-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
services: add WordPress #256
base: master
Are you sure you want to change the base?
Conversation
@CapacitorSet Regarding your commit, Giving different services acces to the same directory will become an issue sooner or later. |
This was discussed in chat with Remco, I think that storing all assets in a folder is the best solution - the alternative we explored was using assetfs, but that increases the size of the binary.
Consider that using a kv store makes it harder for the final users to edit the files (for example, one might want to add a few lines to pretend that a vulnerable plugin is installed). Also, where would the information be fetched from the first time?
…On March 17, 2018 3:07:57 PM GMT+01:00, sammynx ***@***.***> wrote:
@CapacitorSet Regarding your commit, `services: pass data dir` , there
is a key value store to use in `storage/storage.go`
Giving different services acces to the same directory will become an
issue sooner or later.
--
You are receiving this because you were mentioned.
Reply to this email directly or view it on GitHub:
#256 (comment)
|
I didn't know this was discussed already, just wanted to point you to the kv store. But I still think this is an accident waiting to happen. What if you configure multiple services of the same type, like service.smtp01, service.smtp02, etc.? |
For the time being I don't expect such an issue to occur with WordPress, since I think one would rarely need to have two different WordPress honeypots running on the same server. Even then, one might add a key in the configuration to specify a different root folder (eg. Ping @nl5887 for additional feedback on the issue |
I agree that is not a big issue for now. But making this directory available to all services will make it the goto place to store things in the future. Having a filesystem to play with would be a nice feature though. |
Codecov Report
@@ Coverage Diff @@
## master #256 +/- ##
=========================================
Coverage ? 43.41%
=========================================
Files ? 71
Lines ? 8365
Branches ? 0
=========================================
Hits ? 3632
Misses ? 4317
Partials ? 416
Continue to review full report at Codecov.
|
Fixes #255, depends on honeytrap/honeytrap-services-wordpress#1.
Implements a dummy WordPress blog with a homepage and a /wp-login.php, and logs login attempts. Can be expanded in the future to implement many specific vulnerabilities.