From da770e34bf6ee191e9df0d4cbd0012710ae95727 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Thu, 19 Nov 2015 12:49:39 +0000 Subject: [PATCH] input during running commands is now added as queued shell commands --- cowrie/core/honeypot.py | 62 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 56 insertions(+), 6 deletions(-) diff --git a/cowrie/core/honeypot.py b/cowrie/core/honeypot.py index 9651969..3f4162a 100644 --- a/cowrie/core/honeypot.py +++ b/cowrie/core/honeypot.py @@ -15,6 +15,8 @@ from twisted.python import log from cowrie.core import fs class HoneyPotCommand(object): + """ + """ def __init__(self, protocol, *args): self.protocol = protocol @@ -25,35 +27,65 @@ class HoneyPotCommand(object): self.nextLine = self.protocol.terminal.nextLine self.fs = self.protocol.fs + def start(self): + """ + """ self.call() self.exit() + def call(self): + """ + """ self.writeln('Hello World! [%s]' % (repr(self.args),)) + def exit(self): + """ + """ self.protocol.cmdstack.pop() self.protocol.cmdstack[-1].resume() + def handle_CTRL_C(self): + """ + """ log.msg('Received CTRL-C, exiting..') self.writeln('^C') self.exit() + def lineReceived(self, line): - log.msg('INPUT: %s' % (line,)) + """ + """ + log.msg('QUEUED INPUT: %s' % (line,)) + self.protocol.cmdstack[0].cmdpending.append(line) + def resume(self): + """ + """ pass + def handle_TAB(self): + """ + """ pass + def handle_CTRL_D(self): + """ + """ pass + + class HoneyPotShell(object): + """ + """ + def __init__(self, protocol, interactive=True): self.protocol = protocol self.interactive = interactive @@ -63,7 +95,10 @@ class HoneyPotShell(object): 'PATH': '/bin:/usr/bin:/sbin:/usr/sbin', } + def lineReceived(self, line): + """ + """ log.msg('CMD: %s' % (line,)) line = line[:500] comment = re.compile('^\s*#') @@ -78,7 +113,10 @@ class HoneyPotShell(object): else: self.showPrompt() + def runCommand(self): + """ + """ def runOrPrompt(): if len(self.cmdpending): self.runCommand() @@ -101,12 +139,12 @@ class HoneyPotShell(object): except: self.protocol.writeln( 'bash: syntax error: unexpected end of file') - # could run runCommand here, but i'll just clear the list instead + # Could run runCommand here, but i'll just clear the list instead self.cmdpending = [] self.showPrompt() return - # probably no reason to be this comprehensive for just PATH... + # Probably no reason to be this comprehensive for just PATH... envvars = copy.copy(self.envvars) cmd = None while len(cmdAndArgs): @@ -133,22 +171,26 @@ class HoneyPotShell(object): cmdclass = self.protocol.getCommand(cmd, envvars['PATH'].split(':')) if cmdclass: log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s') - #self.protocol.logDispatch('Command found: %s' % (line,)) self.protocol.call_command(cmdclass, *rargs) else: log.msg(eventid='KIPP0006', input=line, format='Command not found: %(input)s') - #self.protocol.logDispatch('Command not found: %s' % (line,)) if len(line): self.protocol.writeln('bash: %s: command not found' % (cmd,)) runOrPrompt() + def resume(self): + """ + """ if self.interactive: self.protocol.setInsertMode() self.runCommand() + def showPrompt(self): + """ + """ if not self.interactive: return # Example: srv03:~# @@ -178,18 +220,26 @@ class HoneyPotShell(object): attrs = {'path': path} self.protocol.terminal.write(prompt % attrs) + def handle_CTRL_C(self): + """ + """ self.protocol.lineBuffer = [] self.protocol.lineBufferIndex = 0 self.protocol.terminal.nextLine() self.showPrompt() + def handle_CTRL_D(self): + """ + """ log.msg('Received CTRL-D, exiting..') self.protocol.call_command(self.protocol.commands['exit']) - # Tab completion + def handle_TAB(self): + """ + """ if not len(self.protocol.lineBuffer): return l = ''.join(self.protocol.lineBuffer)