From 0f61b4a722f2d5b77ac1b18cb32f391c8159bb9e Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Mon, 29 Jun 2015 11:49:39 +0400 Subject: [PATCH] =?UTF-8?q?additional=20commands=20from=20Peter=20Reuter?= =?UTF-8?q?=C3=A5s?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cowrie/commands/__init__.py | 5 ++- cowrie/commands/ethtool.py | 70 +++++++++++++++++++++++++++++++++++++ cowrie/commands/ifconfig.py | 36 +++++++++++++++++++ cowrie/commands/nohup.py | 25 +++++++++++++ 4 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 cowrie/commands/ethtool.py create mode 100644 cowrie/commands/ifconfig.py create mode 100644 cowrie/commands/nohup.py diff --git a/cowrie/commands/__init__.py b/cowrie/commands/__init__.py index 8dd601d..f971ac4 100644 --- a/cowrie/commands/__init__.py +++ b/cowrie/commands/__init__.py @@ -21,5 +21,8 @@ __all__ = [ 'netstat', 'which', 'gcc', - 'iptables' + 'iptables', + 'ethtool', + 'ifconfig', + 'nohup' ] diff --git a/cowrie/commands/ethtool.py b/cowrie/commands/ethtool.py new file mode 100644 index 0000000..b7b90eb --- /dev/null +++ b/cowrie/commands/ethtool.py @@ -0,0 +1,70 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2014 Peter Reuterås +# See the COPYRIGHT file for more information + +from kippo.core.honeypot import HoneyPotCommand + +commands = {} + +class command_ethtool(HoneyPotCommand): + def call(self): + func = self.do_ethtool_help + for x in self.args: + if x.startswith('lo'): + func = self.do_ethtool_lo + if x.startswith('eth0'): + func = self.do_ethtool_eth0 + if x.startswith('eth1'): + func = self.do_ethtool_eth1 + func() + + def do_ethtool_help(self): + """No real help output.""" + self.honeypot.writeln("""ethtool: bad command line argument(s) + For more information run ethtool -h """) + + def do_ethtool_lo(self): + self.honeypot.writeln("""Settings for lo: + Link detected: yes""") + + def do_ethtool_eth0(self): + self.honeypot.writeln("""Settings for eth0: + Supported ports: [ TP MII ] + Supported link modes: 10baseT/Half 10baseT/Full + 100baseT/Half 100baseT/Full + 1000baseT/Half 1000baseT/Full + Supported pause frame use: No + Supports auto-negotiation: Yes + Advertised link modes: 10baseT/Half 10baseT/Full + 100baseT/Half 100baseT/Full + 1000baseT/Half 1000baseT/Full + Advertised pause frame use: Symmetric Receive-only + Advertised auto-negotiation: Yes + Link partner advertised link modes: 10baseT/Half 10baseT/Full + 100baseT/Half 100baseT/Full + 1000baseT/Full + Link partner advertised pause frame use: Symmetric Receive-only + Link partner advertised auto-negotiation: Yes + Speed: 1000Mb/s + Duplex: Full + Port: MII + PHYAD: 0 + Transceiver: internal + Auto-negotiation: on + Supports Wake-on: pumbg + Wake-on: g + Current message level: 0x00000033 (51) + drv probe ifdown ifup + Link detected: yes""") + + def do_ethtool_eth1(self): + self.honeypot.writeln("""Settings for eth1: +Cannot get device settings: No such device +Cannot get wake-on-lan settings: No such device +Cannot get message level: No such device +Cannot get link status: No such device +No data available""") + +commands['/sbin/ethtool'] = command_ethtool + +# vim: set sw=4 et: diff --git a/cowrie/commands/ifconfig.py b/cowrie/commands/ifconfig.py new file mode 100644 index 0000000..58d04a2 --- /dev/null +++ b/cowrie/commands/ifconfig.py @@ -0,0 +1,36 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2014 Peter Reuterås +# See the COPYRIGHT file for more information + +from kippo.core.honeypot import HoneyPotCommand + +commands = {} + +class command_ifconfig(HoneyPotCommand): + + def call(self): + l = """ eth0 Link encap:Ethernet HWaddr 04:01:16:df:2d:01 + inet addr:%s Bcast:%s.255 Mask:255.255.255.0 + inet6 addr: fe80::601:16ff:fedf:2d01/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:139435762 errors:0 dropped:0 overruns:0 frame:0 + TX packets:116082382 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:1000 + RX bytes:102191499830 (102.1 GB) TX bytes:68687923025 (68.6 GB) + + +lo Link encap:Local Loopback + inet addr:127.0.0.1 Mask:255.0.0.0 + inet6 addr: ::1/128 Scope:Host + UP LOOPBACK RUNNING MTU:65536 Metric:1 + RX packets:110 errors:0 dropped:0 overruns:0 frame:0 + TX packets:110 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:19932 (19.9 KB) TX bytes:19932 (19.9 KB)""" % \ + (self.honeypot.kippoIP, + self.honeypot.kippoIP.rsplit('.', 1)[0]) + self.honeypot.writeln(l) + +commands['/sbin/ifconfig'] = command_ifconfig + +# vim: set sw=4 et: diff --git a/cowrie/commands/nohup.py b/cowrie/commands/nohup.py new file mode 100644 index 0000000..5dba5fb --- /dev/null +++ b/cowrie/commands/nohup.py @@ -0,0 +1,25 @@ +# -*- coding: utf-8 -*- +# Copyright (c) 2014 Peter Reuterås +# See the COPYRIGHT file for more information + +import os, getopt +from kippo.core.honeypot import HoneyPotCommand +from kippo.core.fs import * + +commands = {} + +class command_nohup(HoneyPotCommand): + def call(self): + if not len(self.args): + self.writeln('nohup: missing operand') + self.writeln('Try `nohup --help\' for more information.') + return + path = self.fs.resolve_path("nohup.out", self.honeypot.cwd) + if self.fs.exists(path): + return + self.fs.mkfile(path, 0, 0, 0, 33188) + self.writeln("nohup: ignoring input and appending output to 'nohup.out'") + +commands['/usr/bin/nohup'] = command_nohup + +# vim: set sw=4 et: