From c76f26ee1ee52741d7e70008029c73c1b1e97d48 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Fri, 11 Dec 2015 12:21:29 +0000 Subject: [PATCH 1/3] Add wildcard support for file system creation --- utils/createfs.py | 34 +++++++++++++++++++++++++++------- utils/fsctl.py | 20 ++++++++++---------- 2 files changed, 37 insertions(+), 17 deletions(-) diff --git a/utils/createfs.py b/utils/createfs.py index 8d0e51d..c61f69f 100755 --- a/utils/createfs.py +++ b/utils/createfs.py @@ -1,18 +1,42 @@ #!/usr/bin/env python -import os, pickle, sys, locale, getopt +############################################################### +# This program creates a cowrie file system pickle file. +# +# This is meant to build a brand new filesystem. +# To edit the file structure, please use './utils/fsctl.py' +# +############################################################## + +import os, pickle, sys, locale, getopt, fnmatch from stat import * + A_NAME, A_TYPE, A_UID, A_GID, A_SIZE, A_MODE, \ A_CTIME, A_CONTENTS, A_TARGET, A_REALFILE = range(0, 10) T_LINK, T_DIR, T_FILE, T_BLK, T_CHR, T_SOCK, T_FIFO = range(0, 7) PROC = False VERBOSE = False +blacklist_files = [ + '/root/fs.pickle', + '/root/createfs.py', + '/root/.bash_history', + '*cowrie*', + '*kippo*', + ] + + def logit(ftxt): if VERBOSE: sys.stderr.write(ftxt) +def checkblacklist(ftxt): + for value in blacklist_files: + if fnmatch.fnmatch(ftxt, value): + return True + return False + def recurse(localroot, root, tree, maxdepth = sys.maxint): if maxdepth == 0: return @@ -26,13 +50,10 @@ def recurse(localroot, root, tree, maxdepth = sys.maxint): for name in os.listdir(localpath): fspath = os.path.join(root, name) - if fspath in ( - '/root/fs.pickle', - '/root/createfs.py', - '/root/.bash_history', - ): + if checkblacklist(fspath): continue + path = os.path.join(localpath, name) try: @@ -124,4 +145,3 @@ if __name__ == '__main__': pickle.dump(tree, open(output, 'wb')) else: print pickle.dumps(tree) - diff --git a/utils/fsctl.py b/utils/fsctl.py index a8ac93b..c3a4461 100755 --- a/utils/fsctl.py +++ b/utils/fsctl.py @@ -7,8 +7,8 @@ # It is intended to mimic a basic bash shell and supports relative # file references. # -# This isn't meant to build a brand new filesystem. Instead it -# should be used to edit existing filesystems such as the default +# This isn't meant to build a brand new file system. Instead it +# should be used to edit existing file systems such as the default # /opt/cowrie/data/fs.pickle. # # Donovan Hubbard @@ -97,7 +97,7 @@ class fseditCmd(cmd.Cmd): self.update_pwd("/") - self.intro = "\nKippo file system interactive editor\n" + \ + self.intro = "\nKippo/Cowrie file system interactive editor\n" + \ "Donovan Hubbard, Douglas Hubbard, March 2013\n" + \ "Type 'help' for help\n" @@ -117,7 +117,7 @@ class fseditCmd(cmd.Cmd): def do_EOF(self, args): '''The escape character ctrl+d exits the session''' - #exiting from the do_EOF method does not create a newline automaticaly + #exiting from the do_EOF method does not create a newline automatically #so we add it manually print return True @@ -292,7 +292,7 @@ class fseditCmd(cmd.Cmd): else: size = args[1] - #set the last update timestamp to now + #set the last update time stamp to now ctime = time.time() cwd[A_CONTENTS].append( @@ -303,7 +303,7 @@ class fseditCmd(cmd.Cmd): print "Added '%s'" % path def do_rm(self, arguments): - '''Remove an object from the filesystem. + '''Remove an object from the file system. Will not remove a directory unless the -r switch is invoked.\n Usage: rm [-r] ''' @@ -474,7 +474,7 @@ class fseditCmd(cmd.Cmd): #Get the object for source srcl = getpath(self.fs, src) - #Get the ojbect for the source's parent + #Get the object for the source's parent srcparentl = getpath(self.fs, srcparent) #if the specified filepath is a directory, maintain the current name @@ -553,13 +553,13 @@ class fseditCmd(cmd.Cmd): print "Type help to get more information." def help_about(self): - print "Kippo stores information about its file systems in a " + \ + print "Kippo/Cowrie stores information about its file systems in a " + \ "series of nested lists. Once the lists are made, they are " + \ "stored in a pickle file on the hard drive. Every time cowrie " + \ "gets a new client, it reads from the pickle file and loads " + \ - "the fake filesystem into memory. By default this file " + \ + "the fake file system into memory. By default this file " + \ "is /opt/cowrie/data/fs.pickle. Originally the script " + \ - "/opt/cowrie/createfs.py was used to copy the filesystem " + \ + "/opt/cowrie/createfs.py was used to copy the file system " + \ "of the existing computer. However, it quite difficult to " + \ "edit the pickle file by hand.\n\nThis script strives to be " + \ "a bash-like interface that allows users to modify " + \ From d6661784bfc201eb5bdbddf40724b1684a2d32c3 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Fri, 11 Dec 2015 14:22:28 +0000 Subject: [PATCH 2/3] Create parent directory & multi folders with fsctl.py --- utils/fsctl.py | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/utils/fsctl.py b/utils/fsctl.py index c3a4461..f42beaa 100755 --- a/utils/fsctl.py +++ b/utils/fsctl.py @@ -1,21 +1,22 @@ #!/usr/bin/python -############################################################### +################################################################ # This program creates a command line interpreter used to edit # cowrie file system pickle files. # -# It is intended to mimic a basic bash shell and supports relative -# file references. +# It is intended to mimic a basic bash shell and supports +# relative file references. # -# This isn't meant to build a brand new file system. Instead it -# should be used to edit existing file systems such as the default -# /opt/cowrie/data/fs.pickle. +# Do not use to build a complete file system. Use: +# /opt/cowrie/utils/createfs.py +# Instead it should be used to edit existing file systems +# such as the default: /opt/cowrie/data/fs.pickle. # # Donovan Hubbard # Douglas Hubbard # March 2013 # -############################################################### +################################################################ import os, pickle, sys, locale, time, cmd from stat import * @@ -241,13 +242,14 @@ class fseditCmd(cmd.Cmd): def do_mkdir(self, args): """Add a new directory in the target directory. Handles relative or absolute file paths. \n - Usage: mkdir """ + Usage: mkdir ...""" arg_list=args.split() - if len(arg_list) != 1: - print "usage: mkdir " + if len(arg_list) < 1: + print "usage: mkdir ..." else: - self.mkfile(arg_list, T_DIR) + for arg in arg_list: + self.mkfile(arg.split(), T_DIR) def do_touch(self, args): """Add a new file in the target directory. @@ -270,10 +272,9 @@ class fseditCmd(cmd.Cmd): fileName = pathList[len(pathList) - 1] if not exists(self.fs, parentdir): - print ('Parent directory %s doesn\'t exist! ' + - 'Please create it first.') % \ + print ('Parent directory %s doesn\'t exist!') % \ (parentdir,) - return + self.mkfile(parentdir.split(), T_DIR) if exists(self.fs, path): print 'Error: %s already exists!' % (path,) From b789699ac1800166b01446ee3811501f9e4042d3 Mon Sep 17 00:00:00 2001 From: SecPascal Date: Fri, 11 Dec 2015 18:13:04 +0100 Subject: [PATCH 3/3] Don't fail on non-existing username in /etc/passwd The AuthRandom auth class accepts random usernames, which may not exist in /etc/passwd. --- cowrie/core/ssh.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/cowrie/core/ssh.py b/cowrie/core/ssh.py index ce2aa87..85fdae9 100644 --- a/cowrie/core/ssh.py +++ b/cowrie/core/ssh.py @@ -106,10 +106,15 @@ class CowrieUser(avatar.ConchUser): {"session": HoneyPotSSHSession, "direct-tcpip": CowrieOpenConnectForwardingClient}) - pwentry = pwd.Passwd(self.cfg).getpwnam(self.username) - self.uid = pwentry["pw_uid"] - self.gid = pwentry["pw_gid"] - self.home = pwentry["pw_dir"] + try: + pwentry = pwd.Passwd(self.cfg).getpwnam(self.username) + self.uid = pwentry["pw_uid"] + self.gid = pwentry["pw_gid"] + self.home = pwentry["pw_dir"] + except: + self.uid = 1001 + self.gid = 1001 + self.home = '/home' # Sftp support enabled only when option is explicitly set try: