Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
175 lines (150 sloc) 12.4 KB
MySQL-Honeypot started on { address: '::', family: 'IPv6', port: 3306 }
----- Client connected from ::ffff:117.51.147.155:40454
Send:---
GREATING
---
Received data:---
8f00000185a23f0000000040080000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640052035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c045f70696404353433310f5f636c69656e745f76657273696f6e06352e362e3433095f706c6174666f726d067838365f3634
---
���?@rootmysql_native_passwordR_osLinux _client_namelibmysql_pid5431_client_version5.6.43 _platformx86_64
---
State:---
1
---
Send:---
FIRST_OK
---
Received data:---
1100000003736574206175746f636f6d6d69743d30
---
set autocommit=0
---
State:---
2
---
Send:---
QUERY
---
Received data:---
7d0f00022320636f64696e673d7574662d380d0a0d0a66726f6d20666c61736b20696d706f7274206a736f6e6966792c20726571756573740d0a66726f6d2073747275637420696d706f727420756e7061636b0d0a66726f6d20736f636b657420696d706f727420696e65745f61746f6e0d0a696d706f7274204d7953514c64620d0a66726f6d2073756270726f6365737320696d706f727420506f70656e2c20504950450d0a696d706f72742072650d0a696d706f7274206f730d0a696d706f7274206261736536340d0a0d0a0d0a2320666c616720696e206d7973716c20206375726c406c6f63616c686f73742064617461626173653a736563757269747920207461626c653a666c61670d0a0d0a646566207765616b5f7363616e28293a0d0a0d0a202020206167656e745f706f7274203d20383132330d0a20202020726573756c74203d205b5d0d0a202020207461726765745f6970203d20726571756573742e617267732e67657428277461726765745f697027290d0a202020207461726765745f706f7274203d20726571756573742e617267732e67657428277461726765745f706f727427290d0a202020206966206e6f74207461726765745f6970206f72206e6f74207461726765745f706f72743a0d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a203430342c20226d7367223a2022e58f82e695b0e4b88de883bde4b8bae7a9ba222c202264617461223a205b5d7d290d0a202020206966206e6f74207461726765745f706f72742e6973646967697428293a0d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a203430342c20226d7367223a2022e7abafe58fa3e5bf85e9a1bbe4b8bae695b0e5ad97222c202264617461223a205b5d7d290d0a202020206966206e6f7420636865636b6970287461726765745f6970293a0d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a203430342c20226d7367223a2022e5bf85e9a1bbe8be93e585a56970222c202264617461223a205b5d7d290d0a2020202069662069735f696e6e65725f697061646472657373287461726765745f6970293a0d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a203430342c20226d7367223a20226970e4b88de883bde698afe58685e7bd916970222c202264617461223a205b5d7d290d0a20202020746d705f6167656e745f726573756c74203d206765745f6167656e745f726573756c74287461726765745f69702c206167656e745f706f7274290d0a202020206966206e6f7420746d705f6167656e745f726573756c745b305d203d3d20313a0d0a0974656d5f726573756c74203d20746d705f6167656e745f726573756c745b315d0d0a2020202020202020726573756c742e617070656e64286261736536342e623634656e636f64652874656d5f726573756c7429290d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a203430342c20226d7367223a2022e69c8de58aa1e599a8e69caae5bc80e590af6d7973716c222c202264617461223a20726573756c747d290d0a0d0a20202020746d705f726573756c74203d6d7973716c5f7363616e287461726765745f69702c207461726765745f706f7274290d0a0d0a202020206966206e6f7420746d705f726573756c745b27466c6167275d203d3d20313a0d0a202020202020202074656d5f726573756c74203d20746d705f6167656e745f726573756c745b315d0d0a2020202020202020726573756c742e617070656e64286261736536342e623634656e636f64652874656d5f726573756c7429290d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a20302c20226d7367223a2022e69caae689abe68f8fe587bae5bcb1e58fa3e4bba4222c202264617461223a205b5d7d290d0a20202020656c73653a0d0a202020202020202074656d5f726573756c74203d20746d705f6167656e745f726573756c745b315d0d0a2020202020202020726573756c742e617070656e64286261736536342e623634656e636f64652874656d5f726573756c7429290d0a2020202020202020726573756c742e617070656e6428746d705f726573756c74290d0a202020202020202072657475726e206a736f6e696679287b22636f6465223a20302c20226d7367223a2022e69c8de58aa1e599a8e5ad98e59ca8e5bcb1e58fa3e4bba4222c202264617461223a20726573756c747d290d0a0d0a0d0a64656620636865636b6970286970293a0d0a2020202070203d2072652e636f6d70696c6528275e282832355b302d355d7c325b302d345d5c647c5b30315d3f5c645c643f295c2e297b337d2832355b302d355d7c325b302d345d5c647c5b30315d3f5c645c643f292427290d0a20202020696620702e6d61746368286970293a0d0a202020202020202072657475726e20547275650d0a20202020656c73653a0d0a202020202020202072657475726e2046616c73650d0a0d0a646566206375726c2875726c293a0d0a20202020746d70203d20506f70656e285b276375726c272c2075726c2c20272d4c272c20272d6f272c2027636f6e74656e742e6c6f67275d2c207374646f75743d50495045290d0a20202020746d702e7761697428290d0a20202020726573756c74203d20746d702e7374646f75742e726561646c696e657328290d0a2020202072657475726e20726573756c740d0a0d0a646566206765745f6167656e745f726573756c742869702c20706f7274293a0d0a0d0a202020207374725f706f7274203d2073747228706f7274290d0a2020202075726c203d2027687474703a2f2f272b6970202b20273a27202b207374725f706f72740d0a202020206375726c2875726c290d0a202020206966206e6f74206f732e706174682e6578697374732827636f6e74656e742e6c6f6727293a0d0a202020202020202072657475726e2028302c2027e69caae5bc80e590af6167656e7427290d0a2020202077697468206f70656e2827636f6e74656e742e6c6f6727292061732066313a0d0a2020202020202020746d705f6c697374203d2066312e726561646c696e657328290d0a2020202020202020726573706f6e7365203d2027272e6a6f696e28746d705f6c697374290d0a202020206f732e72656d6f76652827636f6e74656e742e6c6f6727290d0a202020206966206e6f7420276d7973716c642720696e20726573706f6e73653a0d0a202020202020202072657475726e2028302c20726573706f6e7365290d0a20202020656c73653a0d0a202020202020202072657475726e2028312c20726573706f6e7365290d0a0d0a0d0a646566206970326c6f6e672869705f61646472293a0d0a0d0a2020202072657475726e20756e7061636b2822214c222c20696e65745f61746f6e2869705f6164647229295b305d0d0a0d0a6465662069735f696e6e65725f697061646472657373286970293a0d0a0d0a202020206970203d206970326c6f6e67286970290d0a2020202072657475726e206970326c6f6e6728273132372e302e302e302729203e3e203234203d3d206970203e3e203234206f72205c0d0a2020202020202020202020206970326c6f6e67282731302e302e302e302729203e3e203234203d3d206970203e3e203234206f72205c0d0a2020202020202020202020206970326c6f6e6728273137322e31362e302e302729203e3e203230203d3d206970203e3e203230206f72205c0d0a2020202020202020202020206970326c6f6e6728273139322e3136382e302e302729203e3e203136203d3d206970203e3e2031360d0a0d0a646566206d7973716c5f7363616e2869702c20706f7274293a0d0a0d0a20202020706f7274203d20696e7428706f7274290d0a202020207765616b5f75736572203d205b27726f6f74272c202761646d696e272c20276d7973716c275d0d0a202020207765616b5f70617373203d205b27272c20276d7973716c272c2027726f6f74272c202761646d696e272c202774657374275d0d0a20202020466c6167203d20300d0a20202020666f72207573657220696e207765616b5f757365723a0d0a2020202020202020666f7220706173735f776420696e207765616b5f706173733a0d0a2020202020202020202020206966206d7973716c5f6c6f67696e2869702c706f72742c20757365722c20706173735f7764293a0d0a20202020202020202020202020202020466c6167203d20310d0a20202020202020202020202020202020746d705f646963203d207b277765616b5f75736572273a20757365722c20277765616b5f706173737764273a20706173735f77642c2027466c6167273a20466c61677d0d0a2020202020202020202020202020202072657475726e20746d705f6469630d0a202020202020202020202020656c73653a0d0a20202020202020202020202020202020746d705f646963203d207b277765616b5f75736572273a2027272c20277765616b5f706173737764273a2027272c2027466c6167273a20466c61677d0d0a2020202020202020202020202020202072657475726e20746d705f6469630d0a0d0a0d0a0d0a646566206d7973716c5f6c6f67696e28686f73742c20706f72742c20757365726e616d652c2070617373776f7264293a0d0a202020202727276d7973716c206c6f67696e20636865636b2727270d0a0d0a202020207472793a0d0a2020202020202020636f6e6e203d204d7953514c64622e636f6e6e656374280d0a202020202020202020202020686f73743d686f73742c0d0a202020202020202020202020757365723d757365726e616d652c0d0a2020202020202020202020207061737377643d70617373776f72642c0d0a202020202020202020202020706f72743d706f72742c0d0a202020202020202020202020636f6e6e6563745f74696d656f75743d312c0d0a202020202020202020202020290d0a20202020202020207072696e742028225b483a257320503a257320553a257320503a25735d4d7973716c206c6f67696e20537563636573732220252028686f73742c706f72742c757365726e616d652c70617373776f7264292c22496e666f22290d0a2020202020202020636f6e6e2e636c6f736528290d0a202020202020202072657475726e20547275650d0a20202020657863657074204d7953514c64622e4572726f722c20653a0d0a0d0a20202020202020207072696e742028225b483a257320503a257320553a257320503a25735d4d7973716c204572726f722025643a2220252028686f73742c706f72742c757365726e616d652c70617373776f72642c652e617267735b305d292c224572726f7222290d0a202020202020202072657475726e2046616c73650d0a0d0a00000003
---
}# coding=utf-8
from flask import jsonify, request
from struct import unpack
from socket import inet_aton
import MySQLdb
from subprocess import Popen, PIPE
import re
import os
import base64
# flag in mysql curl@localhost database:security table:flag
def weak_scan():
agent_port = 8123
result = []
target_ip = request.args.get('target_ip')
target_port = request.args.get('target_port')
if not target_ip or not target_port:
return jsonify({"code": 404, "msg": "参数不能为空", "data": []})
if not target_port.isdigit():
return jsonify({"code": 404, "msg": "端口必须为数字", "data": []})
if not checkip(target_ip):
return jsonify({"code": 404, "msg": "必须输入ip", "data": []})
if is_inner_ipaddress(target_ip):
return jsonify({"code": 404, "msg": "ip不能是内网ip", "data": []})
tmp_agent_result = get_agent_result(target_ip, agent_port)
if not tmp_agent_result[0] == 1:
tem_result = tmp_agent_result[1]
result.append(base64.b64encode(tem_result))
return jsonify({"code": 404, "msg": "服务器未开启mysql", "data": result})
tmp_result =mysql_scan(target_ip, target_port)
if not tmp_result['Flag'] == 1:
tem_result = tmp_agent_result[1]
result.append(base64.b64encode(tem_result))
return jsonify({"code": 0, "msg": "未扫描出弱口令", "data": []})
else:
tem_result = tmp_agent_result[1]
result.append(base64.b64encode(tem_result))
result.append(tmp_result)
return jsonify({"code": 0, "msg": "服务器存在弱口令", "data": result})
def checkip(ip):
p = re.compile('^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$')
if p.match(ip):
return True
else:
return False
def curl(url):
tmp = Popen(['curl', url, '-L', '-o', 'content.log'], stdout=PIPE)
tmp.wait()
result = tmp.stdout.readlines()
return result
def get_agent_result(ip, port):
str_port = str(port)
url = 'http://'+ip + ':' + str_port
curl(url)
if not os.path.exists('content.log'):
return (0, '未开启agent')
with open('content.log') as f1:
tmp_list = f1.readlines()
response = ''.join(tmp_list)
os.remove('content.log')
if not 'mysqld' in response:
return (0, response)
else:
return (1, response)
def ip2long(ip_addr):
return unpack("!L", inet_aton(ip_addr))[0]
def is_inner_ipaddress(ip):
ip = ip2long(ip)
return ip2long('127.0.0.0') >> 24 == ip >> 24 or \
ip2long('10.0.0.0') >> 24 == ip >> 24 or \
ip2long('172.16.0.0') >> 20 == ip >> 20 or \
ip2long('192.168.0.0') >> 16 == ip >> 16
def mysql_scan(ip, port):
port = int(port)
weak_user = ['root', 'admin', 'mysql']
weak_pass = ['', 'mysql', 'root', 'admin', 'test']
Flag = 0
for user in weak_user:
for pass_wd in weak_pass:
if mysql_login(ip,port, user, pass_wd):
Flag = 1
tmp_dic = {'weak_user': user, 'weak_passwd': pass_wd, 'Flag': Flag}
return tmp_dic
else:
tmp_dic = {'weak_user': '', 'weak_passwd': '', 'Flag': Flag}
return tmp_dic
def mysql_login(host, port, username, password):
'''mysql login check'''
try:
conn = MySQLdb.connect(
host=host,
user=username,
passwd=password,
port=port,
connect_timeout=1,
)
print ("[H:%s P:%s U:%s P:%s]Mysql login Success" % (host,port,username,password),"Info")
conn.close()
return True
except MySQLdb.Error, e:
print ("[H:%s P:%s U:%s P:%s]Mysql Error %d:" % (host,port,username,password,e.args[0]),"Error")
return False

---
State:---
3
---
Send:---
SECOND_OK
---
Received data:---
0100000001
---

---
State:---
-1
---
Send:---
SECOND_OK
---
You can’t perform that action at this time.