Merge branch 'master' of http://www.github.com/micheloosterhof/cowrie

.travis.yml

@@ -19,7 +19,7 @@ before_script:
     - flake8 . --count --ignore=E3 --exit-zero --max-complexity=10 --max-line-length=127 --statistics
 #    - twistedchecker --pep8=y -d W9001,W9002 cowrie twisted.plugins
 #   Twistedchecker has some version issues, disable for now
-script: PYTHONPATH=${TRAVIS_BUILD_DIR} trial cowrie
+script: PYTHONPATH=${TRAVIS_BUILD_DIR}/src trial cowrie
 notifications:
   email: false
   slack:

CHANGELOG.md

@@ -1,3 +1,4 @@
+* 2018-07-21 source code has move to the src/ directory. Delete old directories twisted/cowrie with compiled code
 * 2018-06-29 txtcmds have been moved to share/cowrie/txtcmds
 * 2018-06-28 filesystem config entry has changed. please verify if you have custom entry or pickle file
 * 2018-06-23 fingerprint log message now holds KEX attributes and a unique fingerprint for the client

bin/cowrie

@@ -161,7 +161,15 @@ fi
 
 find_cowrie_directory $0
 cd ${COWRIEDIR}
-export PYTHONPATH=${PYTHONPATH}:${COWRIEDIR}
+export PYTHONPATH=${PYTHONPATH}:${COWRIEDIR}/src
+
+# This is for the move to src/ on 2018-07-21
+# It deletes old compiled python code
+# Can be removed at some time in the future
+for dir in ${COWRIEDIR}/twisted ${COWRIEDIR}/cowrie; do
+    [ -d ${dir} ] && find ${dir} -name '*pyc' | xargs rm -f
+done
+
 PIDFILE=var/run/cowrie.pid
 set -e
 

cowrie/commands/ifconfig.py

@@ -1,41 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright (c) 2014 Peter Reuterås <peter@reuteras.com>
-# See the COPYRIGHT file for more information
-
-from __future__ import division, absolute_import
-
-from cowrie.shell.command import HoneyPotCommand
-from random import randint
-
-HWaddr = "%02x:%02x:%02x:%02x:%02x:%02x" % (randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255))
-
-commands = {}
-
-class command_ifconfig(HoneyPotCommand):
-
-    def call(self):
-        l = """eth0      Link encap:Ethernet  HWaddr %s
-          inet addr:%s  Bcast:%s.255  Mask:255.255.255.0
-          inet6 addr: fe80::601:16ff:fedf:2d01/64 Scope:Link
-          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
-          RX packets:139435762 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:116082382 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:1000
-          RX bytes:102191499830 (102.1 GB)  TX bytes:68687923025 (68.6 GB)
-
-
-lo        Link encap:Local Loopback
-          inet addr:127.0.0.1  Mask:255.0.0.0
-          inet6 addr: ::1/128 Scope:Host
-          UP LOOPBACK RUNNING  MTU:65536  Metric:1
-          RX packets:110 errors:0 dropped:0 overruns:0 frame:0
-          TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
-          collisions:0 txqueuelen:0
-          RX bytes:19932 (19.9 KB)  TX bytes:19932 (19.9 KB)""" % \
-            (HWaddr, self.protocol.kippoIP,
-             self.protocol.kippoIP.rsplit('.', 1)[0])
-        self.write('{0}\n'.format(l))
-
-
-commands['/sbin/ifconfig'] = command_ifconfig
-commands['ifconfig'] = command_ifconfig

src/cowrie/commands/__init__.py

@@ -37,5 +37,6 @@ __all__ = [
     'perl',
     'uptime',
     'python',
-    'tftp'
+    'tftp',
+    'du'
 ]

src/cowrie/commands/du.py

@@ -0,0 +1,132 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2018 Danilo Vargas <danilo.vargas@csiete.org>
+# See the COPYRIGHT file for more information
+
+from __future__ import division, absolute_import
+
+from cowrie.shell.honeypot import HoneyPotCommand
+from cowrie.shell.fs import *
+import os
+
+commands = {}
+
+
+class command_du(HoneyPotCommand):
+
+    def message_help(self):
+        return """Usage: du [OPTION]... [FILE]...
+  or:  du [OPTION]... --files0-from=F
+Summarize disk usage of the set of FILEs, recursively for directories.
+
+Mandatory arguments to long options are mandatory for short options too.
+  -0, --null            end each output line with NUL, not newline
+  -a, --all             write counts for all files, not just directories
+      --apparent-size   print apparent sizes, rather than disk usage; although
+                          the apparent size is usually smaller, it may be
+                          larger due to holes in ('sparse') files, internal
+                          fragmentation, indirect blocks, and the like
+  -B, --block-size=SIZE  scale sizes by SIZE before printing them; e.g.,
+                           '-BM' prints sizes in units of 1,048,576 bytes;
+                           see SIZE format below
+  -b, --bytes           equivalent to '--apparent-size --block-size=1'
+  -c, --total           produce a grand total
+  -D, --dereference-args  dereference only symlinks that are listed on the
+                          command line
+  -d, --max-depth=N     print the total for a directory (or file, with --all)
+                          only if it is N or fewer levels below the command
+                          line argument;  --max-depth=0 is the same as
+                          --summarize
+      --files0-from=F   summarize disk usage of the
+                          NUL-terminated file names specified in file F;
+                          if F is -, then read names from standard input
+  -H                    equivalent to --dereference-args (-D)
+  -h, --human-readable  print sizes in human readable format (e.g., 1K 234M 2G)
+      --inodes          list inode usage information instead of block usage
+  -k                    like --block-size=1K
+  -L, --dereference     dereference all symbolic links
+  -l, --count-links     count sizes many times if hard linked
+  -m                    like --block-size=1M
+  -P, --no-dereference  don't follow any symbolic links (this is the default)
+  -S, --separate-dirs   for directories do not include size of subdirectories
+      --si              like -h, but use powers of 1000 not 1024
+  -s, --summarize       display only a total for each argument
+  -t, --threshold=SIZE  exclude entries smaller than SIZE if positive,
+                          or entries greater than SIZE if negative
+      --time            show time of the last modification of any file in the
+                          directory, or any of its subdirectories
+      --time=WORD       show time as WORD instead of modification time:
+                          atime, access, use, ctime or status
+      --time-style=STYLE  show times using STYLE, which can be:
+                            full-iso, long-iso, iso, or +FORMAT;
+                            FORMAT is interpreted like in 'date'
+  -X, --exclude-from=FILE  exclude files that match any pattern in FILE
+      --exclude=PATTERN    exclude files that match PATTERN
+  -x, --one-file-system    skip directories on different file systems
+      --help     display this help and exit
+      --version  output version information and exit
+
+Display values are in units of the first available SIZE from --block-size,
+and the DU_BLOCK_SIZE, BLOCK_SIZE and BLOCKSIZE environment variables.
+Otherwise, units default to 1024 bytes (or 512 if POSIXLY_CORRECT is set).
+
+The SIZE argument is an integer and optional unit (example: 10K is 10*1024).
+Units are K,M,G,T,P,E,Z,Y (powers of 1024) or KB,MB,... (powers of 1000).
+
+GNU coreutils online help: <http://www.gnu.org/software/coreutils/>
+Report du translation bugs to <http://translationproject.org/team/>
+Full documentation at: <http://www.gnu.org/software/coreutils/du>
+or available locally via: info '(coreutils) du invocation'\n"""
+
+    def call(self):
+        self.showHidden = False
+        self.showDirectories = False
+        path = self.protocol.cwd
+        args = self.args
+        if args:
+            if '-sh' == args[0]:
+                self.write('28K     .\n')
+            elif '--help' == args[0]:
+                self.write(self.message_help())
+            else:
+                self.du_show(path)
+        else:
+            self.du_show(path, all=True)
+
+    def du_show(self, path, all=False):
+        try:
+            if self.protocol.fs.isdir(path) and self.showDirectories == False:
+                files = self.protocol.fs.get_path(path)[:]
+                if self.showHidden:
+                    dot = self.protocol.fs.getfile(path)[:]
+                    dot[A_NAME] = '.'
+                    files.append(dot)
+                    # FIXME: should grab dotdot off the parent instead
+                    dotdot = self.protocol.fs.getfile(path)[:]
+                    dotdot[A_NAME] = '..'
+                    files.append(dotdot)
+                else:
+                    files = [x for x in files if not x[A_NAME].startswith('.')]
+                files.sort()
+            else:
+                files = (self.protocol.fs.getfile(path)[:],)
+        except:
+            self.write(
+                'ls: cannot access %s: No such file or directory\n' % (path,))
+            return
+
+        filenames = [x[A_NAME] for x in files]
+        if not filenames:
+            return
+        for filename in filenames:
+            if all:
+                isdir = self.protocol.fs.isdir(os.path.join(path, filename))
+                if isdir:
+                    filename = "4       ./{0}\n".format(filename)
+                    self.write(filename)
+            else:
+                filename = "4       {0}\n".format(filename)
+                self.write(filename)
+        if all:
+            self.write("36      .\n")
+
+commands['du'] = command_du

src/cowrie/commands/ifconfig.py

@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+# Copyright (c) 2014 Peter Reuterås <peter@reuteras.com>
+# See the COPYRIGHT file for more information
+
+from __future__ import division, absolute_import
+
+from cowrie.shell.command import HoneyPotCommand
+from random import randrange, randint
+
+HWaddr = "%02x:%02x:%02x:%02x:%02x:%02x" % (randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255), randint(0, 255))
+
+inet6 = "fe%02x::%02x:%02xff:fe%02x:%02x01/64" % (randint(0, 255), randrange(111, 888), randint(0, 255), randint(0, 255), randint(0, 255))
+
+commands = {}
+
+
+class command_ifconfig(HoneyPotCommand):
+
+    @staticmethod
+    def generate_packets():
+        return randrange(222222, 555555)
+
+    @staticmethod
+    def convert_bytes_to_mx(bytes_eth0):
+        mb = float(bytes_eth0) / 1000 / 1000
+        return "{0:.1f}".format(mb)
+
+    def calculate_rx(self):
+        rx_bytes = randrange(111111111, 555555555)
+        return rx_bytes, self.convert_bytes_to_mx(rx_bytes)
+
+    def calculate_tx(self):
+        rx_bytes = randrange(11111111, 55555555)
+        return rx_bytes, self.convert_bytes_to_mx(rx_bytes)
+
+    def calculate_lo(self):
+        lo_bytes = randrange(11111111, 55555555)
+        return lo_bytes, self.convert_bytes_to_mx(lo_bytes)
+
+    def call(self):
+        rx_bytes_eth0, rx_mb_eth0 = self.calculate_rx()
+        tx_bytes_eth0, tx_mb_eth0 = self.calculate_tx()
+        lo_bytes, lo_mb = self.calculate_lo()
+        rx_packets = self.generate_packets()
+        tx_packets = self.generate_packets()
+        l = """eth0      Link encap:Ethernet  HWaddr %s
+          inet addr:%s  Bcast:%s.255  Mask:255.255.255.0
+          inet6 addr: %s Scope:Link
+          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
+          RX packets:%s errors:0 dropped:0 overruns:0 frame:0
+          TX packets:%s errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:1000
+          RX bytes:%s (%s MB)  TX bytes:%s (%s GB)
+
+
+lo        Link encap:Local Loopback
+          inet addr:127.0.0.1  Mask:255.0.0.0
+          inet6 addr: ::1/128 Scope:Host
+          UP LOOPBACK RUNNING  MTU:65536  Metric:1
+          RX packets:110 errors:0 dropped:0 overruns:0 frame:0
+          TX packets:110 errors:0 dropped:0 overruns:0 carrier:0
+          collisions:0 txqueuelen:0
+          RX bytes:%s (%s KB)  TX bytes:19932 (19.9 KB)""" % \
+            (HWaddr, self.protocol.kippoIP,
+             self.protocol.kippoIP.rsplit('.', 1)[0], inet6, rx_packets,
+             tx_packets, rx_bytes_eth0, rx_mb_eth0, tx_bytes_eth0, tx_mb_eth0,
+             )
+        self.write('{0}\n'.format(l))
+
+
+commands['/sbin/ifconfig'] = command_ifconfig
+commands['ifconfig'] = command_ifconfig