Update MITM to CLI option based configuration

Instead of the old config file based mechanism
UMD-ACES · Apr 17, 2022 · 9a43861 · 9a43861
1 parent 447981a
commit 9a43861
Show file tree

Hide file tree

Showing 17 changed files with 499 additions and 661 deletions.
diff --git a/License.md b/License.md
@@ -1,7 +1,7 @@
-Copyright 2018 University of Maryland - College Park | Advanced Cybersecurity experience for Students
+Copyright 2018 University of Maryland - College Park | Advanced Cybersecurity Experience for Students
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/README.md b/README.md
@@ -1,10 +1,8 @@
-# Man-in-the-middle SSH Server
+# Man-in-the-Middle (MITM) SSH Server
 
 ## Objective
 
-Provide students the ability to collect SSH related data (login attempts, keystrokes) without the need for them to build their own SSH server.
-
-See this [wiki page](https://github.com/UMD-ACES/MITM/wiki/Data-Collection) about the information collected by the MITM SSH server.
+Provide students with the ability to collect SSH related data (login attempts, keystrokes) without the need to build their own SSH server.
 
 ## Expectations
 
@@ -16,65 +14,45 @@ This program is not meant to facilitate the following:
 * Monitoring
 * Data Analysis
 
-However, students may modify this program as they wish including faciliting the above while following the [rules](https://github.com/UMD-ACES/MITM/blob/master/README.md#rules) described at a later section.
+However, students may modify this program as they wish to add or change desired functionality.
 
-## Resources
+# Data Collection
+This program will collect 3 main types of data:
+1. Authentication attempts - including client IP, username, and password
+2. Successful logins - client IP
+3. Session stream - raw session stream between the client & SSH server
 
-Please see the rest of this README page and check out the [wiki](https://github.com/UMD-ACES/MITM/wiki) pages.
+## Start the MITM server
 
+Run `node mitm.js -n <container name> -i <container internal IP> -p <MITM listening port>` to start the MITM server.
 
 ## Configuration
 
-| Setting | Type | Explanation |
-| :--------:| :----: | :------------|
-| local | Boolean | Runs the MITM SSH Server without requiring a container. Warning messages will display and there will be limitations (e.g. pty mode is disabled). |
-| debug   | Boolean | MITM Debug Output. Good option to have enabled when building your honeypot ecosystem. Provides detailed logs of the actions that the MITM takes in real time. |
-| logToInstructor.enabled | Boolean | Logging the MITM operations into a DB (must be **enabled** unless otherwise stated by an instructor or TA) |
-| logging.streamOutput | String | Folder where the attacker streams are placed (keystrokes, screen display) |
-| logging.loginAttempts | String | Folder where all login attempts are being logged |
-| logging.logins | String | Folder where all logins are being logged |
-| server.maxAttemptsPerConnection | Integer | Number of login attempts before the server force closes on the SSH client |
-| server.listenIP | String | The IP address to listen on |
-| server.identifier | String | The SSH server identifier string sent to the SSH client |
-| server.banner | String | A message sent to clients upon connection to the MITM |
-| autoAccess.enabled | Boolean | If true, then enable automatic access to the honeypot after a certain number of login attempts (normal distribution using mean and standard deviation values). Can be manually set in the command line. |
-| autoAccess.cacheSize | Integer | Number of attacker IPs to hold when autoAccess is turned "on" . This value is required to not overwhelm the host memory. |
-| autoAccess.barrier.normalDist.enabled | Boolean | Enable normal distribution to calculate the login attempt threshold per attacker |
-| autoAccess.barrier.normalDist.mean | Integer | Mean number of login attempts before automatic access |
-| autoAccess.barrier.normalDist.standardDeviation | Integer | Standard Deviation. Automatic access follows a normal distribution. |
-| autoAccess.barrier.fixed.enabled | Boolean | Enable fixed login attempts threshold |
-| autoAccess.barrier.fixed.attempts | Number | Number of login attempts |
-
-
-## Start the MITM server
-
-View this wiki page to learn about starting the MITM SSH Server (https://github.com/UMD-ACES/MITM/wiki/Spawn-a-MITM-SSH-Server-instance#launch-a-mitm-ssh-server)
+Run with the `--help` option to see full list of configurable options and defaults.
 
 ## Running MITM in the background
 
 Please check this [wiki page](https://github.com/UMD-ACES/MITM/wiki/Running-in-the-Background) if you would like to run the MITM in the background
 
 ## Automatic Access
 
-Allows an attacker to successfully authenticate after a certain number of login attempts.
+This feature allows an attacker to successfully authenticate after a certain number of login attempts.
 
-Before using automatic access, please read the following [wiki page](https://github.com/UMD-ACES/MITM/wiki/Automatic-Access)
+Auto-access will only be available for 1 automatic access per MITM process, meaning that once MITM is triggered once, it will be disabled.
 
-## Rules
-1. Do not add/edit/delete any code that are in the instructor blocks.
-2. You must enable the logToInstructor functionality.
-3. If you are having issues with a particular MITM instance, please make sure to communicate the session id
+Enable auto-access by toggling the `--auto-access` option, then you must configure one of the two strategies available:
+1. normal distribution
+2. fixed attempt
 
-## Stay up to date
-Run `git pull origin master` inside the /root/MITM directory.
+For normal distribution strategy, the server will allow auto-access after `--auto-access-normal-distribution-mean` number of attempts with the consideration of `--auto-access-normal-distribution-std-dev` to randomize the number of attempts required.
 
-## Documentation
-[Wiki Page](https://github.com/UMD-ACES/MITM/wiki)
+For fixed attempt strategy, the server will simply allow auto-access after --auto-access-fixed` number of attempts.
+
+## Stay up to date
+Run `git pull origin main` inside the /root/MITM directory.
 
-## Authors
-Louis-Henri Merino  
-Franz Payer  
-Zhi Xiang Lin  
+## Additional Documentation
+Some of the [Wiki Page](https://github.com/UMD-ACES/MITM/wiki) may be out of date, please review the information carefully.
 
 ## License
 MIT License
diff --git a/config/mitm_example.js b/config/mitm_example.js
diff --git a/install.sh b/install.sh
@@ -1,12 +1,12 @@
 #!/usr/bin/env bash
 
-sudo apt-get update
+sudo apt update
 
-sudo apt-get install -y sudo build-essential curl php-cli gcc g++ make
+sudo apt install -y build-essential curl gcc g++ make
 
 curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
 
-sudo apt-get install -y nodejs
+sudo apt install -y nodejs
 
 cd "$(dirname "$0")"
 

diff --git a/lxc/add_user.php b/lxc/add_user.php
diff --git a/lxc/add_user.sh b/lxc/add_user.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+CONTAINER=$1
+USERNAME=$2
+
+lxc-attach -n "$CONTAINER" -- useradd "$USERNAME" -m -s /bin/bash > /dev/null 2>&1 || true
diff --git a/lxc/ensure_mount.py b/lxc/ensure_mount.py
diff --git a/lxc/execute_command.py b/lxc/execute_command.py
diff --git a/lxc/load_credentials.php b/lxc/load_credentials.php
diff --git a/lxc/load_credentials.sh b/lxc/load_credentials.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+CONTAINER=$1
+USERNAME=$2
+PASSWORD=$3
+
+lxc-attach -n "$CONTAINER" -- usermod -p "$(openssl passwd "$PASSWORD")" "$USERNAME"
diff --git a/mitm.js b/mitm.js
@@ -0,0 +1 @@
+require('./server');