 2018/04/18 11:34:54 DEBUG [contable] registering 172.17.0.3:39466->22 2018/04/18 11:34:54 DEBUG [freki ] new TCP connection 172.17.0.3:39468->22 2018/04/18 11:34:54 DEBUG [contable] registering 172.17.0.3:39468->22 2018/04/18 11:34:54 DEBUG [freki ] new TCP connection 172.17.0.3:39470->22 2018/04/18 11:34:54 DEBUG [contable] registering 172.17.0.3:39470->22 2018/04/18 11:34:54 ERROR user.tcp: close tcp 172.17.0.3:5000->192.168.0.100:52536: use of closed network connection THe password and username are correct

Ijlalh90 avatar Apr 18 '18 11:04 Ijlalh90

try ssh -p 5000 172.17.0.3

glaslos avatar Apr 18 '18 13:04 glaslos

One thing these are the logs of other machine which shows password not being forward screenshot from 2018-04-18 17-44-12

Ijlalh90 avatar Apr 20 '18 03:04 Ijlalh90

From the logs I can see that you are connecting to port 22... Please follow my instructions.

glaslos avatar Apr 21 '18 13:04 glaslos

Sorry if i cannot deliver the problem properly. The issue is that ssh of other machine is not working.port 5001 works fine with ssh on machine with glutton. The other machine doesnot get the ssh. I have correctly setup the rules file. No issues with that but issues comes when ssh password is provided it doesnot work

Ijlalh90 avatar Apr 23 '18 05:04 Ijlalh90

Ah, sorry, I misunderstood your goal. Glutton only supports the username/password handshake in ssh and then disconnects. If you want a proper ssh honeypot, you have to connect Glutton to something like cowrie or bifrozt.

glaslos avatar Apr 23 '18 13:04 glaslos

Yeah it is connected to cowrie but still got disconnected

Ijlalh90 avatar Apr 23 '18 19:04 Ijlalh90

Update: Tested this on Ubuntu 16.04 and Ubuntu 17.10. Docker Version and both the go version of glutton fails to communicate with ssh when password is transferred. When tried to use an old build, Some libraries causes the issue and it was unsuccessful.

Ijlalh90 avatar Apr 26 '18 15:04 Ijlalh90