2014-08-09 20:48:34 +00:00
|
|
|
# Copyright (c) 2009-2014 Upi Tamminen <desaster@gmail.com>
|
2009-11-22 07:07:58 +00:00
|
|
|
# See the COPYRIGHT file for more information
|
|
|
|
|
|
2013-02-04 11:44:42 +00:00
|
|
|
import twisted
|
2009-11-22 07:07:58 +00:00
|
|
|
from copy import deepcopy, copy
|
2014-08-13 05:19:51 +00:00
|
|
|
import os
|
2014-08-09 20:48:34 +00:00
|
|
|
import shlex
|
2009-11-22 07:07:58 +00:00
|
|
|
|
2014-08-09 20:48:34 +00:00
|
|
|
from kippo.core import fs
|
2009-11-22 07:07:58 +00:00
|
|
|
from kippo.core.config import config
|
2014-08-09 20:48:34 +00:00
|
|
|
import kippo.core.exceptions
|
|
|
|
|
from kippo import core
|
2014-08-09 16:19:05 +00:00
|
|
|
|
2014-08-09 20:48:34 +00:00
|
|
|
import pickle
|
2011-01-17 12:15:24 +00:00
|
|
|
|
2009-11-22 07:07:58 +00:00
|
|
|
class HoneyPotCommand(object):
|
|
|
|
|
def __init__(self, honeypot, *args):
|
|
|
|
|
self.honeypot = honeypot
|
|
|
|
|
self.args = args
|
|
|
|
|
self.writeln = self.honeypot.writeln
|
|
|
|
|
self.write = self.honeypot.terminal.write
|
|
|
|
|
self.nextLine = self.honeypot.terminal.nextLine
|
|
|
|
|
self.fs = self.honeypot.fs
|
|
|
|
|
|
|
|
|
|
def start(self):
|
|
|
|
|
self.call()
|
|
|
|
|
self.exit()
|
|
|
|
|
|
|
|
|
|
def call(self):
|
|
|
|
|
self.honeypot.writeln('Hello World! [%s]' % repr(self.args))
|
|
|
|
|
|
|
|
|
|
def exit(self):
|
|
|
|
|
self.honeypot.cmdstack.pop()
|
|
|
|
|
self.honeypot.cmdstack[-1].resume()
|
|
|
|
|
|
|
|
|
|
def ctrl_c(self):
|
|
|
|
|
print 'Received CTRL-C, exiting..'
|
|
|
|
|
self.writeln('^C')
|
|
|
|
|
self.exit()
|
|
|
|
|
|
|
|
|
|
def lineReceived(self, line):
|
|
|
|
|
print 'INPUT: %s' % line
|
|
|
|
|
|
|
|
|
|
def resume(self):
|
|
|
|
|
pass
|
|
|
|
|
|
2011-02-05 18:44:00 +00:00
|
|
|
def handle_TAB(self):
|
|
|
|
|
pass
|
|
|
|
|
|
2009-11-22 07:07:58 +00:00
|
|
|
class HoneyPotShell(object):
|
2014-08-09 15:29:17 +00:00
|
|
|
def __init__(self, honeypot, interactive = True):
|
2009-11-22 07:07:58 +00:00
|
|
|
self.honeypot = honeypot
|
2014-08-09 15:29:17 +00:00
|
|
|
self.interactive = interactive
|
2009-11-22 07:07:58 +00:00
|
|
|
self.showPrompt()
|
2009-11-24 18:52:19 +00:00
|
|
|
self.cmdpending = []
|
2010-04-28 20:02:15 +00:00
|
|
|
self.envvars = {
|
|
|
|
|
'PATH': '/bin:/usr/bin:/sbin:/usr/sbin',
|
|
|
|
|
}
|
2009-11-22 07:07:58 +00:00
|
|
|
|
|
|
|
|
def lineReceived(self, line):
|
|
|
|
|
print 'CMD: %s' % line
|
2014-05-18 16:53:32 +00:00
|
|
|
line = line[:500]
|
|
|
|
|
for i in [x.strip() for x in line.strip().split(';')[:10]]:
|
2009-11-24 18:52:19 +00:00
|
|
|
if not len(i):
|
|
|
|
|
continue
|
|
|
|
|
self.cmdpending.append(i)
|
|
|
|
|
if len(self.cmdpending):
|
|
|
|
|
self.runCommand()
|
|
|
|
|
else:
|
|
|
|
|
self.showPrompt()
|
|
|
|
|
|
|
|
|
|
def runCommand(self):
|
2010-10-25 14:11:55 +00:00
|
|
|
def runOrPrompt():
|
|
|
|
|
if len(self.cmdpending):
|
|
|
|
|
self.runCommand()
|
|
|
|
|
else:
|
|
|
|
|
self.showPrompt()
|
|
|
|
|
|
2009-11-24 18:52:19 +00:00
|
|
|
if not len(self.cmdpending):
|
2014-08-09 16:19:05 +00:00
|
|
|
if self.interactive:
|
|
|
|
|
self.showPrompt()
|
|
|
|
|
else:
|
|
|
|
|
self.honeypot.terminal.transport.loseConnection()
|
2009-11-22 07:07:58 +00:00
|
|
|
return
|
2014-08-09 16:19:05 +00:00
|
|
|
|
2010-06-08 19:13:09 +00:00
|
|
|
line = self.cmdpending.pop(0)
|
2009-11-22 07:07:58 +00:00
|
|
|
try:
|
2010-06-08 19:13:09 +00:00
|
|
|
cmdAndArgs = shlex.split(line)
|
2009-11-22 07:07:58 +00:00
|
|
|
except:
|
|
|
|
|
self.honeypot.writeln(
|
2014-06-01 13:27:51 +00:00
|
|
|
'bash: syntax error: unexpected end of file')
|
2009-11-24 18:52:19 +00:00
|
|
|
# could run runCommand here, but i'll just clear the list instead
|
|
|
|
|
self.cmdpending = []
|
2009-11-22 07:07:58 +00:00
|
|
|
self.showPrompt()
|
|
|
|
|
return
|
2010-04-28 20:02:15 +00:00
|
|
|
|
|
|
|
|
# probably no reason to be this comprehensive for just PATH...
|
|
|
|
|
envvars = copy(self.envvars)
|
2010-10-25 14:11:55 +00:00
|
|
|
cmd = None
|
2010-04-28 20:02:15 +00:00
|
|
|
while len(cmdAndArgs):
|
2010-10-25 14:11:55 +00:00
|
|
|
piece = cmdAndArgs.pop(0)
|
|
|
|
|
if piece.count('='):
|
|
|
|
|
key, value = piece.split('=', 1)
|
2010-04-28 20:02:15 +00:00
|
|
|
envvars[key] = value
|
|
|
|
|
continue
|
2010-10-25 14:11:55 +00:00
|
|
|
cmd = piece
|
2010-04-28 20:02:15 +00:00
|
|
|
break
|
|
|
|
|
args = cmdAndArgs
|
|
|
|
|
|
2010-10-25 14:11:55 +00:00
|
|
|
if not cmd:
|
|
|
|
|
runOrPrompt()
|
|
|
|
|
return
|
|
|
|
|
|
2009-11-24 21:35:51 +00:00
|
|
|
rargs = []
|
|
|
|
|
for arg in args:
|
|
|
|
|
matches = self.honeypot.fs.resolve_path_wc(arg, self.honeypot.cwd)
|
|
|
|
|
if matches:
|
|
|
|
|
rargs.extend(matches)
|
|
|
|
|
else:
|
|
|
|
|
rargs.append(arg)
|
2010-04-28 20:02:15 +00:00
|
|
|
cmdclass = self.honeypot.getCommand(cmd, envvars['PATH'].split(':'))
|
2009-11-22 07:07:58 +00:00
|
|
|
if cmdclass:
|
2010-06-08 19:13:09 +00:00
|
|
|
print 'Command found: %s' % (line,)
|
2011-02-06 09:04:44 +00:00
|
|
|
self.honeypot.logDispatch('Command found: %s' % (line,))
|
2010-05-08 20:38:09 +00:00
|
|
|
self.honeypot.call_command(cmdclass, *rargs)
|
2009-11-22 07:07:58 +00:00
|
|
|
else:
|
2011-02-06 09:04:44 +00:00
|
|
|
self.honeypot.logDispatch('Command not found: %s' % (line,))
|
2010-06-08 19:13:09 +00:00
|
|
|
print 'Command not found: %s' % (line,)
|
|
|
|
|
if len(line):
|
2009-11-22 07:07:58 +00:00
|
|
|
self.honeypot.writeln('bash: %s: command not found' % cmd)
|
2010-10-25 14:11:55 +00:00
|
|
|
runOrPrompt()
|
2009-11-22 07:07:58 +00:00
|
|
|
|
|
|
|
|
def resume(self):
|
2014-08-09 15:29:17 +00:00
|
|
|
if self.interactive:
|
|
|
|
|
self.honeypot.setInsertMode()
|
2009-11-24 18:52:19 +00:00
|
|
|
self.runCommand()
|
2009-11-22 07:07:58 +00:00
|
|
|
|
|
|
|
|
def showPrompt(self):
|
2014-08-09 16:19:05 +00:00
|
|
|
if not self.interactive:
|
2014-06-01 10:30:26 +00:00
|
|
|
return
|
2014-08-09 12:37:58 +00:00
|
|
|
# Example: srv03:~#
|
2014-05-29 07:38:43 +00:00
|
|
|
#prompt = '%s:%%(path)s' % self.honeypot.hostname
|
2014-06-01 13:16:48 +00:00
|
|
|
# Example: root@svr03:~# (More of a "Debianu" feel)
|
2014-05-29 07:38:43 +00:00
|
|
|
prompt = '%s@%s:%%(path)s' % (self.honeypot.user.username, self.honeypot.hostname,)
|
2014-06-01 13:16:48 +00:00
|
|
|
# Example: [root@svr03 ~]# (More of a "CentOS" feel)
|
2014-05-29 07:38:43 +00:00
|
|
|
#prompt = '[%s@%s %%(path)s]' % (self.honeypot.user.username, self.honeypot.hostname,)
|
2011-02-05 21:53:54 +00:00
|
|
|
if not self.honeypot.user.uid:
|
2014-05-29 07:38:43 +00:00
|
|
|
prompt += '# ' # "Root" user
|
2011-02-05 21:53:54 +00:00
|
|
|
else:
|
2014-05-29 07:38:43 +00:00
|
|
|
prompt += '$ ' # "Non-Root" user
|
2011-02-05 21:53:54 +00:00
|
|
|
|
2009-11-22 07:07:58 +00:00
|
|
|
path = self.honeypot.cwd
|
2011-02-05 21:53:54 +00:00
|
|
|
homelen = len(self.honeypot.user.home)
|
|
|
|
|
if path == self.honeypot.user.home:
|
2009-11-22 07:07:58 +00:00
|
|
|
path = '~'
|
2011-02-05 21:53:54 +00:00
|
|
|
elif len(path) > (homelen+1) and \
|
|
|
|
|
path[:(homelen+1)] == self.honeypot.user.home + '/':
|
|
|
|
|
path = '~' + path[homelen:]
|
2014-05-29 07:38:43 +00:00
|
|
|
# Uncomment the three lines below for a 'better' CenOS look.
|
2014-06-01 13:16:48 +00:00
|
|
|
# Rather than '[root@svr03 /var/log]#' is shows '[root@svr03 log]#'.
|
2014-05-29 07:38:43 +00:00
|
|
|
#path = path.rsplit('/', 1)[-1]
|
|
|
|
|
#if not path:
|
|
|
|
|
# path = '/'
|
2011-02-05 21:53:54 +00:00
|
|
|
|
2009-11-22 07:07:58 +00:00
|
|
|
attrs = {'path': path}
|
|
|
|
|
self.honeypot.terminal.write(prompt % attrs)
|
|
|
|
|
|
|
|
|
|
def ctrl_c(self):
|
2009-11-25 17:10:55 +00:00
|
|
|
self.honeypot.lineBuffer = []
|
|
|
|
|
self.honeypot.lineBufferIndex = 0
|
2009-11-22 07:07:58 +00:00
|
|
|
self.honeypot.terminal.nextLine()
|
|
|
|
|
self.showPrompt()
|
|
|
|
|
|
2011-02-05 18:44:00 +00:00
|
|
|
# Tab completion
|
|
|
|
|
def handle_TAB(self):
|
|
|
|
|
if not len(self.honeypot.lineBuffer):
|
|
|
|
|
return
|
|
|
|
|
l = ''.join(self.honeypot.lineBuffer)
|
|
|
|
|
if l[-1] == ' ':
|
|
|
|
|
clue = ''
|
|
|
|
|
else:
|
|
|
|
|
clue = ''.join(self.honeypot.lineBuffer).split()[-1]
|
|
|
|
|
try:
|
|
|
|
|
basedir = os.path.dirname(clue)
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
if len(basedir) and basedir[-1] != '/':
|
|
|
|
|
basedir += '/'
|
|
|
|
|
|
|
|
|
|
files = []
|
|
|
|
|
tmppath = basedir
|
|
|
|
|
if not len(basedir):
|
|
|
|
|
tmppath = self.honeypot.cwd
|
|
|
|
|
try:
|
|
|
|
|
r = self.honeypot.fs.resolve_path(tmppath, self.honeypot.cwd)
|
|
|
|
|
except:
|
|
|
|
|
return
|
|
|
|
|
for x in self.honeypot.fs.get_path(r):
|
|
|
|
|
if clue == '':
|
|
|
|
|
files.append(x)
|
|
|
|
|
continue
|
|
|
|
|
if not x[fs.A_NAME].startswith(os.path.basename(clue)):
|
|
|
|
|
continue
|
|
|
|
|
files.append(x)
|
|
|
|
|
|
|
|
|
|
if len(files) == 0:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
# Clear early so we can call showPrompt if needed
|
|
|
|
|
for i in range(self.honeypot.lineBufferIndex):
|
|
|
|
|
self.honeypot.terminal.cursorBackward()
|
|
|
|
|
self.honeypot.terminal.deleteCharacter()
|
|
|
|
|
|
|
|
|
|
newbuf = ''
|
|
|
|
|
if len(files) == 1:
|
|
|
|
|
newbuf = ' '.join(l.split()[:-1] + \
|
|
|
|
|
['%s%s' % (basedir, files[0][fs.A_NAME])])
|
|
|
|
|
if files[0][fs.A_TYPE] == fs.T_DIR:
|
|
|
|
|
newbuf += '/'
|
|
|
|
|
else:
|
|
|
|
|
newbuf += ' '
|
|
|
|
|
else:
|
|
|
|
|
if len(os.path.basename(clue)):
|
|
|
|
|
prefix = os.path.commonprefix([x[fs.A_NAME] for x in files])
|
|
|
|
|
else:
|
|
|
|
|
prefix = ''
|
|
|
|
|
first = l.split(' ')[:-1]
|
|
|
|
|
newbuf = ' '.join(first + ['%s%s' % (basedir, prefix)])
|
|
|
|
|
if newbuf == ''.join(self.honeypot.lineBuffer):
|
|
|
|
|
self.honeypot.terminal.nextLine()
|
|
|
|
|
maxlen = max([len(x[fs.A_NAME]) for x in files]) + 1
|
|
|
|
|
perline = int(self.honeypot.user.windowSize[1] / (maxlen + 1))
|
|
|
|
|
count = 0
|
|
|
|
|
for file in files:
|
|
|
|
|
if count == perline:
|
|
|
|
|
count = 0
|
|
|
|
|
self.honeypot.terminal.nextLine()
|
|
|
|
|
self.honeypot.terminal.write(file[fs.A_NAME].ljust(maxlen))
|
|
|
|
|
count += 1
|
|
|
|
|
self.honeypot.terminal.nextLine()
|
|
|
|
|
self.showPrompt()
|
|
|
|
|
|
|
|
|
|
self.honeypot.lineBuffer = list(newbuf)
|
|
|
|
|
self.honeypot.lineBufferIndex = len(self.honeypot.lineBuffer)
|
|
|
|
|
self.honeypot.terminal.write(newbuf)
|
|
|
|
|
|
2009-11-22 07:07:58 +00:00
|
|
|
class HoneyPotEnvironment(object):
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.cfg = config()
|
|
|
|
|
self.commands = {}
|
|
|
|
|
import kippo.commands
|
2010-06-30 06:28:00 +00:00
|
|
|
for c in kippo.commands.__all__:
|
2009-11-22 07:07:58 +00:00
|
|
|
module = __import__('kippo.commands.%s' % c,
|
|
|
|
|
globals(), locals(), ['commands'])
|
|
|
|
|
self.commands.update(module.commands)
|
|
|
|
|
self.fs = pickle.load(file(
|
2010-06-17 06:11:23 +00:00
|
|
|
self.cfg.get('honeypot', 'filesystem_file'), 'rb'))
|
2009-11-22 07:07:58 +00:00
|
|
|
|
|
|
|
|
# vim: set sw=4 et:
|
