Skip to content

Commit 4521397

Browse files
committed
hotfixing
1 parent 43197fd commit 4521397

6 files changed

Lines changed: 31 additions & 12 deletions

File tree

lazyown.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -914,8 +914,10 @@ def cmd(self, line):
914914
if NOLOGS:
915915
exit_code = subprocess.call(command, shell=True)
916916
else:
917+
safe_cmd_name = os.path.basename(cmd_name)
918+
safe_domain = re.sub(r"[^A-Za-z0-9._-]", "_", domain) if domain else "unknown"
917919
path_command = (
918-
f"{path}/sessions/logs/command_{cmd_name}output{domain}.txt"
920+
f"{path}/sessions/logs/command_{safe_cmd_name}output{safe_domain}.txt"
919921
)
920922
quoted_path = shlex.quote(path_command)
921923
exit_code = subprocess.call(

modules/lazybotnet.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,11 @@ def handle_client(conn, key, botnet_file, log_file):
179179
conn.close()
180180

181181
def start_server(host, port, key, botnet_file, log_file):
182+
if host in ("", "0.0.0.0", "::"):
183+
raise ValueError(
184+
f"Refusing to bind to wildcard address {host!r}. "
185+
"Pass a specific interface IP via --host (e.g. 127.0.0.1)."
186+
)
182187
server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
183188
server.bind((host, port))
184189
server.listen(5)
@@ -192,7 +197,7 @@ def start_server(host, port, key, botnet_file, log_file):
192197

193198
if __name__ == '__main__':
194199
parser = argparse.ArgumentParser(description='LazyOwnBotNet Server')
195-
parser.add_argument('--host', default='0.0.0.0', help='Host to bind the server')
200+
parser.add_argument('--host', default='127.0.0.1', help='Host to bind the server (use a specific interface IP, never 0.0.0.0 unless you really need to expose on all interfaces)')
196201
parser.add_argument('--port', type=int, default=12345, help='Port to bind the server')
197202
parser.add_argument('--key', required=True, help='Encryption key (hex encoded)')
198203
args = parser.parse_args()

modules/lazyhoneypot.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232

3333
def parse_args():
3434
parser = argparse.ArgumentParser(description='SSH Honeypot')
35-
parser.add_argument('--host', type=str, default='0.0.0.0', help='IP address to bind the honeypot')
35+
parser.add_argument('--host', type=str, default='127.0.0.1', help='IP address to bind the honeypot (use a specific interface IP, never 0.0.0.0 unless you really need to expose on all interfaces)')
3636
parser.add_argument('--port', type=int, default=2222, help='Port to bind the honeypot')
3737
parser.add_argument('--downloads_dir', type=str, default='downloads', help='Directory to save downloaded files')
3838
parser.add_argument('--log_file', type=str, default='honeypot.log', help='Log file path')
@@ -160,6 +160,12 @@ def alert_admin(message):
160160
def main():
161161
args = parse_args()
162162

163+
if args.host in ("", "0.0.0.0", "::"):
164+
raise ValueError(
165+
f"Refusing to bind honeypot to wildcard address {args.host!r}. "
166+
"Pass a specific interface IP via --host (e.g. 127.0.0.1)."
167+
)
168+
163169
setup_logging(args.log_file)
164170
generate_rsa_key('test_rsa.key')
165171
host_key = paramiko.RSAKey(filename='test_rsa.key')

modules/lazyownserver.py

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,9 +107,15 @@ def main():
107107
HOST = args.host
108108
PORT = args.port
109109
print(HOST)
110-
print(PORT)
110+
print(PORT)
111111
KEY = binascii.unhexlify(args.key)
112112

113+
if HOST in ("", "0.0.0.0", "::"):
114+
raise ValueError(
115+
f"Refusing to bind RAT to wildcard address {HOST!r}. "
116+
"Pass a specific interface IP via --host (e.g. 127.0.0.1)."
117+
)
118+
113119
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
114120
s.bind((HOST, PORT))
115121
s.listen(10)

requirements-ml.txt

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ scikit-learn==1.8.0
2727
scipy==1.17.1
2828
seaborn==0.13.2
2929
threadpoolctl==3.6.0
30-
torch==2.11.0
31-
torchaudio==2.11.0
32-
torchvision==0.26.0
30+
torch==2.12.1
31+
torchaudio==2.12.1
32+
torchvision==0.27.1
3333
triton==3.6.0

requirements.txt

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ commonmark==0.9.1
4949
construct==2.10.70
5050
contourpy==1.3.3
5151
coverage==7.13.5
52-
cryptography==46.0.6
52+
cryptography==49.0.0
5353
cssselect==1.4.0
5454
cssutils==2.15.0
5555
cycler==0.12.1
@@ -117,7 +117,7 @@ minikerberos==0.4.9
117117
more-itertools==11.0.2
118118
MouseInfo==0.1.3
119119
mpmath==1.3.0
120-
msgpack==1.1.2
120+
msgpack==1.2.1
121121
msldap==0.5.15
122122
mypy==1.20.2
123123
mypy_extensions==1.1.0
@@ -136,7 +136,7 @@ packageurl-python==0.17.6
136136
packaging==26.2
137137
pandas==3.0.2
138138
paramiko-ng==2.9.0
139-
paramiko==4.0.0
139+
paramiko==5.0.0
140140
parso==0.8.6
141141
pathspec==1.1.1
142142
pdf2image==1.17.0
@@ -175,10 +175,10 @@ Pygments==2.20.0
175175
pykeepass==4.1.1.post1
176176
PyMsgBox==2.0.1
177177
PyNaCl==1.6.2
178-
pyOpenSSL==26.0.0
178+
pyOpenSSL==26.3.0
179179
pyotp==2.9.0
180180
pyparsing==3.3.2
181-
pypdf==6.1.1
181+
pypdf==6.14.2
182182
pyperclip==1.11.0
183183
pypykatz==0.6.13
184184
PyRect==0.2.0

0 commit comments

Comments
 (0)