aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-18 22:44:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

change exec handling so the command is allowed to run long enough for wget to

Browse Source 
work
This commit is contained in:
Upi Tamminen
2014-08-09 19:19:05 +03:00
parent e1e3acb850
commit 6c8596930e
2 changed files with 25 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
kippo/core/exceptions.py Normal file
View File

@@ -0,0 +1,3 @@
class NotEnabledException(Exception):
""" Feature not enabled
"""

52
kippo/core/honeypot.py
View File

@@ -16,6 +16,8 @@ import sys, os, random, pickle, time, stat, shlex, anydbm, struct
from kippo.core import ttylog, fs, utils from kippo.core import ttylog, fs, utils
from kippo.core.userdb import UserDB from kippo.core.userdb import UserDB
from kippo.core.config import config from kippo.core.config import config
from kippo.core import exceptions
import commands import commands
import ConfigParser import ConfigParser
@@ -84,8 +86,12 @@ class HoneyPotShell(object):
self.showPrompt() self.showPrompt()
if not len(self.cmdpending): if not len(self.cmdpending):
self.showPrompt() if self.interactive:
self.showPrompt()
else:
self.honeypot.terminal.transport.loseConnection()
return return
line = self.cmdpending.pop(0) line = self.cmdpending.pop(0)
try: try:
cmdAndArgs = shlex.split(line) cmdAndArgs = shlex.split(line)
@@ -139,7 +145,7 @@ class HoneyPotShell(object):
self.runCommand() self.runCommand()
def showPrompt(self): def showPrompt(self):
if (self.honeypot.execcmd != None): if not self.interactive:
return return
# Example: srv03:~# # Example: srv03:~#
#prompt = '%s:%%(path)s' % self.honeypot.hostname #prompt = '%s:%%(path)s' % self.honeypot.hostname
@@ -248,10 +254,9 @@ class HoneyPotShell(object):
self.honeypot.terminal.write(newbuf) self.honeypot.terminal.write(newbuf)
class HoneyPotBaseProtocol(insults.TerminalProtocol): class HoneyPotBaseProtocol(insults.TerminalProtocol):
def __init__(self, user, env, execcmd = None): def __init__(self, user, env):
self.user = user self.user = user
self.env = env self.env = env
self.execcmd = execcmd
self.hostname = self.env.cfg.get('honeypot', 'hostname') self.hostname = self.env.cfg.get('honeypot', 'hostname')
self.fs = fs.HoneyPotFilesystem(deepcopy(self.env.fs)) self.fs = fs.HoneyPotFilesystem(deepcopy(self.env.fs))
if self.fs.exists(user.home): if self.fs.exists(user.home):
@@ -335,9 +340,6 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol):
return None return None
def lineReceived(self, line): def lineReceived(self, line):
# Don't execute additional commands after execcmd
if self.execcmd != None:
return
if len(self.cmdstack): if len(self.cmdstack):
self.cmdstack[-1].lineReceived(line) self.cmdstack[-1].lineReceived(line)
@@ -367,9 +369,9 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol):
class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLine): class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLine):
def __init__(self, user, env, execcmd = None): def __init__(self, user, env):
recvline.HistoricRecvLine.__init__(self) recvline.HistoricRecvLine.__init__(self)
HoneyPotBaseProtocol.__init__(self, user, env, execcmd) HoneyPotBaseProtocol.__init__(self, user, env)
def connectionMade(self): def connectionMade(self):
HoneyPotBaseProtocol.connectionMade(self) HoneyPotBaseProtocol.connectionMade(self)
@@ -380,17 +382,6 @@ class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLin
transport = self.terminal.transport.session.conn.transport transport = self.terminal.transport.session.conn.transport
transport.factory.sessions[transport.transport.sessionno] = self transport.factory.sessions[transport.transport.sessionno] = self
if self.execcmd != None:
print 'Running exec cmd "%s"' % self.execcmd
self.cmdstack[0].lineReceived(self.execcmd)
self.terminal.transport.session.conn.sendRequest(
self.terminal.transport.session,
'exit-status',
struct.pack('>L', 0))
self.terminal.transport.session.conn.sendClose(
self.terminal.transport.session)
return
self.keyHandlers.update({ self.keyHandlers.update({
'\x04': self.handle_CTRL_D, '\x04': self.handle_CTRL_D,
'\x15': self.handle_CTRL_U, '\x15': self.handle_CTRL_U,
@@ -454,6 +445,10 @@ class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLin
class HoneyPotExecProtocol(HoneyPotBaseProtocol): class HoneyPotExecProtocol(HoneyPotBaseProtocol):
def __init__(self, user, env, execcmd):
self.execcmd = execcmd
HoneyPotBaseProtocol.__init__(self, user, env)
def connectionMade(self): def connectionMade(self):
HoneyPotBaseProtocol.connectionMade(self) HoneyPotBaseProtocol.connectionMade(self)
@@ -461,12 +456,6 @@ class HoneyPotExecProtocol(HoneyPotBaseProtocol):
print 'Running exec command "%s"' % self.execcmd print 'Running exec command "%s"' % self.execcmd
self.cmdstack[0].lineReceived(self.execcmd) self.cmdstack[0].lineReceived(self.execcmd)
self.terminal.transport.session.conn.sendRequest(
self.terminal.transport.session,
'exit-status',
struct.pack('>L', 0))
self.terminal.transport.session.conn.sendClose(
self.terminal.transport.session)
class LoggingServerProtocol(insults.ServerProtocol): class LoggingServerProtocol(insults.ServerProtocol):
def connectionMade(self): def connectionMade(self):
@@ -531,10 +520,13 @@ class HoneyPotAvatar(avatar.ConchUser):
def execCommand(self, protocol, cmd): def execCommand(self, protocol, cmd):
cfg = config() cfg = config()
if cfg.has_option('honeypot', 'exec_enabled'): if not cfg.has_option('honeypot', 'exec_enabled') or \
if ( cfg.get('honeypot', 'exec_enabled') != "true" ): cfg.get('honeypot', 'exec_enabled').lower() not in \
print 'exec disabled. Not executing command: "%s"' % cmd ('yes', 'true', 'on'):
raise os.OSError print 'Exec disabled. Not executing command: "%s"' % cmd
raise exceptions.NotEnabledException, \
'exce_enabled not enabled in configuration file!'
return
print 'exec command: "%s"' % cmd print 'exec command: "%s"' % cmd
serverProtocol = LoggingServerProtocol( serverProtocol = LoggingServerProtocol(