aljaz/cowrie
1
0
Fork 0
mirror of https://github.com/aljazceru/cowrie.git synced 2025-12-18 06:24:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Removed all trailing spaces

Browse Source
This commit is contained in:
g0tmi1k
2014-05-28 05:13:55 +01:00
parent 6a93e0c113
commit 74d5cb0825
11 changed files with 149 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -17,10 +17,10 @@ Some interesting logs from a live Kippo installation below (viewable within a we
Some interesting features:
* Fake filesystem with the ability to add/remove files. A full fake filesystem resembling a Debian 5.0 installation is included
* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings
* Possibility of adding fake file contents so the attacker can 'cat' files such as /etc/passwd. Only minimal file contents are included
* Session logs stored in an [UML Compatible](http://user-mode-linux.sourceforge.net/) format for easy replay with original timings
* Just like Kojoney, Kippo saves files downloaded with wget for later inspection
* Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc
* Trickery; ssh pretends to connect somewhere, exit doesn't really exit, etc
## Requirements

14
kippo.cfg.dist
View File

@@ -46,7 +46,7 @@ download_path = dl
# (default: honeyfs)
contents_path = honeyfs
# File in the python pickle format containing the virtual filesystem.
# File in the python pickle format containing the virtual filesystem.
#
# This includes the filenames, paths, permissions for the whole filesystem,
# but not the file contents. This is created by the createfs.py utility from
@@ -110,17 +110,17 @@ private_key = private.key
# (default: not specified)
#fake_addr = 192.168.66.254
# SSH Version String
# SSH Version String
#
# Use this to disguise your honeypot from a simple SSH version scan
# frequent Examples: (found experimentally by scanning ISPs)
# SSH-2.0-OpenSSH_5.1p1 Debian-5
# SSH-1.99-OpenSSH_4.3
# SSH-1.99-OpenSSH_4.7
# SSH-1.99-Sun_SSH_1.1
# SSH-1.99-OpenSSH_4.3
# SSH-1.99-OpenSSH_4.7
# SSH-1.99-Sun_SSH_1.1
# SSH-2.0-OpenSSH_4.2p1 Debian-7ubuntu3.1
# SSH-2.0-OpenSSH_4.3
# SSH-2.0-OpenSSH_4.6
# SSH-2.0-OpenSSH_4.3
# SSH-2.0-OpenSSH_4.6
# SSH-2.0-OpenSSH_5.1p1 Debian-5
# SSH-2.0-OpenSSH_5.1p1 FreeBSD-20080901
# SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5

8
kippo/commands/base.py
View File

@@ -195,7 +195,7 @@ class command_shutdown(HoneyPotCommand):
"-a: use /etc/shutdown.allow ",
"-k: don't really shutdown, only warn. " ,
"-r: reboot after shutdown. " ,
"-h: halt after shutdown. " ,
"-h: halt after shutdown. " ,
"-P: halt action is to turn off power. " ,
"-H: halt action is to just halt. " ,
"-f: do a 'fast' reboot (skip fsck). " ,
@@ -211,7 +211,7 @@ class command_shutdown(HoneyPotCommand):
elif len(self.args) > 1 and self.args[0].strip().count('-h') \
and self.args[1].strip().count('now'):
self.nextLine()
self.writeln(
self.writeln(
'Broadcast message from root@%s (pts/0) (%s):' % \
(self.honeypot.hostname, time.ctime()))
self.nextLine()
@@ -220,7 +220,7 @@ class command_shutdown(HoneyPotCommand):
elif len(self.args) > 1 and self.args[0].strip().count('-r') \
and self.args[1].strip().count('now'):
self.nextLine()
self.writeln(
self.writeln(
'Broadcast message from root@%s (pts/0) (%s):' % \
(self.honeypot.hostname, time.ctime()))
self.nextLine()
@@ -230,7 +230,7 @@ class command_shutdown(HoneyPotCommand):
self.writeln("Try `shutdown --help' for more information.")
self.exit()
return
def finish(self):
self.writeln('Connection to server closed.')
self.honeypot.hostname = 'localhost'

8
kippo/commands/wget.py
View File

@@ -32,8 +32,8 @@ def sizeof_fmt(num):
num /= 1024.0
# Luciano Ramalho @ http://code.activestate.com/recipes/498181/
def splitthousands( s, sep=','):
if len(s) <= 3: return s
def splitthousands( s, sep=','):
if len(s) <= 3: return s
return splitthousands(s[:-3], sep) + sep + s[-3:]
class command_wget(HoneyPotCommand):
@@ -122,7 +122,7 @@ class command_wget(HoneyPotCommand):
commands['/usr/bin/wget'] = command_wget
# from http://code.activestate.com/recipes/525493/
class HTTPProgressDownloader(client.HTTPDownloader):
class HTTPProgressDownloader(client.HTTPDownloader):
def __init__(self, wget, fakeoutfile, url, outfile, headers=None):
client.HTTPDownloader.__init__(self, url, outfile, headers=headers,
agent='Wget/1.11.4')
@@ -133,7 +133,7 @@ class HTTPProgressDownloader(client.HTTPDownloader):
self.started = time.time()
self.proglen = 0
self.nomore = False
def noPage(self, reason): # called for non-200 responses
if self.status == '304':
client.HTTPDownloader.page(self, '')

2
kippo/core/fs.py
View File

@@ -33,7 +33,7 @@ class HoneyPotFilesystem(object):
self.fs = fs
# keep count of new files, so we can have an artificial limit
self.newcount = 0
self.newcount = 0
def resolve_path(self, path, cwd):
pieces = path.rstrip('/').split('/')

6
kippo/core/honeypot.py
View File

@@ -285,7 +285,7 @@ class HoneyPotProtocol(recvline.HistoricRecvLine):
except:
pass
# this doesn't seem to be called upon disconnect, so please use
# this doesn't seem to be called upon disconnect, so please use
# HoneyPotTransport.connectionLost instead
def connectionLost(self, reason):
recvline.HistoricRecvLine.connectionLost(self, reason)
@@ -350,7 +350,7 @@ class HoneyPotProtocol(recvline.HistoricRecvLine):
else:
self.lineBuffer[self.lineBufferIndex:self.lineBufferIndex+1] = [ch]
self.lineBufferIndex += 1
if not self.password_input:
if not self.password_input:
self.terminal.write(ch)
def writeln(self, data):
@@ -425,7 +425,7 @@ class LoggingServerProtocol(insults.ServerProtocol):
ttylog.TYPE_OUTPUT, time.time(), bytes)
insults.ServerProtocol.write(self, bytes)
# this doesn't seem to be called upon disconnect, so please use
# this doesn't seem to be called upon disconnect, so please use
# HoneyPotTransport.connectionLost instead
def connectionLost(self, reason):
insults.ServerProtocol.connectionLost(self, reason)

4
kippo/core/interact.py
View File

@@ -24,10 +24,10 @@ class Interact(telnet.Telnet):
def enableRemote(self, option):
return option == telnet.LINEMODE
def disableRemote(self, option):
pass
def applicationDataReceived(self, bytes):
# in command mode, we want to echo characters and buffer the input
if not self.interacting:

10
kippo/core/utils.py
View File

@@ -15,7 +15,7 @@ def durationHuman(seconds):
hours, minutes = divmod(minutes, 60)
days, hours = divmod(hours, 24)
years, days = divmod(days, 365.242199)
sdays = str(days)
syears = str(years)
sseconds = str(seconds).rjust(2, '0')
@@ -52,23 +52,23 @@ def tail(the_file, lines_2find=20):
return line_list[-lines_2find:]
#we read at least 21 line breaks from the bottom, block by block for speed
#21 to ensure we don't get a half line
# Gives a human-readable uptime string
# Thanks to http://thesmithfam.org/blog/2005/11/19/python-uptime-script/
# (modified to look like the real uptime command)
def uptime(total_seconds):
total_seconds = float(total_seconds)
# Helper vars:
MINUTE = 60
HOUR = MINUTE * 60
DAY = HOUR * 24
# Get the days, hours, etc:
days = int(total_seconds / DAY)
hours = int((total_seconds % DAY) / HOUR)
minutes = int((total_seconds % HOUR) / MINUTE)
# 14 days, 3:53
# 11 min

8
txtcmds/sbin/ifconfig
View File

@@ -1,17 +1,17 @@
eth0 Link encap:Ethernet HWaddr 00:4c:a8:ab:32:f4
eth0 Link encap:Ethernet HWaddr 00:4c:a8:ab:32:f4
inet addr:10.98.55.4 Bcast:10.98.55.255 Mask:255.255.255.0
inet6 addr: fe80::21f:c6ac:fd44:24d7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:84045991 errors:0 dropped:0 overruns:0 frame:0
TX packets:103776307 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
collisions:0 txqueuelen:1000
RX bytes:50588302699 (47.1 GiB) TX bytes:97318807157 (90.6 GiB)
lo Link encap:Local Loopback
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:308297 errors:0 dropped:0 overruns:0 frame:0
TX packets:308297 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
collisions:0 txqueuelen:0
RX bytes:355278106 (338.8 MiB) TX bytes:355278106 (338.8 MiB)

230
utils/fsctl.py
View File

@@ -1,5 +1,5 @@
#!/usr/bin/python
###############################################################
# This program creates a command line interpreter used to edit
# kippo file system pickle files.
@@ -16,14 +16,14 @@
# March 2013
#
###############################################################
import os, pickle, sys, locale, time, cmd
from stat import *
A_NAME, A_TYPE, A_UID, A_GID, A_SIZE, A_MODE, \
A_CTIME, A_CONTENTS, A_TARGET, A_REALFILE = range(0, 10)
T_LINK, T_DIR, T_FILE, T_BLK, T_CHR, T_SOCK, T_FIFO = range(0, 7)
def getpath(fs, path):
cwd = fs
for part in path.split('/'):
@@ -38,7 +38,7 @@ def getpath(fs, path):
if not ok:
raise Exception('File not found')
return cwd
def exists(fs, path):
try:
getpath(fs, path)
@@ -48,7 +48,7 @@ def exists(fs, path):
return False
else:
raise Exception(e)
def is_directory(fs,path):
"Returns whether or not the file at 'path' is a directory"
file = getpath(fs,path)
@@ -56,31 +56,31 @@ def is_directory(fs,path):
return True
else:
return False
def resolve_reference(pwd, relativeReference):
'''Used to resolve a current working directory and a relative
reference into an absolute file reference.'''
tempPath = os.path.join(pwd, relativeReference)
absoluteReference = os.path.normpath(tempPath)
return absoluteReference
class fseditCmd(cmd.Cmd):
def __init__(self, pickle_file_path):
cmd.Cmd.__init__(self)
if not os.path.isfile(pickle_file_path):
print "File %s does not exist." % pickle_file_path
sys.exit(1)
try:
pickle_file = open(pickle_file_path, 'rb')
except IOError as e:
print "Unable to open file %s" % pickle_file_path
sys.exit(1)
try:
self.fs = pickle.load(pickle_file)
except:
@@ -88,19 +88,19 @@ class fseditCmd(cmd.Cmd):
"Are you sure it is a valid pickle file?") % \
(pickle_file_path,)
sys.exit(1)
self.pickle_file_path=pickle_file_path
#get the name of the file so we can display it as the prompt
path_parts = pickle_file_path.split('/')
self.fs_name = path_parts[-1]
self.update_pwd("/")
self.intro = "\nKippo file system interactive editor\n" + \
"Donovan Hubbard, Douglas Hubbard, March 2013\n" + \
"Type 'help' for help\n"
"Type 'help' for help\n"
def save_pickle(self):
'''saves the current file system to the pickle'''
try:
@@ -110,7 +110,7 @@ class fseditCmd(cmd.Cmd):
"Are you sure you have write access?") % \
(self.pickle_file_path,)
sys.exit(1)
def do_exit(self, args):
'''Exits the file system editor'''
return True
@@ -121,7 +121,7 @@ class fseditCmd(cmd.Cmd):
#so we add it manually
print
return True
def do_ls(self, args):
'''Prints the contents of a directory.
Prints the current directory if no arguments are specified'''
@@ -130,76 +130,76 @@ class fseditCmd(cmd.Cmd):
path = self.pwd
else:
path = resolve_reference(self.pwd,args)
if exists(self.fs, path) == False:
print "ls: cannot access %s: No such file or directory" % (path,)
return
if is_directory(self.fs, path) == False:
print "ls: %s is not a directory" % (path,)
return
cwd = getpath(self.fs, path)
for file in cwd[A_CONTENTS]:
if file[A_TYPE] == T_DIR:
print file[A_NAME] + '/'
else:
print file[A_NAME]
def update_pwd(self, directory):
self.pwd = directory
self.prompt = self.fs_name + ":" + self.pwd + "$ "
def do_cd(self, args):
'''Changes the current directory.\nUsage: cd <target directory>'''
#count the number of arguments
# 1 or more arguments: changes the directory to the first arg
# and ignores the rest
# 0 arguments: changes to '/'
arguments = args.split()
if not len(arguments):
self.update_pwd("/")
else:
relative_dir = arguments[0]
target_dir = resolve_reference(self.pwd, relative_dir)
if exists(self.fs, target_dir) == False:
print "cd: %s: No such file or directory" % target_dir
elif is_directory(self.fs, target_dir):
self.update_pwd(target_dir)
else:
print "cd: %s: Not a directory" % target_dir
def do_pwd(self, args):
'''Prints the current working directory'''
print self.pwd
def do_mkdir(self, args):
"""Add a new directory in the target directory.
Handles relative or absolute file paths. \n
Usage: mkdir <destination>"""
arg_list=args.split()
if len(arg_list) != 1:
print "usage: mkdir <new directory>"
else:
self.mkfile(arg_list, T_DIR)
def do_touch(self, args):
"""Add a new file in the target directory.
Handles relative or absolute file paths. \n
Usage: touch <destination> [<size in bytes>]"""
arg_list=args.split()
if len(arg_list) < 1:
print 'Usage: touch <destination> (<size in bytes>)'
else:
self.mkfile(arg_list, T_FILE)
def mkfile(self, args, file_type):
'''args must be a list of arguments'''
cwd = self.fs
@@ -207,126 +207,126 @@ class fseditCmd(cmd.Cmd):
pathList = path.split('/')
parentdir = '/'.join(pathList[:-1])
fileName = pathList[len(pathList) - 1]
if not exists(self.fs, parentdir):
print ('Parent directory %s doesn\'t exist! ' +
'Please create it first.') % \
(parentdir,)
return
if exists(self.fs, path):
print 'Error: %s already exists!' % (path,)
return
cwd = getpath(self.fs, parentdir)
#get uid, gid, mode from parent
uid = cwd[A_UID]
gid = cwd[A_GID]
mode = cwd[A_MODE]
#create default file/directory size if none is specified
if len(args) == 1:
size = 4096
else:
size = args[1]
#set the last update timestamp to now
ctime = time.time()
cwd[A_CONTENTS].append(
[fileName, file_type, uid, gid, size, mode, ctime, [], None, None])
self.save_pickle()
print "Added '%s'" % path
def do_rm(self, arguments):
'''Remove an object from the filesystem.
Will not remove a directory unless the -r switch is invoked.\n
Usage: rm [-r] <target>'''
args = arguments.split()
if len(args) < 1 or len(args) > 2:
print 'Usage: rm [-r] <target>'
return
if len(args) == 2 and args[0] != "-r":
print 'Usage: rm [-r] <target>'
return
if len(args) == 1:
target_path = resolve_reference(self.pwd, args[0])
else:
target_path = resolve_reference(self.pwd, args[1])
if exists(self.fs, target_path) == False:
print "File \'%s\' doesn\'t exist" % (target_path,)
return
if target_path == "/":
print "rm: cannot delete root directory '/'"
return
target_object = getpath(self.fs, target_path)
if target_object[A_TYPE]==T_DIR and args[0] != "-r":
print "rm: cannot remove '%s': Is a directory" % (target_path,)
return
parent_path = '/'.join(target_path.split('/')[:-1])
parent_object = getpath(self.fs, parent_path)
parent_object[A_CONTENTS].remove(target_object)
self.save_pickle()
print "Deleted %s" % target_path
def do_rmdir(self, arguments):
'''Remove a file object. Like the unix command,
this can only delete empty directories.
Use rm -r to recursively delete full directories.\n
Usage: rmdir <target directory>'''
args = arguments.split()
if len(args) != 1:
print 'Usage: rmdir <target>'
return
target_path = resolve_reference(self.pwd, args[0])
if exists(self.fs, target_path) == False:
print "File \'%s\' doesn\'t exist" % (target_path,)
return
target_object = getpath(self.fs, target_path)
if target_object[A_TYPE] != T_DIR:
print "rmdir: failed to remove '%s': Not a directory" % \
(target_path,)
return
#The unix rmdir command does not delete directories if they are not
#empty
if len(target_object[A_CONTENTS]) != 0:
print "rmdir: failed to remove '%s': Directory not empty" % \
(target_path,)
return
parent_path = '/'.join(target_path.split('/')[:-1])
parent_object = getpath(self.fs, parent_path)
parent_object[A_CONTENTS].remove(target_object)
self.save_pickle()
if self.pwd == target_path:
self.do_cd("..")
print "Deleted %s" % target_path
def do_mv(self, arguments):
'''Moves a file/directory from one directory to another.\n
Usage: mv <source file> <destination file>'''
@@ -336,28 +336,28 @@ class fseditCmd(cmd.Cmd):
return
src = resolve_reference(self.pwd, args[0])
dst = resolve_reference(self.pwd, args[1])
if src == "/":
print "mv: cannot move the root directory '/'"
return
src = src.strip('/')
dst = dst.strip('/')
if not exists(self.fs, src):
print "Source file \'%s\' does not exist!" % src
return
#Get the parent directory of the source file
#srcparent = '/'.join(src.split('/')[:-1])
srcparent = "/".join(src.split('/')[:-1])
#Get the object for source
srcl = getpath(self.fs, src)
#Get the object for the source's parent
srcparentl = getpath(self.fs, srcparent)
#if the specified filepath is a directory, maintain the current name
if exists(self.fs, dst) and is_directory(self.fs, dst):
dstparent = dst
@@ -365,28 +365,28 @@ class fseditCmd(cmd.Cmd):
else:
dstparent = '/'.join(dst.split('/')[:-1])
dstname = dst.split('/')[-1]
if exists(self.fs, dstparent + '/' + dstname):
print "A file already exists at "+dst+"!"
return
if not exists(self.fs, dstparent):
print 'Destination directory \'%s\' doesn\'t exist!' % dst
return
if src == self.pwd:
self.do_cd("..")
dstparentl = getpath(self.fs, dstparent)
copy = srcl[:]
copy[A_NAME] = dstname
dstparentl[A_CONTENTS].append(copy)
srcparentl[A_CONTENTS].remove(srcl)
self.save_pickle()
print 'File moved from /%s to /%s' % (src, dst)
def do_cp(self, arguments):
'''Copies a file/directory from one directory to another.\n
Usage: cp <source file> <destination file>'''
@@ -394,28 +394,28 @@ class fseditCmd(cmd.Cmd):
if len(args) != 2:
print 'Usage: cp <source> <destination>'
return
#src, dst = args[0], args[1]
src = resolve_reference(self.pwd, args[0])
dst = resolve_reference(self.pwd, args[1])
src = src.strip('/')
dst = dst.strip('/')
if not exists(self.fs, src):
print "Source file '%s' does not exist!" % (src,)
return
#Get the parent directory of the source file
srcparent = '/'.join(src.split('/')[:-1])
#Get the object for source
srcl = getpath(self.fs, src)
#Get the ojbect for the source's parent
srcparentl = getpath(self.fs, srcparent)
#if the specified filepath is a directory, maintain the current name
if exists(self.fs, dst) and is_directory(self.fs, dst):
dstparent = dst
@@ -423,42 +423,42 @@ class fseditCmd(cmd.Cmd):
else:
dstparent = '/'.join(dst.split('/')[:-1])
dstname = dst.split('/')[-1]
if exists(self.fs, dstparent + '/' + dstname):
print 'A file already exists at %s/%s!' % (dstparent, dstname)
return
if not exists(self.fs, dstparent):
print 'Destination directory %s doesn\'t exist!' % (dstparent,)
return
dstparentl = getpath(self.fs, dstparent)
copy = srcl[:]
copy[A_NAME] = dstname
dstparentl[A_CONTENTS].append(copy)
self.save_pickle()
print 'File copied from /%s to /%s/%s' % (src, dstparent, dstname)
def do_file(self, args):
'''Identifies file types.\nUsage: file <file name>'''
arg_list = args.split()
if len(arg_list) != 1:
print "Incorrect number of arguments.\nUsage: file <file>"
return
target_path = resolve_reference(self.pwd, arg_list[0])
if not exists(self.fs, target_path):
print "File '%s' doesn't exist." % target_path
return
target_object = getpath(self.fs, target_path)
file_type = target_object[A_TYPE]
if file_type == T_FILE:
msg = "normal file object"
elif file_type == T_DIR:
@@ -475,22 +475,22 @@ class fseditCmd(cmd.Cmd):
msg = "named pipe"
else:
msg = "unrecognized file"
print target_path+" is a "+msg
def do_clear(self, args):
'''Clears the screen'''
os.system('clear')
def emptyline(self):
'''By default the cmd object will repeat the last command
if a blank line is entered. Since this is different than
bash behavior, overriding this method will stop it.'''
pass
def help_help(self):
print "Type help <topic> to get more information."
def help_about(self):
print "Kippo stores information about its file systems in a " + \
"series of nested lists. Once the lists are made, they are " + \
@@ -508,15 +508,15 @@ class fseditCmd(cmd.Cmd):
"kippo process in order for the new file system to be " + \
"reloaded into memory.\n\nDonovan Hubbard, Douglas Hubbard, " + \
"March 2013\nVersion 1.0"
if __name__ == '__main__':
if len(sys.argv) != 2:
print "Usage: %s <fs.pickle>" % os.path.basename(sys.argv[0],)
sys.exit(1)
pickle_file_name = sys.argv[1].strip()
print pickle_file_name
fseditCmd(pickle_file_name).cmdloop()
# vim: set sw=4 et:

2
utils/playlog.py
View File

@@ -27,7 +27,7 @@ def playlog(fd, settings):
settings['maxdelay'] = 0
continue
break
if currtty == 0: currtty = tty
if str(tty) == str(currtty) and op == OP_WRITE: