cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

remove environment. a few other optimizations. better cleanup

Browse Source
This commit is contained in:
Michel Oosterhof
2015-11-04 23:32:28 +04:00
parent 629d4da24e
commit 1387cb878e
5 changed files with 56 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cowrie/core/honeypot.py
View File

@ -11,6 +11,7 @@ from twisted.python import log
from . import fs
class HoneyPotCommand(object):
def __init__(self, protocol, *args):
self.protocol = protocol
self.args = args
@ -25,7 +26,7 @@ class HoneyPotCommand(object):
self.exit()
def call(self):
self.protocol.writeln('Hello World! [%s]' % (repr(self.args),))
self.writeln('Hello World! [%s]' % (repr(self.args),))
def exit(self):
self.protocol.cmdstack.pop()
@ -258,17 +259,3 @@ class HoneyPotShell(object):
self.protocol.lineBufferIndex = len(self.protocol.lineBuffer)
self.protocol.terminal.write(newbuf)
class HoneyPotEnvironment(object):
"""
"""
def __init__(self, cfg):
self.cfg = cfg
self.commands = {}
import cowrie.commands
for c in cowrie.commands.__all__:
module = __import__('cowrie.commands.%s' % (c,),
globals(), locals(), ['commands'])
self.commands.update(module.commands)
# vim: set sw=4 et:

41
cowrie/core/protocol.py
View File

@ -16,18 +16,26 @@ from . import ttylog
from . import utils
class HoneyPotBaseProtocol(insults.TerminalProtocol, TimeoutMixin):
def __init__(self, avatar):
self.user = avatar
self.env = avatar.env
self.cfg = self.env.cfg
self.cfg = self.user.cfg
self.hostname = avatar.server.hostname
self.fs = avatar.server.fs
if self.fs.exists(avatar.home):
self.cwd = avatar.home
else:
self.cwd = '/'
# commands is also a copy so we can add stuff on the fly
self.commands = copy.copy(self.env.commands)
# self.commands = copy.copy(self.commands)
self.commands = {}
import cowrie.commands
for c in cowrie.commands.__all__:
module = __import__('cowrie.commands.%s' % (c,),
globals(), locals(), ['commands'])
self.commands.update(module.commands)
self.password_input = False
self.cmdstack = []
@ -54,14 +62,14 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol, TimeoutMixin):
if self.cfg.has_option('honeypot', 'internet_facing_ip'):
self.kippoIP = self.cfg.get('honeypot', 'internet_facing_ip')
else:
# Hack to get ip
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("8.8.8.8", 80))
self.kippoIP = s.getsockname()[0]
s.close()
except:
self.kippoIP = '192.168.0.1'
finally:
s.close()
def timeoutConnection(self):
self.writeln( 'timed out waiting for input: auto-logout' )
@ -69,13 +77,16 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol, TimeoutMixin):
self.terminal.transport.session.sendClose()
# this is only called on explicit logout, not on disconnect
# this indicates the closing of the channel/session, not the closing of the connection
# this indicates the closing of the channel/session, not the closing of the transport
def connectionLost(self, reason):
pass
# not sure why i need to do this:
# scratch that, these don't seem to be necessary anymore:
#del self.fs
#del self.commands
self.terminal = None # (this should be done by super below)
insults.TerminalProtocol.connectionLost(self, reason)
self.cmdstack = None
del self.commands
self.fs = None
self.cfg = None
self.user = None
log.msg( "honeypot terminal protocol connection lost %s" % reason)
def txtcmd(self, txt):
class command_txtcmd(honeypot.HoneyPotCommand):
@ -103,7 +114,7 @@ class HoneyPotBaseProtocol(insults.TerminalProtocol, TimeoutMixin):
path = i
break
txt = os.path.normpath('%s/%s' % \
(self.env.cfg.get('honeypot', 'txtcmds_path'), path))
(self.cfg.get('honeypot', 'txtcmds_path'), path))
if os.path.exists(txt) and os.path.isfile(txt):
return self.txtcmd(txt)
if path in self.commands:
@ -153,6 +164,7 @@ class HoneyPotExecProtocol(HoneyPotBaseProtocol):
self.cmdstack = [honeypot.HoneyPotShell(self, interactive=False)]
self.cmdstack[0].lineReceived(self.execcmd)
class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLine):
def __init__(self, avatar):
@ -195,7 +207,7 @@ class HoneyPotInteractiveProtocol(HoneyPotBaseProtocol, recvline.HistoricRecvLin
endtime = time.strftime('%H:%M',
time.localtime(time.time()))
duration = utils.durationHuman(time.time() - self.logintime)
f = file('%s/lastlog.txt' % self.env.cfg.get('honeypot', 'data_path'), 'a')
f = file('%s/lastlog.txt' % self.cfg.get('honeypot', 'data_path'), 'a')
f.write('root\tpts/0\t%s\t%s - %s (%s)\n' % \
(self.clientIP, starttime, endtime, duration))
f.close()
@ -312,7 +324,8 @@ class LoggingServerProtocol(insults.ServerProtocol):
# FIXME: this method is called 4 times on logout....
# it's called once from Avatar.closed() if disconnected
def connectionLost(self, reason):
# log.msg("received call to LSP.connectionLost")
self.cfg = None
log.msg("received call to LSP.connectionLost")
transport = self.transport.session.conn.transport
if self.ttylog_open:
log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s',

22
cowrie/core/realm.py
View File

@ -44,23 +44,25 @@ class HoneyPotRealm:
def __init__(self, cfg):
self.cfg = cfg
self.servers = {}
# self.servers = {}
def requestAvatar(self, avatarId, mind, *interfaces):
if mind in self.servers:
log.msg( "Using existing server for mind %s" % mind )
else:
log.msg( "Starting new server for mind %s" % mind )
self.servers[mind] = _server = server.CowrieServer(self.cfg)
# if mind in self.servers:
# log.msg( "Using existing server for mind %s" % mind )
# for i in self.servers[mind].avatars:
# log.msg( "attached avatar: %s" % repr(i) )
#else:
# log.msg( "Starting new server for mind %s" % mind )
# self.servers[mind] = server.CowrieServer(self.cfg)
for i in list(self.servers.keys()):
log.msg( "REFCOUNT: key: %s, refcount %d" % ( i, sys.getrefcount(self.servers[i])))
log.msg( "Refer: %s" % repr( gc.get_referrers(self.servers[i])))
# for i in list(self.servers.keys()):
# log.msg( "REFCOUNT: key: %s, refcount %d" % ( i, sys.getrefcount(self.servers[i])))
# log.msg( "Refer: %s" % repr( gc.get_referrers(self.servers[i])))
if conchinterfaces.IConchUser in interfaces:
return interfaces[0], \
ssh.HoneyPotAvatar(avatarId, self.servers[mind]), lambda: None
ssh.HoneyPotAvatar(avatarId, server.CowrieServer(self.cfg)), lambda:None
else:
raise Exception("No supported interfaces found.")

8
cowrie/core/server.py
View File

@ -26,7 +26,6 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
import copy
import pickle
import twisted.python.log as log
@ -45,9 +44,8 @@ class CowrieServer:
"""
def __init__(self, cfg):
self.cfg = cfg
self.env = honeypot.HoneyPotEnvironment(cfg)
self.avatars = []
self.hostname = self.cfg.get('honeypot', 'hostname')
log.msg ("Loading pickle file...")
self.pickle = pickle.load(file(cfg.get('honeypot', 'filesystem_file'), 'rb'))
self.fs = fs.HoneyPotFilesystem(self.pickle,self.cfg)
pckl = pickle.load(file(cfg.get('honeypot', 'filesystem_file'), 'rb'))
self.fs = fs.HoneyPotFilesystem(pckl,self.cfg)

20
cowrie/core/ssh.py
View File

@ -39,9 +39,8 @@ class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
if self.bannerSent:
return
self.bannerSent = True
cfg = self.portal.realm.cfg
try:
honeyfs = cfg.get('honeypot', 'contents_path')
honeyfs = self.portal.realm.cfg.get('honeypot', 'contents_path')
issuefile = honeyfs + "/etc/issue.net"
data = file(issuefile).read()
except IOError:
@ -91,7 +90,7 @@ class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
Convert a list of PAM authentication questions into a
MSG_USERAUTH_INFO_REQUEST. Returns a Deferred that will be called
back when the user has responses to the questions.
@param items: a list of 2-tuples (message, kind). We only care about
kinds 1 (password) and 2 (text).
@type items: C{list}
@ -129,7 +128,7 @@ class HoneyPotSSHUserAuthServer(userauth.SSHUserAuthServer):
string response n
"""
d, self._pamDeferred = self._pamDeferred, None
try:
resp = []
numResps = struct.unpack('>L', packet[:4])[0]
@ -219,6 +218,8 @@ class HoneyPotSSHFactory(factory.SSHFactory):
@return: The built transport.
"""
log.msg(" MICHEL: currently open session %s" % self.sessions )
_modulis = '/etc/ssh/moduli', '/private/etc/moduli'
# FIXME: try to mimic something real 100%
@ -343,6 +344,8 @@ class HoneyPotTransport(transport.SSHServerTransport):
if self.transport.sessionno in self.factory.sessions:
del self.factory.sessions[self.transport.sessionno]
transport.SSHServerTransport.connectionLost(self, reason)
self.transport.connectionLost(reason)
self.transport = None
log.msg(eventid='KIPP0011', format='Connection lost')
def sendDisconnect(self, reason, desc):
@ -418,18 +421,18 @@ class HoneyPotAvatar(avatar.ConchUser):
self.username = username
self.server = server
self.cfg = self.server.cfg
self.env = self.server.env
self.protocol = None
self.IAMAVATAR = server
self.channelLookup.update({'session': HoneyPotSSHSession})
self.channelLookup['direct-tcpip'] = CowrieOpenConnectForwardingClient
# sftp support enabled only when option is explicitly set
if self.env.cfg.has_option('honeypot', 'sftp_enabled'):
if (self.env.cfg.get('honeypot', 'sftp_enabled') == "true"):
if self.cfg.has_option('honeypot', 'sftp_enabled'):
if (self.cfg.get('honeypot', 'sftp_enabled') == "true"):
self.subsystemLookup['sftp'] = filetransfer.FileTransferServer
self.uid = self.gid = auth.UserDB(self.env.cfg).getUID(self.username)
self.uid = self.gid = auth.UserDB(self.cfg).getUID(self.username)
if not self.uid:
self.home = '/root'
else:
@ -465,6 +468,7 @@ class HoneyPotAvatar(avatar.ConchUser):
def closed(self):
if self.protocol:
self.protocol.connectionLost("disconnected")
self.protocol = None
def eofReceived(self):
pass