• My entry for Bitreich's "Haunted Hosts" Halloween Event
  • __ __
  • | \/ | _ _
  • | |\/| | | || |
  • |_| |_| \_, |
  • |__/
  • _
  • ___ _ _ | |_ _ _ _ _
  • / -_) | ' \ | _| | '_| | || |
  • \___| |_||_| \__| |_| \_, |
  • |__/
  • __
  • / _| ___ _ _
  • | _| / _ \ | '_|
  • |_| \___/ |_|
  • ___ _ _ _ _ _
  • | _ ) (_) | |_ _ _ ___ (_) __ | |_ ( ) ___
  • | _ \ | | | _| | '_| / -_) | | / _| | ' \ |/ (_-<
  • |___/ |_| \__| |_| \___| |_| \__| |_||_| /__/
  • _ _ _ _ _ _
  • ( | ) | || | __ _ _ _ _ _ | |_ ___ __| |
  • V V | __ | / _` | | || | | ' \ | _| / -_) / _` |
  • |_||_| \__,_| \_,_| |_||_| \__| \___| \__,_|
  • _ _ _ _ _
  • | || | ___ ___ | |_ ___ ( | )
  • | __ | / _ \ (_-< | _| (_-< V V
  • |_||_| \___/ /__/ \__| /__/
  • _ _ _ _
  • | || | __ _ | | | | ___ __ __ __ ___ ___ _ _
  • | __ | / _` | | | | | / _ \ \ V V / / -_) / -_) | ' \
  • |_||_| \__,_| |_| |_| \___/ \_/\_/ \___| \___| |_||_|
  • ___ _
  • | __| __ __ ___ _ _ | |_
  • | _| \ V / / -_) | ' \ | _|
  • |___| \_/ \___| |_||_| \__|
  • ╔─*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──*──╗
  • ║1 ............................................... 1║
  • ║2* ............................................... *2║
  • ║3 ............................................... 3║
  • ║1 ..............Posted: 2024-10-14............... 1║
  • ║2* Tags: sysadmin linux halloween events my_warez *2║
  • ║3 ............................................... 3║
  • ║1 ............................................... 1║
  • ╚───────────────────────────────────────────────────────╝
  • For Bitreich's "Haunted Hosts" Hallowe'en event I made this, try a `trick`:
  • ```
  • ssh -p 6666 trick@someodd.zip
  • ```
  • .. or how about a `treat`?
  • ```
  • ssh -p 6666 treat@someodd.zip
  • ```
  • roygbyte of bitreich mentioned and summarized all the entries (including mine!):
  • Read the article on roybyte's gopherhole
  • Felix the Cat playing in a terminal.
  • ## Background
  • Bitreich "Haunted Hosts" Hallowe'en event announced!
  • I would like to thank Bitreich member ROYGBYTE for nudging me toward a simpler
  • approach with this writeup:
  • ROYGBYTE's guide for authless SSH toy accounts
  • This guide was written from a Debian perspective, but should work for all Linux
  • users, pretty much.
  • ## What I did, how you can too
  • ### Setup `trick` and `treat users
  • Create the users:
  • ```
  • sudo adduser --home /home/trick --shell /bin/sh --disabled-password trick
  • sudo passwd -d trick
  • sudo adduser --home /home/treat --shell /bin/sh --disabled-password treat
  • sudo passwd -d treat
  • ```
  • ### Create the spooky `trick` script `/home/trick/spooky_animation.sh`
  • Don't forget to mark the script as executable.
  • `/home/trick/spooky_animation.sh`:
  • ```
  • #!/bin/bash
  • # First frame
  • frame1=$(cat << 'EOF'
  • ( " )
  • ( _ * Double, double
  • * ( / \ ___
  • " " _/ /
  • ( * ) ___/ |
  • ) " _ o)'-./__
  • * _ ) (_, . $$$
  • ( ) __ __ >_ $$$$
  • ( : { _) '--- $\
  • ______'___//__\ ____, \
  • ) ( \_/ _____\_
  • .' \ \------''.
  • |=' '=| | )
  • | | | . _/
  • \ (. ) , / /__I_____\
  • snd '._/_)_(\__.' (__,(__,_]
  • @---()_.'---@
  • EOF
  • )
  • # Second frame
  • frame2=$(cat << 'EOF'
  • ( " ) Double, double
  • ( _ * Toil and trouble
  • * ( / \ ___
  • " " _/ /
  • ( * ) ___/ |
  • ) " _ o)'-./__
  • * _ ) (_, . $$$
  • ( ) __ __ 7_ $$$$
  • ( : { _) '--- $\
  • _____'___//__\ ____, \
  • ) ( \_/ _____\_
  • .' \ \------''.
  • |=' '=| | )
  • | | | . _/
  • \ (. ) , / /__I_____\
  • snd '._/_)_(\__.' (__,(__,_]
  • @---()_.'---@
  • EOF
  • )
  • # Third frame
  • frame3=$(cat << 'EOF'
  • Double, double
  • ( " ) Toil and trouble
  • ( _ * Fire burn and
  • * ( / \ ___
  • " " _/ /
  • ( * ) ___/ |
  • ) " _ o)'-./__
  • * _ ) (_, . $$$
  • ( ) __ __ >_ $$$$
  • ( : { _) '--- $\
  • ______'___//__\ ____, \
  • ) ( \_/ _____\_
  • .' \ \------''.
  • |=' '=| | )
  • | | | . _/
  • \ (. ) , / /__I_____\
  • snd '._/_)_(\__.' (__,(__,_]
  • @---()_.'---@
  • EOF
  • )
  • # Fourth frame
  • frame4=$(cat << 'EOF'
  • Double, double
  • Toil and trouble
  • ( " ) Fire burn and
  • ( _ * Cauldron bubble
  • * ( / \ ___
  • " " _/ /
  • ( * ) ___/ |
  • ) " _ o)'-./__
  • * _ ) (_, . $$$
  • ( ) __ __ 7_ $$$$
  • ( : { _) '--- $\
  • _____'___//__\ ____, \
  • ) ( \_/ _____\_
  • .' \ \------''.
  • |=' '=| | )
  • | | | . _/
  • \ (. ) , / /__I_____\
  • snd '._/_)_(\__.' (__,(__,_]
  • @---()_.'---@
  • EOF
  • )
  • # FIXME: could define witch frames as an array?
  • # Function to display the animation
  • witch_animation() {
  • count=1
  • while [ $count -le 3 ]; do
  • # Show frames with a pause between each
  • clear
  • echo "$frame1"
  • sleep 0.5
  • clear
  • echo "$frame2"
  • sleep 0.5
  • clear
  • echo "$frame3"
  • sleep 0.5
  • clear
  • echo "$frame4"
  • sleep 0.5
  • ((count++)) # Increment the counter
  • done
  • }
  • # Define an array of fake system files and directories to "delete"
  • files=(
  • "/bin/bash"
  • "/etc/passwd"
  • "/usr/local/bin"
  • "/home/trick"
  • "/var/log/syslog"
  • "/boot/vmlinuz"
  • "/lib/modules"
  • "/tmp/systemd-private"
  • "/sbin/init"
  • "/root/.bashrc"
  • "/dev/null"
  • "/proc/cpuinfo"
  • "/usr/lib/systemd/system"
  • "/var/cache/apt"
  • "/usr/share/icons"
  • "/boot/initrd.img"
  • "/var/spool/cron"
  • "/srv"
  • "/opt"
  • "/home/treat/Documents"
  • "/media/usb"
  • "/mnt/data"
  • "/sys/kernel/debug"
  • )
  • # Function to display the fake deletion
  • fake_deletion_animation() {
  • for file in "${files[@]}"; do
  • echo "rm -rf $file"
  • sleep 0.1 # Delay between each fake deletion
  • done
  • # Final spooky message
  • }
  • # Function to display jumbled/corrupted data stream
  • corrupted_data_stream() {
  • for i in {1..30}; do
  • # Output a random string of characters to simulate corruption
  • echo "$(head /dev/urandom | tr -dc 'a-zA-Z0-9!@#$%^&*()_+-=[]{}|;:,.<>?~' | head -c 80)"
  • sleep 0.1 # Fast stream of corrupted data
  • done
  • }
  • # Function to simulate a broken input prompt
  • broken_prompt() {
  • while true; do
  • # Display a fake prompt symbol
  • echo -n "$ "
  • # Read user input (but don't execute it)
  • read user_input
  • # Simulate "command not found" for any input
  • echo "bash: $user_input: command not found"
  • done
  • }
  • # Show animation
  • witch_animation
  • # Call the animation function
  • fake_deletion_animation
  • corrupted_data_stream
  • clear
  • echo "ENJOY YOUR TRICK."
  • echo "HAPPY HALLOWEEN 2024!"
  • echo "Connection to someodd.zip closed."
  • broken_prompt
  • ```
  • ### Create the spooky `treat` script `/home/treat/ascii_video.sh`
  • Please ensure `mpv` is installed for this script to work.
  • Don't forget to mark as executable (`chmod +x /path/to/script.sh`).
  • ```
  • #!/bin/bash
  • clear
  • # Path to the video file you want to play (change this to your own video file)
  • VIDEO_PATH="/home/treat/felix_the_cat_switches_witches.mp4"
  • # Check if mpv is installed and then play the video using ASCII output with no sound
  • if command -v mpv &> /dev/null; then
  • echo "Welcome! Enjoy this ASCII video!"
  • echo "Press Q to quit the video."
  • # Play the video in ASCII mode with no audio output
  • mpv --vo=tct --no-audio "$VIDEO_PATH"
  • else
  • echo "mpv is not installed, please install it first."
  • exit 1
  • fi
  • ```
  • ### Setup `sshd`
  • A lot of what I did was struggle because of PAM and not noticing that I was
  • using `AllowUsers` (whitelisting which users are allowed).
  • Add these lines to `/etc/ssh/sshd_config`:
  • ```
  • # This port for halloween
  • Port 6666
  • # FOR HALLOWEEN
  • # First, deny all users access to port 6666 except "trick" and "treat"
  • Match LocalPort 6666 User *,!trick,!treat
  • PasswordAuthentication no
  • PubkeyAuthentication no
  • ForceCommand /bin/false
  • # Now setup "trick"
  • Match User trick LocalPort 6666
  • PasswordAuthentication yes
  • PermitEmptyPasswords yes
  • PermitTunnel no
  • PermitListen none
  • PermitOpen none
  • PubkeyAuthentication no
  • PermitRootLogin no
  • UnusedConnectionTimeout 30
  • X11Forwarding no
  • ForceCommand /home/trick/spooky_animation.sh
  • GatewayPorts no
  • # Now setup "treat"
  • Match User treat LocalPort 6666
  • PasswordAuthentication yes
  • PermitEmptyPasswords yes
  • PermitTunnel no
  • PermitListen none
  • PermitOpen none
  • PubkeyAuthentication no
  • PermitRootLogin no
  • UnusedConnectionTimeout 30
  • X11Forwarding no
  • # ForceCommand could be set to something specific for 'treat', like a different script or a fun command
  • ForceCommand /home/treat/ascii_video.sh
  • GatewayPorts no
  • # Deny 'trick' on the default port 22
  • Match User trick LocalPort 22
  • PasswordAuthentication no
  • PubkeyAuthentication no
  • ForceCommand /bin/false
  • # Deny 'treat' on the default port 22
  • Match User treat LocalPort 22
  • PasswordAuthentication no
  • PubkeyAuthentication no
  • ForceCommand /bin/false
  • ```
  • If you're using PAM (`UsePAM yes`), add this to the top of `/etc/pam.d/sshd`:
  • ```
  • # Halloween
  • auth [success=1 default=ignore] pam_exec.so seteuid /usr/bin/allow_empty_password.sh
  • auth [success=1 user!=trick default=ignore] pam_unix.so nullok
  • ```
  • and also for PAM users create `sudo vi /usr/bin/allow_empty_password.sh` (don't
  • forget to `sudo chmod +x /usr/bin/allow_empty_password.sh`):
  • ```
  • #!/bin/bash
  • if [[ "$PAM_USER" == "trick" || "$PAM_USER" == "treat" ]]; then
  • exit 0 # Allow passwordless login
  • else
  • exit 1 # Deny empty password
  • fi
  • ```
  • Restart sshd with `sudo service sshd restart`.
  • Add port 6666 to UFW (you may also want to port forward on your router):
  • ```
  • sudo ufw allow 6666 comment "trick or treat"
  • ```
  • ## Test it out
  • While testing the new setup you may want to disable fail2ban, so you don't get
  • locked out of your box, in case something goes wrong with authentication (`sudo
  • service fail2ban stop`). Don't forget to re-enable after testing.
  • You should be able to run this command successfully now (on a client):
  • ```
  • ssh -p 6666 trick@simulacra
  • ```
  • ## Copy of the event text
  • ```
  • # 2024-10-12 14:01:34.582764 UTC (+0000)
  • Bitreich "Haunted Hosts" Hallowe'en event announced!
  • .=-.
  • / .`
  • |\_/| | | ,=+=,
  • |-,-| \ ', ; ^v^ ;
  • _|(=)| `..+ ;'|+|'' /\_/\
  • | / | /;_Y_;\ / \
  • | /| | |\_:_/ \ / O O \
  • | / \ | |/ ' \ / | \./ |
  • | / _ \ | /_____\` | |
  • |/| | |\| ||| | |
  • | | | __/__ ||| ;~,~.~,~;
  • | | | // |`\ _|||_ | | |
  • ...._|_|_|_...\`___,/....II'II...... /__|__\rgb...
  • Announcing the first annual:
  • Bitreich "HAUNTED HOSTS" Hallowe'en
  • October 31, 2024, 9:00PM CEST
  • This Hallowe'en, hosts from around the world open their ports to
  • festive trick or treaters. Be spooked, scared, or delighted by hosts
  • haunting their `ssh` connections with a ghoulish `Banner`, cob-webbed
  • `ChrootDirectory`, or evil `ForceCommand`!
  • To participate as a host: Announce your intent to participate by
  • contacting ROYGBYTE on #bitreich-en:irc.bitreich.org before the event
  • date. Then, prepare your hauntings: make or modify your =sshd= to
  • include passwordless authentication for =trick= and/or =treat= users;
  • and, configure your choice of =sshd= options to create a
  • correspondingly delightful... or frightful... visitor experience!
  • To participate as a trick or treater: on October 31, 2024, 9:00PM
  • CEST, connect via `ssh` as `trick` or `treat` user to participating
  • hosts. Hosts may be using non-standard `sshd` ports, so for full
  • connection details check the event page!
  • Event page: gopher://bitreich.org/1/haunted-hosts
  • ```
  • Source: gopher://bitreich.org/0/usr/roygbyte/phlog/2024-10-12T14-01-34-582764.md