additional commands from Peter Reuterås

2026-01-27 18:14:32 +01:00 · 2015-06-29 11:49:39 +04:00
parent 0540c54795
commit 0f61b4a722
4 changed files with 135 additions and 1 deletions
--- a/cowrie/commands/init.py
+++ b/cowrie/commands/init.py
@@ -21,5 +21,8 @@ __all__ = [
    'netstat',
    'which',
    'gcc',
-    'iptables'
+    'iptables',
+    'ethtool',
+    'ifconfig',
+    'nohup'
    ]
--- a/cowrie/commands/ethtool.py
+++ b/cowrie/commands/ethtool.py
@@ -0,0 +1,70 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Peter Reuterås <peter@reuteras.com>
+# See the COPYRIGHT file for more information
+
+from kippo.core.honeypot import HoneyPotCommand
+
+commands = {}
+
+class command_ethtool(HoneyPotCommand):
+    def call(self):
+        func = self.do_ethtool_help
+        for x in self.args:
+            if x.startswith('lo'):
+                func = self.do_ethtool_lo
+            if x.startswith('eth0'):
+                func = self.do_ethtool_eth0
+            if x.startswith('eth1'):
+                func = self.do_ethtool_eth1
+        func()
+
+    def do_ethtool_help(self):
+        """No real help output."""
+        self.honeypot.writeln("""ethtool: bad command line argument(s)
+        For more information run ethtool -h """)
+
+    def do_ethtool_lo(self):
+        self.honeypot.writeln("""Settings for lo:
+            Link detected: yes""")
+
+    def do_ethtool_eth0(self):
+        self.honeypot.writeln("""Settings for eth0:
+        Supported ports: [ TP MII ]
+        Supported link modes:   10baseT/Half 10baseT/Full 
+                                100baseT/Half 100baseT/Full 
+                                1000baseT/Half 1000baseT/Full 
+        Supported pause frame use: No
+        Supports auto-negotiation: Yes
+        Advertised link modes:  10baseT/Half 10baseT/Full 
+                                100baseT/Half 100baseT/Full 
+                                1000baseT/Half 1000baseT/Full 
+        Advertised pause frame use: Symmetric Receive-only
+        Advertised auto-negotiation: Yes
+        Link partner advertised link modes:  10baseT/Half 10baseT/Full 
+                                             100baseT/Half 100baseT/Full 
+                                             1000baseT/Full 
+        Link partner advertised pause frame use: Symmetric Receive-only
+        Link partner advertised auto-negotiation: Yes
+        Speed: 1000Mb/s
+        Duplex: Full
+        Port: MII
+        PHYAD: 0
+        Transceiver: internal
+        Auto-negotiation: on
+        Supports Wake-on: pumbg
+        Wake-on: g
+        Current message level: 0x00000033 (51)
+                               drv probe ifdown ifup
+        Link detected: yes""")
+
+    def do_ethtool_eth1(self):
+        self.honeypot.writeln("""Settings for eth1:
+Cannot get device settings: No such device
+Cannot get wake-on-lan settings: No such device
+Cannot get message level: No such device
+Cannot get link status: No such device
+No data available""")
+
+commands['/sbin/ethtool'] = command_ethtool
+
+# vim: set sw=4 et:
--- a/cowrie/commands/ifconfig.py
+++ b/cowrie/commands/ifconfig.py
@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Peter Reuterås <peter@reuteras.com>
+# See the COPYRIGHT file for more information
+
+from kippo.core.honeypot import HoneyPotCommand
+
+commands = {}
+
+class command_ifconfig(HoneyPotCommand):
+
+    def call(self):
+        l = """ eth0      Link encap:Ethernet  HWaddr 04:01:16:df:2d:01
+          inet addr:%s  Bcast:%s.255  Mask:255.255.255.0
+          inet6 addr: fe80::601:16ff:fedf:2d01/64 Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:139435762 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:116082382 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:102191499830 (102.1 GB)  TX bytes:68687923025 (68.6 GB)
+
+
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:65536  Metric:1
+          RX packets:110 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:19932 (19.9 KB)  TX bytes:19932 (19.9 KB)""" % \
+        (self.honeypot.kippoIP,
+        self.honeypot.kippoIP.rsplit('.', 1)[0])
+        self.honeypot.writeln(l)
+
+commands['/sbin/ifconfig'] = command_ifconfig
+
+# vim: set sw=4 et:
--- a/cowrie/commands/nohup.py
+++ b/cowrie/commands/nohup.py
@@ -0,0 +1,25 @@
+# -*- coding: utf-8 -*-                                                                                             
+# Copyright (c) 2014 Peter Reuterås <peter@reuteras.com>
+# See the COPYRIGHT file for more information
+
+import os, getopt
+from kippo.core.honeypot import HoneyPotCommand
+from kippo.core.fs import *
+
+commands = {}
+
+class command_nohup(HoneyPotCommand):
+    def call(self):
+        if not len(self.args):
+            self.writeln('nohup: missing operand')
+            self.writeln('Try `nohup --help\' for more information.')
+            return
+        path = self.fs.resolve_path("nohup.out", self.honeypot.cwd)
+        if self.fs.exists(path):
+            return
+        self.fs.mkfile(path, 0, 0, 0, 33188)
+        self.writeln("nohup: ignoring input and appending output to 'nohup.out'")
+
+commands['/usr/bin/nohup'] = command_nohup
+
+# vim: set sw=4 et: