cowrie/src/cowrie/ssh_proxy/protocols/exec_term.py

# Copyright (c) 2016 Thomas Nicholson <tnnich@googlemail.com>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in the
#    documentation and/or other materials provided with the distribution.
# 3. The names of the author(s) may not be used to endorse or promote
#    products derived from this software without specific prior written
#    permission.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

import os
import time

from twisted.python import log

from cowrie.core import ttylog
from cowrie.core.config import CowrieConfig
from cowrie.ssh_proxy.protocols import base_protocol


class ExecTerm(base_protocol.BaseProtocol):
    def __init__(self, uuid, channelName, ssh, channelId, command):
        super().__init__(uuid, channelName, ssh)

        try:
            log.msg(
                eventid="cowrie.command.input",
                input=command.decode("utf8"),
                format="CMD: %(input)s",
            )
        except UnicodeDecodeError:
            log.err("Unusual execcmd: {}".format(repr(command)))

        self.transportId = ssh.server.transportId
        self.channelId = channelId

        self.startTime: float = time.time()
        self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path")
        self.ttylogEnabled: bool = CowrieConfig.getboolean(
            "honeypot", "ttylog", fallback=True
        )
        self.ttylogSize: bool = 0

        if self.ttylogEnabled:
            self.ttylogFile = "{}/{}-{}-{}e.log".format(
                self.ttylogPath,
                time.strftime("%Y%m%d-%H%M%S"),
                self.transportId,
                self.channelId,
            )
            ttylog.ttylog_open(self.ttylogFile, self.startTime)

    def parse_packet(self, parent, payload):
        if self.ttylogEnabled:
            ttylog.ttylog_write(
                self.ttylogFile, len(payload), ttylog.TYPE_OUTPUT, time.time(), payload
            )
            self.ttylogSize += len(payload)

    def channel_closed(self):
        if self.ttylogEnabled:
            ttylog.ttylog_close(self.ttylogFile, time.time())
            shasum = ttylog.ttylog_inputhash(self.ttylogFile)
            shasumfile = os.path.join(self.ttylogPath, shasum)

            if os.path.exists(shasumfile):
                duplicate = True
                os.remove(self.ttylogFile)
            else:
                duplicate = False
                os.rename(self.ttylogFile, shasumfile)
                umask = os.umask(0)
                os.umask(umask)
                os.chmod(shasumfile, 0o666 & ~umask)

            log.msg(
                eventid="cowrie.log.closed",
                format="Closing TTY Log: %(ttylog)s after %(duration)d seconds",
                ttylog=shasumfile,
                size=self.ttylogSize,
                shasum=shasum,
                duplicate=duplicate,
                duration=time.time() - self.startTime,
            )
Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00			`# Copyright (c) 2016 Thomas Nicholson <tnnich@googlemail.com>`
			`# All rights reserved.`
			`#`
			`# Redistribution and use in source and binary forms, with or without`
			`# modification, are permitted provided that the following conditions`
			`# are met:`
			`#`
			`# 1. Redistributions of source code must retain the above copyright`
			`# notice, this list of conditions and the following disclaimer.`
			`# 2. Redistributions in binary form must reproduce the above copyright`
			`# notice, this list of conditions and the following disclaimer in the`
			`# documentation and/or other materials provided with the distribution.`
			`# 3. The names of the author(s) may not be used to endorse or promote`
			`# products derived from this software without specific prior written`
			`# permission.`
			`#`
			# THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
			`# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES`
			`# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.`
			`# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, INDIRECT,`
			`# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,`
			`# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;`
			`# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED`
			`# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,`
			`# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY`
			`# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF`
			`# SUCH DAMAGE.`

			`import os`
			`import time`

			`from twisted.python import log`

			`from cowrie.core import ttylog`
			`from cowrie.core.config import CowrieConfig`
			`from cowrie.ssh_proxy.protocols import base_protocol`


			`class ExecTerm(base_protocol.BaseProtocol):`
			`def __init__(self, uuid, channelName, ssh, channelId, command):`
upgrade to python3.6+ syntax using `pyupgrade --py36-plus` (#1502) 2021-03-01 11:01:03 +08:00			`super().__init__(uuid, channelName, ssh)`
Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00
Commands should be decoded as utf8 (#1477) Co-authored-by: Michel Oosterhof <micheloosterhof@users.noreply.github.com> 2021-04-26 15:52:14 +02:00			`try:`
26apr (#1552) * typing * clean also cleans docs/ * ignore twistedchecker exit code * twistedchecker fixes * update docs. add copy button * add missing $ prompts * updated copyright * isort * remove flake8-import order. config flake8/isort/black * remove import order * docs restructure * should pick up settings from setup.cfg * put conversion code back in. JSON encoding needs it 2021-05-03 23:42:25 +08:00			`log.msg(`
			`eventid="cowrie.command.input",`
			`input=command.decode("utf8"),`
			`format="CMD: %(input)s",`
			`)`
Commands should be decoded as utf8 (#1477) Co-authored-by: Michel Oosterhof <micheloosterhof@users.noreply.github.com> 2021-04-26 15:52:14 +02:00			`except UnicodeDecodeError:`
			`log.err("Unusual execcmd: {}".format(repr(command)))`

Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00			`self.transportId = ssh.server.transportId`
			`self.channelId = channelId`

9may (#1560) * fix MySQL error handling * fix tar command * type hinting for proxy 2021-05-14 15:43:28 +08:00			`self.startTime: float = time.time()`
			`self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path")`
			`self.ttylogEnabled: bool = CowrieConfig.getboolean(`
blackify. (#1518) Use black coding standard. Update flake8 configuration with new settings. 2021-03-26 00:16:42 +08:00			`"honeypot", "ttylog", fallback=True`
			`)`
9may (#1560) * fix MySQL error handling * fix tar command * type hinting for proxy 2021-05-14 15:43:28 +08:00			`self.ttylogSize: bool = 0`
Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00
			`if self.ttylogEnabled:`
blackify. (#1518) Use black coding standard. Update flake8 configuration with new settings. 2021-03-26 00:16:42 +08:00			`self.ttylogFile = "{}/{}-{}-{}e.log".format(`
			`self.ttylogPath,`
			`time.strftime("%Y%m%d-%H%M%S"),`
			`self.transportId,`
			`self.channelId,`
			`)`
Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00			`ttylog.ttylog_open(self.ttylogFile, self.startTime)`

			`def parse_packet(self, parent, payload):`
			`if self.ttylogEnabled:`
blackify. (#1518) Use black coding standard. Update flake8 configuration with new settings. 2021-03-26 00:16:42 +08:00			`ttylog.ttylog_write(`
			`self.ttylogFile, len(payload), ttylog.TYPE_OUTPUT, time.time(), payload`
			`)`
Add an SSH proxy for Cowrie (#1154) * add SSH proxy 2019-06-29 10:20:26 +01:00			`self.ttylogSize += len(payload)`

			`def channel_closed(self):`
			`if self.ttylogEnabled:`
			`ttylog.ttylog_close(self.ttylogFile, time.time())`
			`shasum = ttylog.ttylog_inputhash(self.ttylogFile)`
			`shasumfile = os.path.join(self.ttylogPath, shasum)`

			`if os.path.exists(shasumfile):`
			`duplicate = True`
			`os.remove(self.ttylogFile)`
			`else:`
			`duplicate = False`
			`os.rename(self.ttylogFile, shasumfile)`
			`umask = os.umask(0)`
			`os.umask(umask)`
			`os.chmod(shasumfile, 0o666 & ~umask)`

blackify. (#1518) Use black coding standard. Update flake8 configuration with new settings. 2021-03-26 00:16:42 +08:00			`log.msg(`
			`eventid="cowrie.log.closed",`
			`format="Closing TTY Log: %(ttylog)s after %(duration)d seconds",`
			`ttylog=shasumfile,`
			`size=self.ttylogSize,`
			`shasum=shasum,`
			`duplicate=duplicate,`
			`duration=time.time() - self.startTime,`
			`)`