12 May 2017

Installing conpot on debian Jessie (8) for the lazy:

Prerequisites:
Update your box and sync your clock:
# apt-get update && apt-get upgrade
# apt-get install ntpdate libmysqlclient-dev gcc libpython27-dev

Then do a time update :
# ntpdate -v time.nist.gov

Now install pip :
# wget https://bootstrap.pypa.io/get-pip.py
# python get-pip.py
Then you should get something like this :
root@debian-dev:~# pip -V
pip 9.0.1 from /usr/local/lib/python2.7/dist-packages (python 2.7)

nice. Now on to
Conpot itself:
# pip install conpot
But if you run it it fails with this error:
[...] from bacpypes import LocalDeviceObjectImportError: cannot import name LocalDeviceObject

Awww snap !
That’s because conpot is a bit outdated and looks for a class in the bacpypes package where it used to be several versions ago, but the author moved it. So all your lazy ass has to do is change
IN FILE: /usr/local/lib/python2.7/dist-packages/conpot/protocols/bacnet/bacnet_server.py
Look for: from bacpypes.app import LocalDeviceObject
Change to: from bacpypes.service.device import LocalDeviceObject

And what do you know: magic happens :
# conpot --help
[...]  Version 0.5.1  MushMush Foundation [...]

Now run it test if it actually listens :
# conpot --template default

And Surely enough, it does :
[...]
2017-05-12 16:21:15,204 IPMI BMC initialized.
2017-05-12 16:21:15,204 Conpot IPMI initialized using /usr/lib64/python2.7/site-packages/conpot/templates/default/ipmi/ipmi.xml template
2017-05-12 16:21:15,204 Found and enabled ('ipmi', ) protocol.
2017-05-12 16:21:15,204 No proxy template found. Service will remain unconfigured/stopped.
2017-05-12 16:21:15,204 Modbus server started on: ('0.0.0.0', 502)
2017-05-12 16:21:15,204 S7Comm server started on: ('0.0.0.0', 102)
2017-05-12 16:21:15,205 HTTP server started on: ('0.0.0.0', 80)
2017-05-12 16:21:15,275 SNMP server started on: ('0.0.0.0', 161)
2017-05-12 16:21:15,275 Bacnet server started on: ('0.0.0.0', 47808)
2017-05-12 16:21:15,276 IPMI server started on: ('0.0.0.0', 623)
2017-05-12 16:21:20,206 Privileges dropped, running as "nobody:nogroup"
[...]

Right, so you told python to do it’s thing, and surely it now listens :
root@debian-dev:~# netstat -antlup | grep -i list
tcp        0      0 0.0.0.0:502             0.0.0.0:*               LISTEN      11642/python  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      403/sshd      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      667/exim4      
tcp        0      0 0.0.0.0:57657           0.0.0.0:*               LISTEN      386/rpc.statd  
tcp        0      0 0.0.0.0:102             0.0.0.0:*               LISTEN      11642/python  
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      373/rpcbind    
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      11642/python  
tcp6       0      0 :::22                   :::*                    LISTEN      403/sshd      
tcp6       0      0 ::1:25                  :::*                    LISTEN      667/exim4      
tcp6       0      0 :::42332                :::*                    LISTEN      386/rpc.statd  
tcp6       0      0 :::111                  :::*                    LISTEN      373/rpcbind     

Mind you, this box be much new, very basic.

Here’s how it looks like from a browser on port 80:
















Such conpot, much http !
Now get configuring. This guide doesn't cover that since it's plainly written here : https://mushorg.github.io/conpot/usage/index.html

Installing conpot on Centos 7 easy for the lazy:

Prerequisites:
First of all, I am talking about a fresh install, so read between the lines if that’s not the case, mkay mkay. Make sure your system is updated and your clock is set properly:
# yum -y update
# yum -y install ntpdate

then ln -sf /usr/share/zoneinfo/[Your_Region]/Your_Capital_City /etc/localtime
For example

# ln -sf /usr/share/zoneinfo/Europe/Bucharest /etc/localtime
Then do a time update :
# ntpdate -v time.nist.gov

Now install pip :
# curl -O https://bootstrap.pypa.io/get-pip.py
# python get-pip.py 
Then you should get something like this :
[root@centos7development ~]# pip -V
pip 9.0.1 from /usr/lib/python2.7/site-packages (python 2.7)

Dependencies:
# yum install mariadb-devel gcc python-devel
nice. Now on to
Conpot itself:
# pip install conpot
But if you run it it fails with this error:
[...] from bacpypes import LocalDeviceObjectImportError: cannot import name LocalDeviceObject

Awww snap !
That’s because conpot is a bit outdated and looks for a class in the bacpypes package where it used to be several versions ago, but the author moved it. So all your lazy ass has to do is change
IN FILE: /usr/lib64/python2.7/site-packages/conpot/protocols/bacnet/bacnet_server.py
Look for: from bacpypes.app import LocalDeviceObject
Change to: from bacpypes.service.device import LocalDeviceObject

And what do you know: magic happens :
# conpot --help
[...]  Version 0.5.1  MushMush Foundation [...]

Now run it test if it actually listens :
# conpot --template default

And Surely enough, it does :
[...]
2017-05-12 16:21:15,204 IPMI BMC initialized.
2017-05-12 16:21:15,204 Conpot IPMI initialized using /usr/lib64/python2.7/site-packages/conpot/templates/default/ipmi/ipmi.xml template
2017-05-12 16:21:15,204 Found and enabled ('ipmi', ) protocol.
2017-05-12 16:21:15,204 No proxy template found. Service will remain unconfigured/stopped.
2017-05-12 16:21:15,204 Modbus server started on: ('0.0.0.0', 502)
2017-05-12 16:21:15,204 S7Comm server started on: ('0.0.0.0', 102)
2017-05-12 16:21:15,205 HTTP server started on: ('0.0.0.0', 80)
2017-05-12 16:21:15,275 SNMP server started on: ('0.0.0.0', 161)
2017-05-12 16:21:15,275 Bacnet server started on: ('0.0.0.0', 47808)
2017-05-12 16:21:15,276 IPMI server started on: ('0.0.0.0', 623)
2017-05-12 16:21:20,206 Privileges dropped, running as "nobody:nobody"
[...]

Right, so you told python to do it’s thing, and surely it now listens :
[root@centos7development ~]# netstat -antlup | grep -i list
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      18362/python    
tcp        0      0 0.0.0.0:502             0.0.0.0:*               LISTEN      18362/python    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      896/sshd        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      991/master      
tcp        0      0 0.0.0.0:102             0.0.0.0:*               LISTEN      18362/python    
tcp6       0      0 :::22                   :::*                    LISTEN      896/sshd        
tcp6       0      0 ::1:25                  :::*                    LISTEN      991/master        

Mind you, this box be much new, very basic.
Being Centos and all that you need to setup some firewall permissions, but for the sake of argument, and since this is not a "how-to firewalld yourself", I just disabled it :
Here’s how it looks like from a browser on port 80:
















Such conpot, much http !
Now get configuring. This guide doesn't cover that since it's plainly written here : https://mushorg.github.io/conpot/usage/index.html