Rooba
/
cowrie
mirror of https://github.com/cowrie/cowrie.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add "apt-get moo" response 

Possible method of trying to detect a honeypot
This commit is contained in:
g0tmi1k 2014-05-29 00:48:56 +01:00
parent 9645e500e0
commit f871adc6d5
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
kippo/commands/apt.py
View File

@ -17,12 +17,14 @@ class command_faked_package_class_factory(object):
return command_faked_installation
'''apt-get fake
suppports only the 'install PACKAGE' command.
Places a 'Segfault' at /usr/bin/PACKAGE'''
suppports only the 'install PACKAGE' command & 'moo'.
Any installed packages, places a 'Segfault' at /usr/bin/PACKAGE.'''
class command_aptget(HoneyPotCommand):
def start(self):
if len(self.args) > 0 and self.args[0] == 'install':
self.do_install()
elif len(self.args) > 0 and self.args[0] == 'moo':
self.do_moo()
else:
self.do_locked()
@ -89,6 +91,16 @@ class command_aptget(HoneyPotCommand):
yield self.sleep(2)
self.exit()
def do_moo(self):
self.writeln(' (__)')
self.writeln(' (oo)')
self.writeln(' /------\/')
self.writeln(' / | ||')
self.writeln(' * /\---/\ ')
self.writeln(' ~~ ~~')
self.writeln('...."Have you mooed today?"...')
self.exit()
def do_locked(self):
self.writeln('E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)')
self.writeln('E: Unable to lock the list directory')