initial commit, logs login attempts to DB

5 files changed, 104 insertions, 0 deletions

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..589aa51
--- /dev/null
+++ b/README.md
@@ -0,0 +1,4 @@
+# TODO
+- Banner
+- Non root
+- One file
\ No newline at end of file
diff --git a/create_db.sql b/create_db.sql
new file mode 100644
index 0000000..c7c2d5c
--- /dev/null
+++ b/create_db.sql
@@ -0,0 +1,14 @@
+CREATE TABLE connection (
+    id          serial PRIMARY KEY,
+    ip          inet,
+    port        INT,
+    timestamp   TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE TABLE login_attempt (
+	id			serial PRIMARY KEY,
+	username	text NOT NULL,
+	password	text NOT NULL,
+	connection  int references connection(id),
+    timestamp   TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP
+);
diff --git a/db_handler.py b/db_handler.py
new file mode 100644
index 0000000..ded882d
--- /dev/null
+++ b/db_handler.py
@@ -0,0 +1,30 @@
+import os
+
+import psycopg
+import yaml
+
+with open(os.path.join('configs', 'database.yml'), 'r') as file:
+    db_con_params = yaml.safe_load(file.read())
+
+
+def log_connection(ip: str, port: int) -> int:
+    with psycopg.connect(**db_con_params, row_factory=psycopg.rows.dict_row) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                "INSERT INTO connection (ip, port)"
+                "VALUES (%(ip)s, %(port)s)"
+                "RETURNING id;",
+                {'ip': ip, 'port': port}
+            )
+            connection_id = cur.fetchone()['id']
+            return connection_id
+
+
+def log_login_attempt(username: str, password: str, connection_id: int):
+    with psycopg.connect(**db_con_params, row_factory=psycopg.rows.dict_row) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                "INSERT INTO login_attempt (username, password, connection)"
+                "VALUES (%(username)s, %(password)s, %(connection_id)s);",
+                {'username': username, 'password': password, 'connection_id': connection_id}
+            )
diff --git a/log_ssh_passwords.py b/log_ssh_passwords.py
new file mode 100644
index 0000000..dc972b8
--- /dev/null
+++ b/log_ssh_passwords.py
@@ -0,0 +1,52 @@
+import socket
+import paramiko
+import db_handler
+import threading
+
+
+class SSHServer(paramiko.ServerInterface):
+    def __init__(self, connection_id: int):
+        self.connection_id = connection_id
+
+    def check_auth_password(self, username, password):
+        print(f"Username: {username}")
+        print(f"Password: {password}")
+
+        db_handler.log_login_attempt(username, password, self.connection_id)
+
+        return paramiko.AUTH_FAILED
+
+
+def ssh_thread(client, address, port):
+    print(f'New connection from: {address}:{port}')
+    connection_id = db_handler.log_connection(address, port)
+
+    # Create a new paramiko transport
+    transport = paramiko.Transport(client)
+    transport.add_server_key(host_key)
+    server = SSHServer(connection_id)
+
+    # Start the server
+    transport.start_server(server=server)
+
+
+# Create an SSH server
+host_key = paramiko.RSAKey.from_private_key_file("id_rsa")  # paramiko.RSAKey.generate(2048)
+server = ''
+port = 2200
+
+# Start the server
+server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
+server_socket.bind((server, port))
+server_socket.listen(100)
+
+print(f"[*] Listening for connections on {server}:{port}")
+
+while True:
+    try:
+        client, addr = server_socket.accept()
+        thread = threading.Thread(target=ssh_thread, args=(client, addr[0], addr[1]))
+        thread.start()
+    except:
+        pass
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..51ae87f
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,4 @@
+paramiko~=3.4
+psycopg~=3.1
+PyYAML~=6.0
+