Description
Describe the bug
I have deployed Conpot using the default template to analyze EtherNet/IP, but when I try to scan the machine (in which i deploy the honeypot) using some nmap script like enip-info (nmap --script enip-info -sU -p 44818 ) it always returns the same values. It doesn't matter what values you write at templates/default/enip/enip.xml because those values are no picked to create an object (that part was not implemented).
To Reproduce
Steps to reproduce the behavior:
- Install Conpot (documentation)
- Run Conpot using the default template (conpot --template default --force)
- Execute nmap script against the machine (nmap --script enip-info -sU -p 44818 194.1x.x.x)
- See output
- Stop Conpot (ctrl+c)
- Change some value in the file enip.xml (for example: < ProductName>ThisShouldChange< /ProductName>)
- Run Conpot again
- Execute nmap script again
- Compare outputs (Both outputs have the same information)
Solution
I have modified the code of Conpot to update this functionality and now it works as expected. I create an object using the values the user provide in enip.xml and I pass that object as an argument to the correct function, so the response is created with the values the user wants. Here is the commit: aec74ee
Expected behavior
When you update the code, you can change some values in enip.xml and you will see a new output if you scan the honeypot again:
PORT STATE SERVICE
44818/tcp open EtherNet-IP-2
| enip-info:
| type: DC Power Generator (31)
| vendor: Eaton Electrical (68)
| productName: CustomThisName
| serialNumber: 0x000abfc2
| productCode: 70
| revision: 16.1
| status: 0x3160
| state: 0xff
|_ deviceIp: 0.0.0.0
Desktop (please complete the following information):
- OS: Debian 5.10.103-1 (2022-03-07) x86_64 GNU/Linux
- Python 3.9.2
Additional context
Workflow:
- The function "def process( addr, data, **kwds )" of the file https://github.com/pjkundert/cpppo/blob/master/server/enip/logix.py is called when Conpot has to handle a request. "process" is renamed to "enip_process" in enip_server.py
- Inside that function "def setup( **kwds ):" is called. The description of "setup" says "Create the required CIP device Objects" but the object was not created and passed as an argument.
- So it is going to return the default values (line "class Identity( Object ):" in https://github.com/pjkundert/cpppo/blob/master/server/enip/device.py)