Add server stuff - haunted-hosts - Unnamed repository; edit this file 'description' to name the repository.
DIR Log
DIR Files
DIR Refs
DIR README
---
DIR commit c580f1303752168ed487f3c57210716de2c75f14
DIR parent 9a758eeaaf5338944b9ceb5eb90ccce2f8274c62
HTML Author: Scarlett McAllister <no+reply@roygbyte.com>
Date: Sun, 3 Nov 2024 08:41:35 -0400
Add server stuff
Diffstat:
M README | 2 +-
A server/sshd_haunted_config | 24 ++++++++++++++++++++++++
A server/start.sh | 14 ++++++++++++++
A server/stop.sh | 12 ++++++++++++
A var/haunted-hosts/trick | 156 +++++++++++++++++++++++++++++++
5 files changed, 207 insertions(+), 1 deletion(-)
---
DIR diff --git a/README b/README
@@ -28,7 +28,7 @@ Setup folder and file permissions for haunted hosts data and scripts.
```
# Location of executables
-mkdir -p /var/haunted-hosts/
+mv var/haunted-hosts/ /var/haunted-hosts
chown -R :haunted /var/haunted-hosts/
cd /var/haunted-hosts
# Scripts executed by the users
DIR diff --git a/server/sshd_haunted_config b/server/sshd_haunted_config
@@ -0,0 +1,24 @@
+Port 666
+PidFile sshd_haunted.pid
+HostKey /etc/ssh/ssh_host_ed25519_key
+LogLevel DEBUG
+AuthenticationMethods none
+PasswordAuthentication yes
+PermitEmptyPasswords yes
+PermitTTY no
+PermitTunnel no
+PermitUserEnvironment no
+PermitListen none
+PermitOpen none
+PermitRootLogin no
+DisableForwarding yes
+UnusedConnectionTimeout 30
+ChannelTimeout session=3m
+ClientAliveInterval 10
+X11Forwarding no
+DenyUsers !trick,!treat
+AllowUsers trick
+Match User trick
+ForceCommand /var/hauntedhosts/trick
+Match User treat
+ForceCommand /var/hauntedhosts/treat
DIR diff --git a/server/start.sh b/server/start.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# Haunted Hosts SSH server helper for running
+# haunted host configurations.
+# Author: ROYGBYTE
+# Date: Spookiest month of the year, 2024
+#
+# Invoke with `doas`, please.
+
+if [ ! -f "logs" ]; then
+ touch logs
+fi
+
+/usr/sbin/sshd -f sshd_haunted_config -E ./logs
DIR diff --git a/server/stop.sh b/server/stop.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+if [ ! -f sshd_haunted.pid ]; then
+ printf "No process file. Exiting\n"
+ exit
+fi
+
+kill $( cat sshd_haunted.pid )
+
+for user in trick treat; do
+ pkill -u $user
+done
DIR diff --git a/var/haunted-hosts/trick b/var/haunted-hosts/trick
@@ -0,0 +1,156 @@
+#!/bin/sh
+ip_file=/var/hauntedhosts/client_ips
+
+# Capture connection info
+server_ip=$(
+ echo "$SSH_CONNECTION" |\
+ awk '{ print $3 }'
+);
+server_port=$(
+ echo "$SSH_CONNECTION" |\
+ awk '{ print $4 }'
+);
+client_ip=$(
+ echo "$SSH_CONNECTION" |\
+ awk '{ print $1 }'
+);
+hashed_ip=$( printf "%s\n" "$client_ip" |\
+ openssl dgst -sha256
+);
+printf "%s\n" "$hashed_ip" >> $ip_file
+
+# Lookup number of times client has reconnected
+client_recons=$(
+ grep -co "$hashed_ip" $ip_file
+);
+
+err_authentication() {
+ printf "Received disconnect from %s port %s: Too many satanic failures\n" $server_ip $server_port
+ exit
+}
+
+err_authentication_again() {
+ printf "Received disconnect from %s port %s: Really? You're trying again?\n" $server_ip $server_port
+ exit
+}
+
+err_authentication_again_again() {
+ printf "Go away...\n"
+ exit
+}
+
+function err_rm_root {
+ printf "rm: /etc/pf.conf: Permission denied\n"
+ printf "rm: /etc/ssh/sshd_config: Permission denied\n"
+ printf "rm: /etc/ssl/cert.pem: Permission denied\n"
+ printf "rm: /etc/passwd: Permission denied\n"
+ exit
+}
+
+function err_login_fail {
+ printf "
+Last login: %s from %s
+OpenBSD 666 (SATANIC) #-1: Thur Oct 31 21:00:00 CET 2024
+
+Welcome to OpenBSD: The proactively satanic Cult-like operating system.
+ \n" "$( date )" "$client_ip"
+ printf "Could not connect to X666, maybe you need to sin?\n"
+}
+function err_satanic_verse {
+ timeout=5
+ index=0
+ while [ $index -le $timeout ]; do
+ printf "."
+ sleep 1
+ index=$(( $index + 1 ))
+ done
+ printf "\n"
+ verse="
+What kind of idea are you? Are you the kind that compromises, |
+does deals, accomodates itself to society, aims to find a niche, |
+to survive; or are you the cussed, bloody-minded, ramrod-backed |
+type of damnfool notion that would rather break than sway with the |
+breeze? The kind that will almost certainly, ninety-nine times |
+out of hundred, be smashed to bits; but, the hundredth time, will |
+change the world?"
+ for word in $verse; do
+ if [ "$word" = "|" ]; then
+ printf "\n"
+ else
+ printf "%s " "$word"
+ word_len=$(
+ printf "%s\n" "$word" |\
+ wc -c
+ );
+ sleep_len=$(
+ echo "$word_len * 0.05" |\
+ bc
+ );
+ sleep "$sleep_len"
+ fi
+ done
+ printf "\n"
+ exit
+}
+
+function err_dd {
+ printf "
+dd if=/dev/urandom of=/dev/sda0
+\n"
+ count=1000
+ index=0
+ r_in=0
+ r_out=0
+ r_bytes=0
+ r_secs=0
+ while [ $index -le $count ]; do
+ printf "%s+0 records in\n%s+0 records out\n%s bytes transferred in %s secs (666 bytes/sec)\n" $r_in $r_out $r_bytes $r_secs
+ r_in=$(( $r_in + 13 ))
+ r_out=$(( $r_out + 21 ))
+ r_secs=$( echo "$r_secs + 0.1" | bc )
+ r_bytes=$(( $r_bytes + 666 ))
+ sleep 0.1
+ for i in $( seq 0 3 ); do
+ printf "\033[A"
+ done
+ done
+ exit
+}
+
+function err_secret {
+ printf "Whoa, you actually got here.\n"
+}
+
+function end_happy_halloween {
+ printf "... And have a Happy Hallowe'en! Thanks for connecting :)\n"
+}
+
+case $client_recons in
+ 1)
+ err_authentication
+ ;;
+ 2)
+ err_rm_root
+ ;;
+ 3)
+ err_login_fail
+ ;;
+ 4)
+ err_satanic_verse
+ ;;
+ 5)
+ err_authentication_again
+ ;;
+ 6)
+ err_authentication_again_again
+ ;;
+ 7)
+ end_happy_halloween
+ ;;
+ 666)
+ err_secret
+ ;;
+ *)
+ exit
+ ;;
+esac