New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
telnet test returns login incorrect though logs show success #348
Comments
Yeah. This is somewhere in the Twisted code where you can't see the exception. Try logging in with SSH to get more meaningful errors. Probably a missing dependency. We recently added tftp support. I have a patch already that stops Cowrie sessions from crashing when one of the commands doesn't work. Will share later. |
ssh has been working just fine. All I did was turn on telnet and authbind port 23 |
Hi! Could you confirm your are running the latest version? Try |
Also, by default the password '123456' is not allowed for user root. What is the contents of your userdb.txt? |
I'm guessing the second user is one that an attacker created because that wasn't there before. |
I deleted the second root and tried again with same results / error.
|
Now there are twisted errors in the logs, but this is also in every connection via telnet now since it's getting hit a lot harder from the outside.
|
Hi. The negotation error, is that from your Telnet client or someone on the internet? |
I get the first error posted by @mb-rack (where it shows the login prompt again but log says login was successful) when using the default OS X telnet client (using iTerm and Terminal) and the Ubuntu telnet client. I get the second one ('\x01' errors) from random clients on the Internet. Interestingly it seems that some telnet clients are able to login and access it just fine. |
I think I've got it. They are not disconnects. Try connecting with "nc" (netcat) to your telnet server. I think the negotiation errors are not causing any disconnects, you simply see port scanning activity from a client that doesn't understand telnet. Then the client disconnects. It's not an error. |
When I try to test telnet to my honeypot, the terminal says login failed however cowrie logs a login success. Is this just a function of manually testing telnet or a bug?
$ telnet honeypot_ip 23
Trying honepot_ip...
Connected to honeypot_ip
Escape character is '^]'.
login: root
Password:
Login incorrect
login:
^]
telnet> quit
Connection closed.
/home/cowrie/cowrie/log/cowrie.log
2016-11-14 01:07:53+0000 [-] Log opened.
2016-11-14 01:07:53+0000 [-] twistd 16.0.0 (/usr/bin/python 2.7.12) starting up.
2016-11-14 01:07:53+0000 [-] reactor class: twisted.internet.epollreactor.EPollReactor.
2016-11-14 01:07:53+0000 [-] CowrieSSHFactory starting on 22
2016-11-14 01:07:53+0000 [-] Starting factory <cowrie.ssh.factory.CowrieSSHFactory instance at 0x7f1e18891a28>
2016-11-14 01:07:53+0000 [-] Ready to accept SSH connections
2016-11-14 01:07:53+0000 [-] HoneyPotTelnetFactory starting on 23
2016-11-14 01:07:53+0000 [-] Starting factory <cowrie.telnet.transport.HoneyPotTelnetFactory instance at 0x7f1e17b9b878>
2016-11-14 01:07:53+0000 [-] Ready to accept Telnet connections
2016-11-14 01:08:11+0000 [cowrie.telnet.transport.HoneyPotTelnetFactory] New connection: my_ip:51386 (honeypot_ip:23) [session: TT0]
2016-11-14 01:08:16+0000 [CowrieTelnetTransport,0,my_ip] login attempt [root/123456] succeeded
2016-11-14 01:08:16+0000 [CowrieTelnetTransport,0,my_ip] Opening TTY Log: log/tty/20161114-010816-None-0i.log
2016-11-14 01:08:22+0000 [CowrieTelnetTransport,0,my_ip] Closing TTY Log: log/tty/20161114-010816-None-0i.log after 5 seconds
2016-11-14 01:08:22+0000 [CowrieTelnetTransport,0,my_ip] avatar root logging out
2016-11-14 01:08:22+0000 [CowrieTelnetTransport,0,my_ip] Connection lost after 10 seconds
The text was updated successfully, but these errors were encountered: