Log standardization of the commands wget/curl/ftpget/tftp. (#456)

* Log standardization of the commands wget/curl/ftpget/tftp. * Bring back call of self.protocol.logDispatch().
2017-02-18 18:28:41 +03:00 · 2017-02-18 18:28:41 +03:00 · bf17c379fd
parent 2f2d458fee
commit bf17c379fd
4 changed files with 26 additions and 24 deletions
--- a/cowrie/commands/curl.py
+++ b/cowrie/commands/curl.py
@ -314,8 +314,9 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
            log.msg("there's no file " + self.safeoutfile)
            self.exit()

-        shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest()
-        hashPath = os.path.join(self.download_path, shasum)
+        with open(self.safeoutfile, 'rb') as f:
+            shasum = hashlib.sha256(f.read()).hexdigest()
+            hashPath = os.path.join(self.download_path, shasum)

        # If we have content already, delete temp file
        if not os.path.exists(hashPath):
@ -343,9 +344,7 @@ Options: (H) means HTTP/HTTPS only, (F) means FTP only
        # self.safeoutfile = hashPath

        # Update the honeyfs to point to downloaded file
-        if outfile is not None:
-            f = self.fs.getfile(outfile)
-            f[A_REALFILE] = hashPath
+        self.fs.update_realfile(self.fs.getfile(outfile), hashPath)
        self.exit()


--- a/cowrie/commands/ftpget.py
+++ b/cowrie/commands/ftpget.py
@ -104,6 +104,7 @@ Download a file via FTP
        result = self.ftp_download(self.safeoutfile)

        if not result:
+            self.safeoutfile = None
            self.exit()
            return

@ -112,15 +113,16 @@ Download a file via FTP
            self.exit()
            return

-        shasum = hashlib.sha256(open(self.safeoutfile, 'rb').read()).hexdigest()
-        hash_path = os.path.join(self.download_path, shasum)
+        with open(self.safeoutfile, 'rb') as f:
+            shasum = hashlib.sha256(f.read()).hexdigest()
+            hash_path = os.path.join(self.download_path, shasum)

        # If we have content already, delete temp file
        if not os.path.exists(hash_path):
            os.rename(self.safeoutfile, hash_path)
        else:
            os.remove(self.safeoutfile)
-        os.symlink( shasum, self.safeoutfile )
+            log.msg("Not storing duplicate content " + shasum)

        log.msg(eventid='cowrie.session.file_download',
                format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
@ -128,10 +130,13 @@ Download a file via FTP
                outfile=hash_path,
                shasum=shasum)

-        # Update the honeyfs to point to downloaded file
-        self.fs.mkfile(fakeoutfile, 0, 0, os.path.getsize(hash_path), 33188)
-        self.fs.update_realfile(self.fs.getfile(fakeoutfile), hash_path)
+        # Link friendly name to hash
+        os.symlink(shasum, self.safeoutfile)

+        self.safeoutfile = None
+
+        # Update the honeyfs to point to downloaded file
+        self.fs.update_realfile(self.fs.getfile(fakeoutfile), hash_path)
        self.exit()

    def ftp_download(self, safeoutfile):
--- a/cowrie/commands/tftp.py
+++ b/cowrie/commands/tftp.py
@ -106,11 +106,11 @@ class command_tftp(HoneyPotCommand):
            # Link friendly name to hash
            os.symlink(shasum, self.safeoutfile)

+            self.safeoutfile = None
+
            # Update the honeyfs to point to downloaded file
-            f = self.fs.getfile(self.file_to_get)
-            f[A_REALFILE] = hash_path
-
-
+            self.fs.update_realfile(self.fs.getfile(self.file_to_get), hash_path)
+            self.exit()


    def start(self):
--- a/cowrie/commands/wget.py
+++ b/cowrie/commands/wget.py
@ -194,7 +194,7 @@ class command_wget(HoneyPotCommand):

        with open(self.safeoutfile, 'rb') as f:
            shasum = hashlib.sha256(f.read()).hexdigest()
-        hash_path = os.path.join(self.download_path, shasum)
+            hash_path = os.path.join(self.download_path, shasum)

        # If we have content already, delete temp file
        if not os.path.exists(hash_path):
@ -204,10 +204,10 @@ class command_wget(HoneyPotCommand):
            log.msg("Not storing duplicate content " + shasum)

        self.protocol.logDispatch(eventid='cowrie.session.file_download',
-            format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
-            url=self.url,
-            outfile=hash_path,
-            shasum=shasum )
+                                  format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
+                                  url=self.url,
+                                  outfile=hash_path,
+                                  shasum=shasum)

        log.msg(eventid='cowrie.session.file_download',
                format='Downloaded URL (%(url)s) with SHA-256 %(shasum)s to %(outfile)s',
@ -218,12 +218,10 @@ class command_wget(HoneyPotCommand):
        # Link friendly name to hash
        os.symlink(shasum, self.safeoutfile)

-        # FIXME: is this necessary?
-        # self.safeoutfile = hash_path
+        self.safeoutfile = None

        # Update the honeyfs to point to downloaded file
-        f = self.fs.getfile(outfile)
-        f[A_REALFILE] = hash_path
+        self.fs.update_realfile(self.fs.getfile(outfile), hash_path)
        self.exit()