moonq/backdoor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move to autossh

Browse Source
This commit is contained in:
Ville Rantanen
2019-08-29 19:14:12 +03:00
parent 2241c440c8
commit e069ad7612
2 changed files with 68 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
src/ssh-backdoor
View File

@@ -152,7 +152,8 @@ class DataBase:
self.db.execute('CREATE TABLE ports (\ self.db.execute('CREATE TABLE ports (\
id TEXT PRIMARY KEY,\ id TEXT PRIMARY KEY,\
host TEXT, \ host TEXT, \
port INTEGER,\ reverseport INTEGER,\
monitorport INTEGER,\
pid INTEGER,\ pid INTEGER,\
die INTEGER,\ die INTEGER,\
date INTEGER)') date INTEGER)')
@@ -160,10 +161,10 @@ class DataBase:
def clean_db(self): def clean_db(self):
self.db = self.conn.cursor() self.db = self.conn.cursor()
self.db.execute("SELECT id,port,date,pid,host FROM ports") self.db.execute("SELECT id,date,pid,host FROM ports")
for row in self.db.fetchall(): for row in self.db.fetchall():
age = int(time.time() - row[2]) age = int(time.time() - row[1])
running = self.is_running(row[3]) running = self.is_running(row[2])
if running: if running:
continue continue
if age < self.alive: if age < self.alive:
@@ -214,18 +215,23 @@ class DataBase:
self.conn_end() self.conn_end()
def update(self, id, port = None): def update(self, id, reverseport = None, monitorport = None):
self.id = id self.id = id
if port == None: if reverseport == None:
port = self.get_port(id) reverseport = self.get_port('reverseport',id)
if port == None: if reverseport == None:
port = self.new_port() reverseport = self.new_port()
if monitorport == None:
monitorport = self.get_port('monitorport',id)
if monitorport == None:
monitorport = self.new_port()
parent = self.get_pid() parent = self.get_pid()
self.db = self.conn.cursor() self.db = self.conn.cursor()
self.db.execute("INSERT OR REPLACE INTO ports(id,port,date,pid,host,die) \ self.db.execute("INSERT OR REPLACE INTO ports(id,monitorport,reverseport,date,pid,host,die) \
VALUES(?,?,?,?,?,?)",( VALUES(?,?,?,?,?,?,?)",(
id, id,
port, monitorport,
reverseport,
int(time.time()), int(time.time()),
parent, parent,
os.getenv("SSH_CLIENT","-").split(" ")[0], os.getenv("SSH_CLIENT","-").split(" ")[0],
@@ -233,16 +239,16 @@ class DataBase:
) )
) )
self.conn_end() self.conn_end()
return port return "%d %d"%( reverseport, monitorport )
def list(self): def list(self):
self.db = self.conn.cursor() self.db = self.conn.cursor()
self.db.execute("SELECT id,port,host,date,pid,die FROM ports ORDER BY id") self.db.execute("SELECT id,reverseport,monitorport,host,date,pid,die FROM ports ORDER BY id")
rows = [] rows = []
for row in self.db: for row in self.db:
row = list(row) row = list(row)
row[3] = self.human_age(row[3]) row[4] = self.human_age(row[4])
row.append(self.is_running(row[4])) row.append(self.is_running(row[5]))
# ~ row.append("ssh-nosave -p %d localhost"%( row[1], ) ) # ~ row.append("ssh-nosave -p %d localhost"%( row[1], ) )
rows.append(row) rows.append(row)
return rows return rows
@@ -265,32 +271,38 @@ class DataBase:
def get_pid(self): def get_pid(self):
return os.getppid() return os.getppid()
def get_port(self, id): def get_port(self, type, id):
self.db = self.conn.cursor() self.db = self.conn.cursor()
self.db.execute("SELECT port FROM ports WHERE id = ?", (id,)) if type == 'reverseport':
self.db.execute("SELECT reverseport FROM ports WHERE id = ?", (id,))
if type == 'monitorport':
self.db.execute("SELECT monitorport FROM ports WHERE id = ?", (id,))
result = self.db.fetchall() result = self.db.fetchall()
if len(result) == 0: if len(result) == 0:
return None return None
return result[0][0] return int(result[0][0])
def new_port(self): def new_port(self):
self.db = self.conn.cursor() self.db = self.conn.cursor()
while True: while True:
port = random.randint(22200, 22400) # ports alweays even (because monitor requires + 1
self.db.execute("SELECT port FROM ports WHERE port = ?", (port,)) port = int(random.randint(22200, 22999) / 2) * 2
result = self.db.fetchall() self.db.execute("SELECT reverseport FROM ports WHERE reverseport = ?", (port,))
if len(result) == 0: result_reverse = self.db.fetchall()
self.db.execute("SELECT monitorport FROM ports WHERE monitorport = ?", (port,))
result_monitor = self.db.fetchall()
if len(result_reverse) + len(result_monitor) == 0:
return port return port
def connect_backdoor(self, id): def connect_backdoor(self, id):
self.db = self.conn.cursor() self.db = self.conn.cursor()
self.db.execute("SELECT port,pid FROM ports WHERE id = ?", (id,)) self.db.execute("SELECT reverseport,monitorport,pid FROM ports WHERE id = ?", (id,))
result = self.db.fetchall() result = self.db.fetchall()
if len(result) == 0: if len(result) == 0:
eprint("No such ID") eprint("No such ID")
return return
port = result[0][0] port = result[0][0]
pid = result[0][1] pid = result[0][2]
if not self.is_running(pid): if not self.is_running(pid):
eprint("Backdoor not open") eprint("Backdoor not open")
return return
@@ -324,14 +336,17 @@ if __name__ == "__main__":
if opts.command == "list": if opts.command == "list":
print(tabulate( print(tabulate(
db.list(), db.list(),
headers = ['Id','Port','Host','Age','PID','Die','Alive'] headers = ['Id','RevPort','MonPort','Host','Age','PID','Die','Alive']
)) ))
if opts.command == "query": if opts.command == "query":
port = db.get_port(opts.id) reverseport = db.get_port('reverseport',opts.id)
if port == None: monitorport = db.get_port('monitorport',opts.id)
if reverseport == None:
sys.exit(1) sys.exit(1)
print(port) if monitorport == None:
sys.exit(1)
print("%d %d"%(reverseport, monitorport))
sys.exit(0) sys.exit(0)
if opts.command == "kill": if opts.command == "kill":
@@ -342,7 +357,7 @@ if __name__ == "__main__":
db.connect_backdoor(opts.id) db.connect_backdoor(opts.id)
if opts.command == "open": if opts.command == "open":
print(db.update(opts.id, opts.port)) print(db.update(opts.id, reverseport = opts.port))
if opts.command == "keep": if opts.command == "keep":
print(db.update(opts.id)) print(db.update(opts.id))

42
src/ssh-backdoor-open
View File

@@ -12,8 +12,19 @@ if [[ "$1" = update ]]; then
} }
fi fi
_autossh() {
autossh \
-M ${MONITORPORT} \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
-o ConnectTimeout=10 \
-o ServerAliveInterval=15 \
-o ServerAliveCountMax=3 \
-p ${BACKDOORPORT} \
${BACKDOORHOST} \
"$@"
}
_ssh() { _ssh() {
trap 'kill -INT -$SSHPID; exit;' INT
ssh \ ssh \
-o UserKnownHostsFile=/dev/null \ -o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \ -o StrictHostKeyChecking=no \
@@ -22,9 +33,7 @@ _ssh() {
-o ServerAliveCountMax=3 \ -o ServerAliveCountMax=3 \
-p ${BACKDOORPORT} \ -p ${BACKDOORPORT} \
${BACKDOORHOST} \ ${BACKDOORHOST} \
"$@" & "$@"
SSHPID=$!
wait $SSHPID
} }
BACKDOORHOST={{BACKDOORHOST}} BACKDOORHOST={{BACKDOORHOST}}
@@ -32,24 +41,19 @@ BACKDOORPORT={{BACKDOORPORT}}
USER=$( id -u -n ) USER=$( id -u -n )
BGPID=0 BGPID=0
echo "Must use ssh agent (ssh-add)" echo "Must use ssh agent (ssh-add)"
which autossh &>/dev/null || {
echo Must have autossh
exit 1
}
while true; do while true; do
date date
port=$( _ssh bin/ssh-backdoor open $USER@$HOSTNAME ) read -r reverseport MONITORPORT <<<$( _ssh bin/ssh-backdoor open $USER@$HOSTNAME )
[[ -z "$port" ]] && { sleep 2; continue; } [[ -z "$reverseport" ]] && { sleep 2; continue; }
echo "$port port assigned" echo "$reverseport $MONITORPORT ports assigned"
#~ _ssh pkill -a -f $USER@$HOSTNAME #~ _ssh pkill -a -f $USER@$HOSTNAME
_ssh \ _autossh \
-L $port:localhost:$port \ -R $reverseport:localhost:22 \
-R $port:localhost:22 \ bin/ssh-backdoor keep $USER@$HOSTNAME
bin/ssh-backdoor keep $USER@$HOSTNAME &
BGPID=$!
while true; do
sleep 60
timeout 20 ssh-keyscan -p "$port" localhost 2>/dev/null | grep -q "$port" || {
kill $BGPID
break
}
done
for i in {1..10}; do for i in {1..10}; do
sleep 1 sleep 1