67 lines
2.6 KiB
Go
67 lines
2.6 KiB
Go
package services
|
|
|
|
import (
|
|
"bufio"
|
|
"net"
|
|
"strings"
|
|
"time"
|
|
)
|
|
|
|
func NewFTPHandler(log LoggerFunc) Handler {
|
|
return func(conn net.Conn) {
|
|
defer conn.Close()
|
|
remote := conn.RemoteAddr().String()
|
|
_, _ = conn.Write([]byte("220 (vsFTPd 3.0.3)\r\n"))
|
|
conn.SetDeadline(time.Now().Add(5 * time.Minute))
|
|
scanner := bufio.NewScanner(conn)
|
|
var username string
|
|
var cwd = "/"
|
|
for scanner.Scan() {
|
|
line := strings.TrimSpace(scanner.Text())
|
|
if line == "" {
|
|
continue
|
|
}
|
|
parts := strings.SplitN(line, " ", 2)
|
|
cmd := strings.ToUpper(parts[0])
|
|
arg := ""
|
|
if len(parts) > 1 { arg = parts[1] }
|
|
// log every command minimally
|
|
log(Record{Timestamp: Now(), RemoteAddr: remoteIP(remote), RemotePort: remotePort(remote), Service: "ftp", Details: map[string]string{"event":"cmd","cmd":cmd,"arg":arg}})
|
|
switch cmd {
|
|
case "USER":
|
|
username = arg
|
|
log(Record{Timestamp: Now(), RemoteAddr: remoteIP(remote), RemotePort: remotePort(remote), Service: "ftp", Details: map[string]string{"event":"username_attempt","username":username}})
|
|
_, _ = conn.Write([]byte("331 Please specify the password.\r\n"))
|
|
case "PASS":
|
|
log(Record{Timestamp: Now(), RemoteAddr: remoteIP(remote), RemotePort: remotePort(remote), Service: "ftp", Details: map[string]string{"event":"password_attempt","username":username,"password":arg}})
|
|
// stay unauthenticated but pretend success to keep them interacting
|
|
_, _ = conn.Write([]byte("230 Login successful.\r\n"))
|
|
case "SYST":
|
|
_, _ = conn.Write([]byte("215 UNIX Type: L8\r\n"))
|
|
case "FEAT":
|
|
_, _ = conn.Write([]byte("211-Features:\r\n MLSD\r\n SIZE\r\n211 End\r\n"))
|
|
case "PWD":
|
|
_, _ = conn.Write([]byte("257 \"" + cwd + "\" is the current directory\r\n"))
|
|
case "TYPE":
|
|
_, _ = conn.Write([]byte("200 Switching to Binary mode.\r\n"))
|
|
case "CWD":
|
|
if arg == "" { arg = "/" }
|
|
cwd = arg
|
|
_, _ = conn.Write([]byte("250 Directory successfully changed.\r\n"))
|
|
case "PASV":
|
|
// Emulate passive mode without real data channel
|
|
_, _ = conn.Write([]byte("227 Entering Passive Mode (127,0,0,1,195,80)\r\n"))
|
|
case "LIST":
|
|
// Fake transfer over control channel (not RFC-correct, but many bots accept the banner)
|
|
_, _ = conn.Write([]byte("150 Here comes the directory listing.\r\n"))
|
|
_, _ = conn.Write([]byte("-rw-r--r-- 1 root root 4096 Jan 01 00:00 README\r\n"))
|
|
_, _ = conn.Write([]byte("226 Directory send OK.\r\n"))
|
|
case "QUIT":
|
|
_, _ = conn.Write([]byte("221 Goodbye.\r\n")); return
|
|
default:
|
|
_, _ = conn.Write([]byte("502 Command not implemented\r\n"))
|
|
}
|
|
}
|
|
}
|
|
}
|