From f871adc6d52201d4176e48bf70b271b10e2fdb72 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Thu, 29 May 2014 00:48:56 +0100 Subject: [PATCH] Add "apt-get moo" response Possible method of trying to detect a honeypot --- kippo/commands/apt.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/kippo/commands/apt.py b/kippo/commands/apt.py index 835f29fb..d2375649 100644 --- a/kippo/commands/apt.py +++ b/kippo/commands/apt.py @@ -17,12 +17,14 @@ class command_faked_package_class_factory(object): return command_faked_installation '''apt-get fake -suppports only the 'install PACKAGE' command. -Places a 'Segfault' at /usr/bin/PACKAGE''' +suppports only the 'install PACKAGE' command & 'moo'. +Any installed packages, places a 'Segfault' at /usr/bin/PACKAGE.''' class command_aptget(HoneyPotCommand): def start(self): if len(self.args) > 0 and self.args[0] == 'install': self.do_install() + elif len(self.args) > 0 and self.args[0] == 'moo': + self.do_moo() else: self.do_locked() @@ -89,6 +91,16 @@ class command_aptget(HoneyPotCommand): yield self.sleep(2) self.exit() + def do_moo(self): + self.writeln(' (__)') + self.writeln(' (oo)') + self.writeln(' /------\/') + self.writeln(' / | ||') + self.writeln(' * /\---/\ ') + self.writeln(' ~~ ~~') + self.writeln('...."Have you mooed today?"...') + self.exit() + def do_locked(self): self.writeln('E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)') self.writeln('E: Unable to lock the list directory')