• Stars
    star
    237
  • Rank 169,885 (Top 4 %)
  • Language
    C
  • Created about 8 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Simulates enough of a Telnet connection in order to log failed login attempts.

telnetlogger

This is a simple program to log login attempts on Telnet (port 23).

It's designed to track the Mirai botnet. Right now (Oct 23, 2016) infected Mirai machines from around the world are trying to connect to Telnet on every IP address about once per minute. This program logs both which IP addresses are doing the attempts, and which passwords they are using.

I wrote it primarily because installing telnetd on a Raspberry Pi wasn't sufficient. For some reason, the Mirai botnet doesn't like the output from Telnet, and won't try to login. So I needed something that produced the type of Telnet is was expecting. While I was at it, I also wrote some code to parse things and extract the usernames/passwords.

Usage

Just run the program in order to see passwords and IP addresses appear on stdout.

telnetlogger

To log the information to files, use the -p and -i options.

telnetlogger -p passwds.txt -i ips.txt

To listen on another port (for testing and whatnot), use -l.

telnetlogger -l 2323

Note that on many systems, you'll get an "access denied" error message, because programs that open ports below 1024 need extra priveleges. So you may need to sudo the program.

Compiling

Type make or:

gcc telnetlogger.c -o telnetlogger -lpthread

It'll also compile/run on Windows.

Output

There are two sample output files, passwords.txt and ips.txt that I generated by running this for the last day.

The program prints the username/password combination one line at a time.

admin 7ujMko0admin
root root
root 54321
root xmhdipc
root root
guest 12345
root 888888
root 123456
admin smcadmin

It doesn't filter duplicates. The easiest way to get rid of duplicates is just to sort/uniq the output.

sort passwords.txt | uniq

The IP addresses work the same way as the passwords, with one per line.

153.99.123.134
114.35.226.25
114.35.226.25
1.52.107.87
2001:db8:a0b:12f0::1
114.35.226.25
1.52.107.87
1.52.107.87
153.99.123.134

Note that IPv6 is supported. Also note that you'll get lots of duplicates, so you'll be doing sort/uniq a lot in order to reduce the list size. The duplicates will make it easier to count how often individual IP address's attempt to connection. Thus, you can run the following:

sort ips.txt | uniq -c | sort -n

This produces results like:

 69 187.136.91.145
 75 79.115.23.228
 90 178.220.226.25
 94 153.99.123.134
120 171.83.163.1
168 111.73.37.102
169 122.96.31.201
414 119.121.165.137

Geolocation

This project can help you geo-locate the IPs, to see which country they are coming from.

https://github.com/danielmiessler/HoneyCredIPTracker

More Repositories

1

masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
C
23,568
star
2

rdpscan

A quick scanner for the CVE-2019-0708 "BlueKeep" vulnerability.
C
894
star
3

heartleech

Demonstrates the "heartbleed" problem using full OpenSSL stack
C
699
star
4

robdns

A fast DNS server based on C10M principles
C
602
star
5

isowall

This is a mini-firewall that completely isolates a target device from the local network.
C
302
star
6

pemcrack

Cracks SSL PEM files that hold encrypted private keys. Brute forces or dictionary cracks. This code is extraordinarily slow, DON'T JUDGE ME!!!
C
299
star
7

wc2

Investigates optimizing 'wc', the Unix word count program
C
251
star
8

hunter-dkim

Discusses how to verify DKIM signatures in old emails, namely one of the Hunter Biden emails in the news
Python
95
star
9

cve-2015-5477

PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure
C
64
star
10

whats-dec

WhatsApp end-to-end media decryptor
C
63
star
11

wifi-mon

Web-based WiFi monitor
C
60
star
12

hamster

A proxy server for cookie sidejacking. Works with 'ferret'.
55
star
13

cybersymposium

Mike Lindell's cybersymposium files
Rich Text Format
49
star
14

iotpasswds

Recording default/backdoor passwords from IoT devices I come across
38
star
15

ecb-penguin

Demonstrating the famous ECB penguin so that you can repeat the process yourself.
37
star
16

sockdoc

Sample programs demonstrating how to program in C using the Sockets API.
C
35
star
17

packetdump

A packet-sniffer for 10gig networks that writes to compressed files. I created this because
C
27
star
18

non-math-crypto

A non-math, but still technical, guide to cryptography
JavaScript
24
star
19

hellolua

Simple examples of integrating the Lua scripting language into C programs.
C
24
star
20

ferret

A continuation of my 'ferret' project that extracts useful information from networks.
C
23
star
21

dnsparse

Parses DNS responses in a secure, rigorous manner
C
22
star
22

scanme

A lightweight/secure honeypot using Lua scripts.
C
22
star
23

mp4dec

Prototype program to decode a video file looking for exploits/malware.
C
16
star
24

bluetoothid

Identifies Bluetooth Low-energy devices
C
15
star
25

smb-logger

Logs incoming attempts to connect to NetBIOS/SMB
C
14
star
26

echobench

A simple implementation of an 'echo' (port 7) server using epoll (Linux), kqueue (FreeBSD), and IOCompletionPorts (Windows).
C
13
star
27

krackips

C
12
star
28

montyhall-js

The Monty Hall problem, in JavaScript
JavaScript
12
star
29

c10mbench

C
12
star
30

papers

This project is various snippets of code for academic papers.
C
12
star
31

scan-results

Results from some of our scans using masscan.
12
star
32

applevfbi

A collection of all the court filings in the case of Apple being forced to help the FBI unlock the San Bernadino shooter's phone, plus some commentary.
11
star
33

robutils

A bunch of library code that can easily be included in new/prototype projects with few (usually zero) dependencies, even on themselves.
C
10
star
34

blxtract

An extractor that grabs CSV files from BLX files for Mike Lindell's cyber-symposium, from code by Dennis Montgomery.
C
9
star
35

modern-sockets

8
star
36

faq-covid-vaccine

Answers to frequently asked covid vaccine questions.
7
star
37

deprogrammer

Students are indoctrinated in a multitude of outdated and wrong concepts.
5
star
38

microvulns

Prominent open-source vulnerabilities extracted into just a few files so they can be easily built, fuzzed, tested, mediated, and so on.
5
star
39

nxbench

Like Apache Bench for benchmarking websites, but using 10,000 concurrent connections instead of 100
C
5
star
40

pcap-strip

Strips out datalink headers (like Ethernet), leaving behind just the raw IP packets.
5
star
41

regexx

My unfinished regex library for multi-pattern matching.
C
4
star
42

buildharden

https://github.com/robertdavidgraham/buildharden
C
3
star
43

snivel

Automatically exported from code.google.com/p/snivel
C
3
star
44

rednoise-stick

Reproducing the climate change Hockey Stick with simple rednoise/whitenoise generator.
HTML
1
star
45

box-scrape

incomplete project for scraping videos from Box.com
JavaScript
1
star