basic support for busybox

cowrie/commands/__init__.py

@@ -24,5 +24,6 @@ __all__ = [
     'iptables',
     'ethtool',
     'ifconfig',
-    'nohup'
+    'nohup',
+    'busybox'
     ]

cowrie/commands/busybox.py

@@ -0,0 +1,49 @@
+from kippo.core.honeypot import HoneyPotCommand
+from twisted.python import log
+commands = {}
+
+busybox_help=('''
+BusyBox v1.20.2 (Debian 1:1.20.0-7) multi-call binary.
+Copyright (C) 1998-2011 Erik Andersen, Rob Landley, Denys Vlasenko
+and others. Licensed under GPLv2.
+See source distribution for full notice.
+
+Usage: busybox [function] [arguments]...
+   or: busybox --list[-full]
+   or: busybox --install [-s] [DIR]
+   or: function [arguments]...
+
+	BusyBox is a multi-call binary that combines many common Unix
+	utilities into a single executable.  Most people will create a
+	link to busybox for each function they wish to use and BusyBox
+	will act like whatever it was invoked as.
+
+Currently defined functions:
+	[, [[, adjtimex, ar, arp, arping, ash, awk, basename, blockdev, brctl, bunzip2, bzcat, bzip2, cal, cat, chgrp, chmod, chown, chroot, chvt, clear, cmp, cp, cpio, cttyhack, cut, date, dc, dd, deallocvt, depmod, df,
+	diff, dirname, dmesg, dnsdomainname, dos2unix, du, dumpkmap, dumpleases, echo, egrep, env, expand, expr, false, fgrep, find, fold, free, freeramdisk, ftpget, ftpput, getopt, getty, grep, groups, gunzip, gzip, halt,
+	head, hexdump, hostid, hostname, httpd, hwclock, id, ifconfig, init, insmod, ionice, ip, ipcalc, kill, killall, klogd, last, less, ln, loadfont, loadkmap, logger, login, logname, logread, losetup, ls, lsmod, lzcat,
+	lzma, md5sum, mdev, microcom, mkdir, mkfifo, mknod, mkswap, mktemp, modinfo, modprobe, more, mount, mt, mv, nameif, nc, netstat, nslookup, od, openvt, patch, pidof, ping, ping6, pivot_root, poweroff, printf, ps, pwd,
+	rdate, readlink, realpath, reboot, renice, reset, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, run-parts, sed, seq, setkeycodes, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort, start-stop-daemon, stat,
+	strings, stty, swapoff, swapon, switch_root, sync, sysctl, syslogd, tac, tail, tar, taskset, tee, telnet, test, tftp, time, timeout, top, touch, tr, traceroute, traceroute6, true, tty, udhcpc, udhcpd, umount, uname,
+	uncompress, unexpand, uniq, unix2dos, unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode, vconfig, vi, watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes, zcat
+''').strip().split('\n')
+
+class command_busybox(HoneyPotCommand):
+
+    def help(self):
+	for ln in bosybox_help:
+	    self.writeln(ln)
+
+    def call(self):
+	args =list(self.args)
+	line = ' '.join(args)
+	cmd = args[0]
+	args = args[1:]
+	cmdclass = self.protocol.getCommand(cmd, self.env['PATH'].split(':'))
+	if cmdclass:
+            log.msg(eventid='KIPP0005', input=line, format='Command found: %(input)s')
+            #self.protocol.logDispatch('Command found: %s' % (line,))
+            self.protocol.call_command(cmdclass, *args)
+	else:
+	    self.help() 
+commands['busybox'] = command_busybox