what you don't know can hurt you

Fake POP3 Daemon

Fake POP3 Daemon
Posted Feb 7, 2012
Authored by James Stevenson | Site stev.org

This is a compact fake pop3 daemon that logs password attacks.

tags | tool
systems | unix
MD5 | 6f1a11903c57d66bfbf2564e33984ea6

Fake POP3 Daemon

Change Mirror Download
/*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Library General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*
* $Id: fake-pop3.c,v 1.2 2012/02/05 17:38:14 james.stevenson Exp $
*
* Author:
* NAME: James Stevenson
* WWW: http://www.stev.org
*
*/

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <syslog.h>
#include <unistd.h>
#include <signal.h>

#include <arpa/inet.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>

int use_syslog = 0;
int verbose = 0;
int backlog = 5;
int max_attempts = 5;
int delay = 0;
int auth_delay = 3;

void print_help(FILE *fp, char *app) {

fprintf(fp, "Usage: %s [<options>]\n", app);
fprintf(fp, "\n");
fprintf(fp, " -a <delay> Failed auth delay\n");
fprintf(fp, " -p <port> Port to listen on\n");
fprintf(fp, " -s Use syslog\n");
fprintf(fp, " -v Verbose. Repeat for more info\n");
fprintf(fp, " -m <n> Maximum number attempts\n");
fprintf(fp, " -w <delay> Delay until banner is sent to client\n");
fprintf(fp, "\n");
}

void logger(const char *fmt, ...) {
va_list ap;
va_start(ap, fmt);
vprintf(fmt, ap);
printf("\n");

if (use_syslog)
vsyslog(LOG_NOTICE, fmt, ap);

va_end(ap);
}

void handle_sigchild(int signum) {
int status = -1;
int pid = 0;

do {
pid = waitpid(-1, &status, WNOHANG);
if (verbose > 0)
logger("Process %d Exited", pid);
} while(pid > 0);
}

void strip(char *str) {
while(*str != 0) {
if (*str == '\r'
|| *str == '\n') {
*str = 0;
return;
}
str++;
}
}

void start(int fd, struct sockaddr_in *client) {
FILE *fp = fdopen(fd, "r+");
char *buf = 0;
size_t buflen = 0;
char *user = 0, *pass = 0;
char *client_ip = inet_ntoa(client->sin_addr);
int attempts = 0;

logger("Connection From %s:%d", client_ip, client->sin_port);

if (!fp) {
logger("fdopen: %s", strerror(errno));
return;
}

if (delay)
sleep(delay);

fprintf(fp, "+OK POP3 Server Reader\r\n");
fflush(fp);

while(getline(&buf, &buflen, fp) >= 0) {
strip(buf);

if (verbose >= 2)
logger("%s", buf);


if (strncasecmp("QUIT", buf, 4) == 0) {
fprintf(fp, "+OK Closing Connection\r\n");
fflush(fp);
break;
} else if (strncasecmp("USER", buf, 4) == 0) {
char *tmp = strchr(buf, ' ');
if (tmp == NULL) {
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
} else {
if (user != NULL)
free(user);
tmp++;
user = strdup(tmp);
fprintf(fp, "+OK Send Password\r\n");
fflush(fp);
}
} else if (strncasecmp("PASS", buf, 4) == 0) {
char *tmp = strchr(buf, ' ');
if (tmp == NULL || user == NULL) {
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
} else {
if (pass != NULL)
free(pass);
tmp++;
pass = strdup(tmp);

logger("IP: %s USER: %s PASS: %s", client_ip, user, pass);

fprintf(fp, "-ERR Invalid login\r\n");
fflush(fp);
if (auth_delay)
sleep(auth_delay);

attempts++;
if (attempts > max_attempts)
break;
}

} else {
logger("Unknown Command: %s", buf);
fprintf(fp, "-ERR Invalid\r\n");
fflush(fp);
}
}

logger("Closed Connection From %s:%d", client_ip, client->sin_port);

if (user)
free(user);

if (pass)
free(pass);

if (fp)
fclose(fp);
if (buf)
free(buf);
close(fd);
}


int main(int argc, char **argv) {
struct sockaddr_in server, client;
socklen_t addr_len = sizeof(client);
int port = 110;
int c;
int sockfd;
int one = 1;

while( (c = getopt(argc, argv, "a:hp:svm:w:")) != -1) {
switch(c) {
case 'a':
auth_delay = atoi(optarg);
break;
case 'h':
print_help(stdout, argv[0]);
exit(EXIT_SUCCESS);
break;
case 'p':
port = atoi(optarg);
break;
case 's':
use_syslog = 1;
break;
case 'v':
verbose++;
break;
case 'm':
max_attempts = atoi(optarg);
break;
case 'w':
delay = atoi(optarg);
default:
break;
}

}

signal(SIGCHLD, &handle_sigchild);

sockfd = socket(AF_INET, SOCK_STREAM, 0);
if (sockfd < 0) {
perror("socket");
exit(EXIT_FAILURE);
}

memset(&server, 0, sizeof(server));

server.sin_family = AF_INET;
server.sin_port = htons(port);
server.sin_addr.s_addr = INADDR_ANY;

if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof(one)) < 0) {
perror("setsockopt");
}

if (bind(sockfd, (struct sockaddr *) &server, sizeof(server)) < 0) {
perror("bind");
exit(EXIT_FAILURE);
}

if (listen(sockfd, backlog) < 0) {
perror("listen");
exit(EXIT_FAILURE);
}

while(1) {
int fd = accept(sockfd, (struct sockaddr *) &client, &addr_len);
if (fd < 0) {
logger("accept: %s", strerror(errno));
continue;
}

int ret = fork();
if (ret < 0) {
logger("fork: %s", strerror(errno));
close(fd);
continue;
}

if (ret == 0) {
start(fd, &client);
exit(EXIT_SUCCESS);
} else {
if (verbose > 0)
logger("Started Process %d", ret);
close(fd);
}
}

return 0;
}

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close