diff --git a/cowrie/commands/busybox.py b/cowrie/commands/busybox.py index fa5eeff8..fea19c75 100644 --- a/cowrie/commands/busybox.py +++ b/cowrie/commands/busybox.py @@ -2,7 +2,7 @@ """ """ -from cowrie.core.honeypot import HoneyPotCommand +from cowrie.core.honeypot import HoneyPotCommand,StdOutStdErrEmulationProtocol from twisted.python import log commands = {} @@ -55,24 +55,38 @@ class command_busybox(HoneyPotCommand): """ """ for ln in busybox_help: - self.write(ln+'\n') + self.errorWrite(ln+'\n') def call(self): """ """ - args = list(self.args) - if len(args) > 0: - line = ' '.join(args) - cmd = args[0] - args = args[1:] + start_value = None + for count in range(0,len(self.args)): + parsed_arguments = [] + class_found = self.protocol.getCommand(self.args[count], self.environ['PATH'] .split(':')) + if class_found: + start_value = count + break + if start_value is not None: + for index_2 in range(start_value,len(self.args)): + parsed_arguments.append(self.args[index_2]) + + if len(parsed_arguments) > 0: + line = ' '.join(parsed_arguments ) + cmd = parsed_arguments[0] cmdclass = self.protocol.getCommand(cmd, - self.environ['PATH'].split(':')) + self.environ['PATH'].split(':')) if cmdclass: log.msg(eventid='cowrie.command.success', input=line, format='Command found: %(input)s') - self.protocol.call_command(cmdclass, *args) + command = StdOutStdErrEmulationProtocol(self.protocol,cmdclass,parsed_arguments[1:],self.input_data,None) + self.protocol.pp.insert_command(command) + # Place this here so it doesn't write out only if last statement + + if self.input_data: + self.write(self.input_data) else: self.help() else: diff --git a/cowrie/commands/sudo.py b/cowrie/commands/sudo.py index 2d03b0c3..5bf46fba 100644 --- a/cowrie/commands/sudo.py +++ b/cowrie/commands/sudo.py @@ -3,7 +3,7 @@ import getopt from twisted.python import log -from cowrie.core.honeypot import HoneyPotCommand +from cowrie.core.honeypot import HoneyPotCommand,StdOutStdErrEmulationProtocol commands = {} @@ -60,7 +60,7 @@ class command_sudo(HoneyPotCommand): """ """ for ln in sudo_shorthelp: - self.write(ln+'\n') + self.errorWrite(ln+'\n') self.exit() @@ -68,14 +68,14 @@ class command_sudo(HoneyPotCommand): """ """ for ln in sudo_longhelp: - self.write(ln+'\n') + self.errorWrite(ln+'\n') self.exit() def version(self): """ """ - self.write( + self.errorWrite( '''Sudo version 1.8.5p2 Sudoers policy plugin version 1.8.5p2 Sudoers file grammar version 41 @@ -86,10 +86,21 @@ Sudoers I/O plugin version 1.8.5p2\n''') def start(self): """ """ + start_value = None + for count in range(0,len(self.args)): + parsed_arguments = [] + class_found = self.protocol.getCommand(self.args[count], self.environ['PATH'] .split(':')) + if class_found: + start_value = count + break + if start_value is not None: + for index_2 in range(start_value,len(self.args)): + parsed_arguments.append(self.args[index_2]) + try: - optlist, args = getopt.getopt(self.args, 'shV') + optlist, args = getopt.getopt(self.args[0:start_value], 'bEeHhKknPSVva:C:g:i:l:p:r:s:t:U:u:') except getopt.GetoptError as err: - self.write('invalid option\n') + self.errorWrite('sudo: illegal option -- ' + err.opt + '\n') self.short_help() return @@ -101,17 +112,21 @@ Sudoers I/O plugin version 1.8.5p2\n''') self.long_help() return - if len(args) > 0: - line = ' '.join(args) - cmd = args[0] - args = args[1:] + if len(parsed_arguments) > 0: + line = ' '.join(parsed_arguments ) + cmd = parsed_arguments[0] cmdclass = self.protocol.getCommand(cmd, self.environ['PATH'].split(':')) + if cmdclass: log.msg(eventid='cowrie.command.success', input=line, format='Command found: %(input)s') - self.protocol.call_command(cmdclass, *args) + command = StdOutStdErrEmulationProtocol(self.protocol,cmdclass,parsed_arguments[1:], None ,None) + self.protocol.pp.insert_command(command) + # this needs to go here so it doesn't write it out.... + if self.input_data: + self.write(self.input_data) self.exit() else: self.short_help() diff --git a/cowrie/core/honeypot.py b/cowrie/core/honeypot.py index 023b7a39..ace30df6 100644 --- a/cowrie/core/honeypot.py +++ b/cowrie/core/honeypot.py @@ -13,9 +13,10 @@ import time from twisted.python import log, failure from twisted.internet import error + from cowrie.core import fs from cowrie.core import shlex -from twisted.conch.ssh import session + class HoneyPotCommand(object): """ @@ -49,7 +50,6 @@ class HoneyPotCommand(object): self.write = self.protocol.pp.outReceived self.errorWrite = self.protocol.pp.errReceived - def check_arguments(self,application,args): """ """ @@ -62,13 +62,11 @@ class HoneyPotCommand(object): files.append(path) return files - def set_input_data(self,data): """ """ self.input_data = data - def write_to_file(self, data): """ """ @@ -77,14 +75,12 @@ class HoneyPotCommand(object): self.writtenBytes += len(data) self.fs.update_size(self.outfile, self.writtenBytes) - def start(self): """ """ self.call() self.exit() - def call(self): """ """ @@ -110,7 +106,6 @@ class HoneyPotCommand(object): self.write('^C\n') self.exit() - def lineReceived(self, line): """ """ @@ -118,25 +113,23 @@ class HoneyPotCommand(object): # FIXME: naive command parsing, see lineReceived below self.protocol.cmdstack[0].cmdpending.append(shlex.split(line)) - def resume(self): """ """ pass - def handle_TAB(self): """ """ pass - def handle_CTRL_D(self): """ """ pass - + def __repr__(self): + return str(self.__class__.__name__) class HoneyPotShell(object): """ @@ -463,68 +456,67 @@ class StdOutStdErrEmulationProtocol(object): """ __author__ = 'davegermiquet' - def __init__(self,protocol,cmd,cmdargs,input_data,next_protocol): + def __init__(self, protocol, cmd, cmdargs, input_data, next_command): self.cmd=cmd self.cmdargs=cmdargs self.input_data=input_data - self.next_protocol=next_protocol + self.next_command = next_command self.data = "" self.err_data = "" self.protocol = protocol - def connectionMade(self): """ """ self.input_data = None - def outReceived(self, data): """ """ self.data = self.data + data - if not self.next_protocol: + + if not self.next_command: if not self.protocol is None and not self.protocol.terminal is None: - self.protocol.terminal.write(data) + self.protocol.terminal.write(str(data)) else: log.msg("Connection was probably lost. Could not write to terminal") + # Insert the next command into the list. + + def insert_command(self, command): + command.next_command = self.next_command + self.next_command = command def errReceived(self, data): """ """ - self.protocol.terminal.write(data ) + self.protocol.terminal.write(data) self.err_data = self.err_data + data - def inConnectionLost(self): """ """ pass - def outConnectionLost(self): """ """ - if self.next_protocol: - self.next_protocol.input_data = self.data - npcmd=self.next_protocol.cmd - npcmdargs=self.next_protocol.cmdargs - self.protocol.call_command(self.next_protocol,npcmd,*npcmdargs) - + if self.next_command: + self.next_command.input_data = self.data + npcmd = self.next_command.cmd + npcmdargs = self.next_command.cmdargs + self.protocol.call_command(self.next_command, npcmd, *npcmdargs) def errConnectionLost(self): """ """ pass - def processExited(self, reason): """ """ log.msg("processExited for %s, status %d" % (self.cmd,reason.value.exitCode,)) - def processEnded(self, reason): """ """