basic sudo command

2026-02-22 06:44:26 +01:00 · 2015-11-24 19:32:20 +00:00
parent e114c25569
commit 57b8a1c7a4
3 changed files with 126 additions and 20 deletions
--- a/cowrie/commands/init.py
+++ b/cowrie/commands/init.py
@@ -2,28 +2,29 @@
 # See the COPYRIGHT file for more information

 __all__ = [
-    'base',
-    'ls',
-    'ping',
-    'ssh',
-    'curl',
-    'tar',
-    'wget',
-    'apt',
-    'dice',
    'adduser',
-    'sleep',
-    'last',
-    'uname',
-    'scp',
+    'apt',
+    'base',
+    'busybox',
+    'curl',
+    'dice',
+    'ethtool',
    'fs',
+    'gcc',
+    'ifconfig',
+    'iptables',
+    'last',
+    'ls',
    'malware',
    'netstat',
-    'which',
-    'gcc',
-    'iptables',
-    'ethtool',
-    'ifconfig',
    'nohup',
-    'busybox'
+    'ping',
+    'scp',
+    'sleep',
+    'ssh',
+    'sudo',
+    'tar',
+    'uname',
+    'wget',
+    'which'
    ]
--- a/cowrie/commands/busybox.py
+++ b/cowrie/commands/busybox.py
@@ -57,7 +57,7 @@ class command_busybox(HoneyPotCommand):
            args = args[1:]
            cmdclass = self.protocol.getCommand(cmd, self.env['PATH'].split(':'))
            if cmdclass:
-                log.msg(eventid='KIPP0005', busybox=line, format='Command found: %(busybox)s')
+                log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s')
                self.protocol.call_command(cmdclass, *args)
            else:
                self.help() 
--- a/cowrie/commands/sudo.py
+++ b/cowrie/commands/sudo.py
@@ -0,0 +1,105 @@
+
+import getopt
+
+from twisted.python import log
+
+from cowrie.core.honeypot import HoneyPotCommand
+
+commands = {}
+
+sudo_shorthelp=('''
+sudo: Only one of the -e, -h, -i, -K, -l, -s, -v or -V options may be specified
+usage: sudo [-D level] -h | -K | -k | -V
+usage: sudo -v [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid]
+usage: sudo -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]
+usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]
+usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...
+''').strip().split('\n')
+
+sudo_longhelp=('''
+sudo - execute a command as another user
+
+usage: sudo [-D level] -h | -K | -k | -V
+usage: sudo -v [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid]
+usage: sudo -l[l] [-AknS] [-D level] [-g groupname|#gid] [-p prompt] [-U user name] [-u user name|#uid] [-g groupname|#gid] [command]
+usage: sudo [-AbEHknPS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]
+usage: sudo -e [-AknS] [-r role] [-t type] [-C fd] [-D level] [-g groupname|#gid] [-p prompt] [-u user name|#uid] file ...
+
+Options:
+  -a type       use specified BSD authentication type
+  -b            run command in the background
+  -C fd         close all file descriptors >= fd
+  -E            preserve user environment when executing command
+  -e            edit files instead of running a command
+  -g group      execute command as the specified group
+  -H            set HOME variable to target user's home dir.
+  -h            display help message and exit
+  -i [command]  run a login shell as target user
+  -K            remove timestamp file completely
+  -k            invalidate timestamp file
+  -l[l] command list user's available commands
+  -n            non-interactive mode, will not prompt user
+  -P            preserve group vector instead of setting to target's
+  -p prompt     use specified password prompt
+  -r role       create SELinux security context with specified role
+  -S            read password from standard input
+  -s [command]  run a shell as target user
+  -t type       create SELinux security context with specified role
+  -U user       when listing, list specified user's privileges
+  -u user       run command (or edit file) as specified user
+  -V            display version information and exit
+  -v            update user's timestamp without running a command
+  --            stop processing command line arguments
+''').strip().split('\n')
+
+class command_sudo(HoneyPotCommand):
+
+    def short_help(self):
+        for ln in sudo_shorthelp:
+            self.writeln(ln)
+        self.exit()
+
+    def long_help(self):
+        for ln in sudo_longhelp:
+            self.writeln(ln)
+        self.exit()
+
+    def version(self):
+        self.writeln(
+'''Sudo version 1.8.5p2
+Sudoers policy plugin version 1.8.5p2
+Sudoers file grammar version 41
+Sudoers I/O plugin version 1.8.5p2''')
+        self.exit()
+
+    def start(self):
+        try:
+            optlist, args = getopt.getopt(self.args, 'shV')
+        except getopt.GetoptError as err:
+            self.writeln('invalid option')
+            self.short_help()
+            return
+
+        for o, a in optlist:
+            if o in ("-V"):
+                self.version()
+                return
+            elif o in ("-h"):
+                self.long_help()
+                return
+
+        if len(args) > 0:
+            line = ' '.join(args)
+            cmd = args[0]
+            args = args[1:]
+            cmdclass = self.protocol.getCommand(cmd, self.env['PATH'].split(':'))
+            if cmdclass:
+                log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s')
+                self.protocol.call_command(cmdclass, *args)
+                self.exit()
+            else:
+                self.short_help() 
+        else:
+            self.short_help() 
+
+commands['sudo'] = command_sudo