From 4efcc40e60e0c56e4c8d581dc0a072ff6d3a9587 Mon Sep 17 00:00:00 2001 From: fe7ch Date: Wed, 7 Jun 2017 11:13:21 +0300 Subject: [PATCH 1/3] Fix couple of crashes in nc command (#538) * Fix crash if out_addr was set in the config * Exit function if not enough arguments passed --- cowrie/commands/nc.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cowrie/commands/nc.py b/cowrie/commands/nc.py index 0793aca7..ac5c823a 100644 --- a/cowrie/commands/nc.py +++ b/cowrie/commands/nc.py @@ -34,6 +34,7 @@ usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length] if not args or len(args) < 2: self.help() self.exit() + return host = args[0] port = args[1] @@ -46,10 +47,10 @@ usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length] if self.protocol.cfg.has_option('honeypot', 'out_addr'): out_addr = (self.protocol.cfg.get('honeypot', 'out_addr'), 0) else: - out_addr = '0.0.0.0' + out_addr = ('0.0.0.0', 0) self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.s.bind((out_addr, 0)) + self.s.bind(out_addr) self.s.connect((host, int(port))) self.recv_data() From dfb909eae623f9656668c392db56ec3006053c8d Mon Sep 17 00:00:00 2001 From: fe7ch Date: Wed, 7 Jun 2017 11:13:43 +0300 Subject: [PATCH 2/3] Remove accidentally added sha1 hashing. (#535) --- cowrie/commands/scp.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cowrie/commands/scp.py b/cowrie/commands/scp.py index 87c5a80e..2931cf87 100644 --- a/cowrie/commands/scp.py +++ b/cowrie/commands/scp.py @@ -124,7 +124,6 @@ class command_scp(HoneyPotCommand): if os.path.exists(self.safeoutfile): with open(self.safeoutfile, 'rb') as f: shasum = hashlib.sha256(data).hexdigest() - sha1sum = hashlib.sha1(data).hexdigest() hash_path = os.path.join(self.download_path_uniq, shasum) # If we have content already, delete temp file @@ -139,8 +138,7 @@ class command_scp(HoneyPotCommand): filename=os.path.basename(fname), url=fname, outfile=shasum, - shasum=shasum, - sha1=sha1sum) + shasum=shasum) # Link friendly name to hash os.symlink(hash_path, self.safeoutfile) From 5f7b6f3d2d23c35ab7e9e87cac83e63b688acea2 Mon Sep 17 00:00:00 2001 From: Michel Oosterhof Date: Wed, 7 Jun 2017 12:19:13 +0400 Subject: [PATCH 3/3] stop symlinking downloads to friendly filenames --- cowrie/commands/curl.py | 2 +- cowrie/commands/ftpget.py | 2 +- cowrie/commands/scp.py | 2 +- cowrie/commands/tftp.py | 2 +- cowrie/commands/wget.py | 2 +- cowrie/core/artifact.py | 10 +++++----- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/cowrie/commands/curl.py b/cowrie/commands/curl.py index 278f5c7a..6f853491 100644 --- a/cowrie/commands/curl.py +++ b/cowrie/commands/curl.py @@ -332,7 +332,7 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only shasum=shasum) # Link friendly name to hash - os.symlink(shasum, self.safeoutfile) + # os.symlink(shasum, self.safeoutfile) # FIXME: is this necessary? # self.safeoutfile = hashPath diff --git a/cowrie/commands/ftpget.py b/cowrie/commands/ftpget.py index 5cf94baf..bb77eafb 100644 --- a/cowrie/commands/ftpget.py +++ b/cowrie/commands/ftpget.py @@ -131,7 +131,7 @@ Download a file via FTP shasum=shasum) # Link friendly name to hash - os.symlink(shasum, self.safeoutfile) + # os.symlink(shasum, self.safeoutfile) self.safeoutfile = None diff --git a/cowrie/commands/scp.py b/cowrie/commands/scp.py index 2931cf87..cbf05833 100644 --- a/cowrie/commands/scp.py +++ b/cowrie/commands/scp.py @@ -141,7 +141,7 @@ class command_scp(HoneyPotCommand): shasum=shasum) # Link friendly name to hash - os.symlink(hash_path, self.safeoutfile) + # os.symlink(hash_path, self.safeoutfile) self.safeoutfile = None diff --git a/cowrie/commands/tftp.py b/cowrie/commands/tftp.py index 66931f33..70c70962 100644 --- a/cowrie/commands/tftp.py +++ b/cowrie/commands/tftp.py @@ -106,7 +106,7 @@ class command_tftp(HoneyPotCommand): shasum=shasum) # Link friendly name to hash - os.symlink(shasum, self.safeoutfile) + # os.symlink(shasum, self.safeoutfile) self.safeoutfile = None diff --git a/cowrie/commands/wget.py b/cowrie/commands/wget.py index 4d7a054f..b483ed4f 100644 --- a/cowrie/commands/wget.py +++ b/cowrie/commands/wget.py @@ -210,7 +210,7 @@ class command_wget(HoneyPotCommand): shasum=shasum) # Link friendly name to hash - os.symlink(shasum, self.safeoutfile) + # os.symlink(shasum, self.safeoutfile) self.safeoutfile = None diff --git a/cowrie/core/artifact.py b/cowrie/core/artifact.py index bfaf44d5..ee37f42d 100644 --- a/cowrie/core/artifact.py +++ b/cowrie/core/artifact.py @@ -82,11 +82,11 @@ class Artifact: else: os.rename(self.fp.name, shasumFilename) - if size>0: - linkName = self.artifactDir + "/" \ - + time.strftime('%Y%m%dT%H%M%S') \ - + "_" + re.sub('[^-A-Za-z0-9]', '_', self.label) - os.symlink(shasum, linkName) + # if size>0: + # linkName = self.artifactDir + "/" \ + # + time.strftime('%Y%m%dT%H%M%S') \ + # + "_" + re.sub('[^-A-Za-z0-9]', '_', self.label) + # os.symlink(shasum, linkName) return shasum, shasumFilename