aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-24 01:14:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add support for custom commands that mimic actual malware based on their file

Browse Source 
name or size


git-svn-id: https://kippo.googlecode.com/svn/trunk@203 951d7100-d841-11de-b865-b3884708a8e2
This commit is contained in:
desaster
2011-04-03 11:33:46 +00:00
parent df4cf41207
commit 432840fd4b
3 changed files with 130 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kippo/commands/tar.py
View File

@@ -3,11 +3,20 @@
from kippo.core.honeypot import HoneyPotCommand
from kippo.core.fs import *
from kippo.commands import dice
from kippo.commands import dice, malware
import time, random, tarfile, os
commands = {}
def pick_handler(cmd, size):
if size in malware.slist:
handler = malware.slist[size]
elif cmd in malware.clist:
handler = malware.clist[cmd]
else:
handler = random.choice(dice.clist)
return handler
class command_tar(HoneyPotCommand):
def mkfullpath(self, path, f):
l, d = path.split('/'), []
@@ -66,7 +75,8 @@ class command_tar(HoneyPotCommand):
elif f.isfile():
self.mkfullpath(os.path.dirname(dest), f)
self.fs.mkfile(dest, 0, 0, f.size, f.mode, f.mtime)
self.honeypot.commands[dest] = random.choice(dice.clist)
self.honeypot.commands[dest] = \
pick_handler(os.path.basename(dest), f.size)
else:
print 'tar: skipping [%s]' % f.name
commands['/bin/tar'] = command_tar