cowrie/cowrie
1
0
Fork 0
mirror of https://github.com/cowrie/cowrie.git synced 2025-07-01 18:07:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Remove empty tftp files, double logging fix (#430)

Browse Source 
* Remove empty tftp files, double logging fix

* Remove duplicate of os.symlink() call, add transportID, sessionID to safeoutfile name

* Remove empty file in case of exception
This commit is contained in:
fe7ch
2017-01-28 10:55:14 +03:00
committed by Michel Oosterhof
parent fbf2dbaf3c
commit 8307b86e4d
1 changed files with 33 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
cowrie/commands/tftp.py
View File

@ -56,10 +56,12 @@ class command_tftp(HoneyPotCommand):
self.download_path = cfg.get('honeypot', 'download_path') self.download_path = cfg.get('honeypot', 'download_path')
self.safeoutfile = '%s/%s_%s' % \ tmp_fname = '%s_%s_%s_%s' % \
(self.download_path, (time.strftime('%Y%m%d%H%M%S'),
time.strftime('%Y%m%d%H%M%S'), self.protocol.getProtoTransport().transportId,
self.protocol.terminal.transport.session.id,
re.sub('[^A-Za-z0-9]', '_', self.file_to_get)) re.sub('[^A-Za-z0-9]', '_', self.file_to_get))
self.safeoutfile = os.path.join(self.download_path, tmp_fname)
try: try:
tclient.download(self.file_to_get, self.safeoutfile, progresshook) tclient.download(self.file_to_get, self.safeoutfile, progresshook)
@ -67,8 +69,16 @@ class command_tftp(HoneyPotCommand):
self.fs.mkfile(self.file_to_get, 0, 0, tclient.context.metrics.bytes, 33188) self.fs.mkfile(self.file_to_get, 0, 0, tclient.context.metrics.bytes, 33188)
self.fs.update_realfile(self.fs.getfile(self.file_to_get), self.safeoutfile) self.fs.update_realfile(self.fs.getfile(self.file_to_get), self.safeoutfile)
shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest() if os.path.exists(self.safeoutfile):
hash_path = '%s/%s' % (self.download_path, shasum)
if os.path.getsize(self.safeoutfile) == 0:
os.remove(self.safeoutfile)
self.safeoutfile = None
return
with open(self.safeoutfile, 'rb') as f:
shasum = hashlib.sha256(f.read()).hexdigest()
hash_path = os.path.join(self.download_path, shasum)
# If we have content already, delete temp file # If we have content already, delete temp file
if not os.path.exists(hash_path): if not os.path.exists(hash_path):
@ -86,19 +96,14 @@ class command_tftp(HoneyPotCommand):
# Link friendly name to hash # Link friendly name to hash
os.symlink(shasum, self.safeoutfile) os.symlink(shasum, self.safeoutfile)
# FIXME: is this necessary?
self.safeoutfile = hash_path
# Update the honeyfs to point to downloaded file # Update the honeyfs to point to downloaded file
f = self.fs.getfile(self.file_to_get) f = self.fs.getfile(self.file_to_get)
f[A_REALFILE] = hash_path f[A_REALFILE] = hash_path
log.msg(eventid='cowrie.session.file_download',
format='Downloaded tftpFile to %(outfile)s',
outfile=self.safeoutfile
)
except tftpy.TftpException, err: except tftpy.TftpException, err:
if os.path.exists(self.safeoutfile):
if os.path.getsize(self.safeoutfile) == 0:
os.remove(self.safeoutfile)
return return
except KeyboardInterrupt: except KeyboardInterrupt: