Ejemplo n.º 1
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        log.msg("received call to LSP.connectionLost")
        transport = self.transport.session.conn.transport

        if self.stdinlog_open:
            try:
                with open(self.stdinlog_file, 'rb') as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = self.cfg.get('honeypot',
                        'download_path') + "/" + shasum
                    if (os.path.exists(shasumfile)):
                        os.remove(self.stdinlog_file)
                    else:
                        os.rename(self.stdinlog_file, shasumfile)
                    os.symlink(shasum, self.stdinlog_file)
                log.msg(eventid='KIPP0007',
                    format='Saved stdin contents to %(outfile)s',
                    url='stdin', outfile=shasumfile, shasum=shasum)
            except IOError as e:
                pass
            finally:
                self.stdinlog_open = False

        if self.ttylog_open:
            log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s',
                ttylog=transport.ttylog_file)
            ttylog.ttylog_close(transport.ttylog_file, time.time())
            self.ttylog_open = False

        self.cfg = None
        insults.ServerProtocol.connectionLost(self, reason)
Ejemplo n.º 2
0
 def closed(self):
     log.msg(eventid='cowrie.log.closed',
             format="Closing TTY Log: %(ttylog)s after %(duration)d seconds",
             ttylog=self.ttylogFile,
             size=self.bytesReceived + self.bytesWritten,
             duration=time.time() - self.startTime)
     ttylog.ttylog_close(self.ttylogFile, time.time())
     channel.SSHChannel.closed(self)
Ejemplo n.º 3
0
Archivo: ssh.py Proyecto: CZ-NIC/kippo
 def connectionLost(self, reason):
     for i in self.interactors:
         i.sessionClosed()
     if self.transport.sessionno in self.factory.sessions:
         del self.factory.sessions[self.transport.sessionno]
     if self.ttylog_open:
         ttylog.ttylog_close(self.ttylog_file, time.time())
         self.ttylog_open = False
     transport.SSHServerTransport.connectionLost(self, reason)
 def closed(self):
     """
     """
     log.msg(
         eventid='cowrie.log.closed',
         format='Closing TTY Log: %(ttylog)s after %(duration)d seconds',
         ttylog=self.ttylogFile,
         size=self.bytesReceived + self.bytesWritten,
         duration=time.time() - self.startTime)
     ttylog.ttylog_close(self.ttylogFile, time.time())
     channel.SSHChannel.closed(self)
Ejemplo n.º 5
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        log.msg("received call to LSP.connectionLost")

        for i in self.interactors:
            i.sessionClosed()

        transport = self.transport.session.conn.transport

        if self.stdinlog_open:
            try:
                with open(self.stdinlog_file, 'rb') as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = self.cfg.get('honeypot',
                                              'download_path') + "/" + shasum
                    if (os.path.exists(shasumfile)):
                        os.remove(self.stdinlog_file)
                    else:
                        os.rename(self.stdinlog_file, shasumfile)
                    os.symlink(shasum, self.stdinlog_file)
                log.msg(eventid='COW0007',
                        format='Saved stdin contents to %(outfile)s',
                        url='stdin',
                        outfile=shasumfile,
                        shasum=shasum)
            except IOError as e:
                pass
            finally:
                self.stdinlog_open = False

        if self.ttylog_open:
            size = self.ttylog_size[self.ttylog_file]
            log.msg(eventid='COW0012',
                    format='Closing TTY Log: %(ttylog)s',
                    ttylog=self.ttylog_file,
                    size=size)
            ttylog.ttylog_close(self.ttylog_file, time.time())
            self.ttylog_open = False

        self.cfg = None
        insults.ServerProtocol.connectionLost(self, reason)
Ejemplo n.º 6
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        log.msg("received call to LSP.connectionLost")

        for i in self.interactors:
            i.sessionClosed()

        transport = self.transport.session.conn.transport

        if self.stdinlog_open:
            try:
                with open(self.stdinlog_file, 'rb') as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = self.downloadPath + "/" + shasum
                    if (os.path.exists(shasumfile)):
                        os.remove(self.stdinlog_file)
                    else:
                        os.rename(self.stdinlog_file, shasumfile)
                    os.symlink(shasum, self.stdinlog_file)
                log.msg(eventid='cowrie.session.file_download',
                        format='Saved stdin contents to %(outfile)s',
                        url='stdin',
                        outfile=shasumfile,
                        shasum=shasum)
            except IOError as e:
                pass
            finally:
                self.stdinlog_open = False

        if self.ttylog_open:
            # TODO: Add session duration to this entry
            log.msg(eventid='cowrie.log.closed',
                    format='Closing TTY Log: %(ttylog)s',
                    ttylog=self.ttylog_file,
                    size=self.ttylogSize)
            ttylog.ttylog_close(self.ttylog_file, time.time())
            self.ttylog_open = False

        insults.ServerProtocol.connectionLost(self, reason)
Ejemplo n.º 7
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        for i in self.interactors:
            i.sessionClosed()

        if self.stdinlog_open:
            try:
                with open(self.stdinlogFile, 'rb') as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = self.downloadPath + "/" + shasum
                    if (os.path.exists(shasumfile)):
                        os.remove(self.stdinlogFile)
                    else:
                        os.rename(self.stdinlogFile, shasumfile)
                    os.symlink(shasum, self.stdinlogFile)
                log.msg(eventid='cowrie.session.file_download',
                        format='Saved stdin contents to %(outfile)s',
                        url='stdin',
                        outfile=shasumfile,
                        shasum=shasum)
            except IOError as e:
                pass
            finally:
                self.stdinlog_open = False

        if self.ttylog_open:
            # TODO: Add session duration to this entry
            log.msg(
                eventid='cowrie.log.closed',
                format='Closing TTY Log: %(ttylog)s after %(duration)d seconds',
                ttylog=self.ttylogFile,
                size=self.ttylogSize,
                duration=time.time() - self.startTime)
            ttylog.ttylog_close(self.ttylogFile, time.time())
            self.ttylog_open = False

        insults.ServerProtocol.connectionLost(self, reason)
Ejemplo n.º 8
0
    def channel_closed(self):
        if self.ttylogEnabled:
            ttylog.ttylog_close(self.ttylogFile, time.time())
            shasum = ttylog.ttylog_inputhash(self.ttylogFile)
            shasumfile = os.path.join(self.ttylogPath, shasum)

            if os.path.exists(shasumfile):
                duplicate = True
                os.remove(self.ttylogFile)
            else:
                duplicate = False
                os.rename(self.ttylogFile, shasumfile)
                umask = os.umask(0)
                os.umask(umask)
                os.chmod(shasumfile, 0o666 & ~umask)

            log.msg(eventid='cowrie.log.closed',
                    format='Closing TTY Log: %(ttylog)s after %(duration)d seconds',
                    ttylog=shasumfile,
                    size=self.ttylogSize,
                    shasum=shasum,
                    duplicate=duplicate,
                    duration=time.time() - self.startTime)
Ejemplo n.º 9
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        if self.stdinlogOpen:
            try:
                with open(self.stdinlogFile, "rb") as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = os.path.join(self.downloadPath, shasum)
                    if os.path.exists(shasumfile):
                        os.remove(self.stdinlogFile)
                        duplicate = True
                    else:
                        os.rename(self.stdinlogFile, shasumfile)
                        duplicate = False

                log.msg(
                    eventid="cowrie.session.file_download",
                    format=
                    "Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s",
                    duplicate=duplicate,
                    outfile=shasumfile,
                    shasum=shasum,
                    destfile="",
                )
            except OSError:
                pass
            finally:
                self.stdinlogOpen = False

        if self.redirFiles:
            for rp in self.redirFiles:

                rf = rp[0]

                if rp[1]:
                    url = rp[1]
                else:
                    url = rf[rf.find("redir_") + len("redir_"):]

                try:
                    if not os.path.exists(rf):
                        continue

                    if os.path.getsize(rf) == 0:
                        os.remove(rf)
                        continue

                    with open(rf, "rb") as f:
                        shasum = hashlib.sha256(f.read()).hexdigest()
                        shasumfile = os.path.join(self.downloadPath, shasum)
                        if os.path.exists(shasumfile):
                            os.remove(rf)
                            duplicate = True
                        else:
                            os.rename(rf, shasumfile)
                            duplicate = False
                    log.msg(
                        eventid="cowrie.session.file_download",
                        format=
                        "Saved redir contents with SHA-256 %(shasum)s to %(outfile)s",
                        duplicate=duplicate,
                        outfile=shasumfile,
                        shasum=shasum,
                        destfile=url,
                    )
                except OSError:
                    pass
            self.redirFiles.clear()

        if self.ttylogEnabled and self.ttylogOpen:
            ttylog.ttylog_close(self.ttylogFile, time.time())
            self.ttylogOpen = False
            shasum = ttylog.ttylog_inputhash(self.ttylogFile)
            shasumfile = os.path.join(self.ttylogPath, shasum)

            if os.path.exists(shasumfile):
                duplicate = True
                os.remove(self.ttylogFile)
            else:
                duplicate = False
                os.rename(self.ttylogFile, shasumfile)
                umask = os.umask(0)
                os.umask(umask)
                os.chmod(shasumfile, 0o666 & ~umask)

            log.msg(
                eventid="cowrie.log.closed",
                format="Closing TTY Log: %(ttylog)s after %(duration)d seconds",
                ttylog=shasumfile,
                size=self.ttylogSize,
                shasum=shasum,
                duplicate=duplicate,
                duration=time.time() - self.startTime,
            )

        insults.ServerProtocol.connectionLost(self, reason)
Ejemplo n.º 10
0
    def connectionLost(self, reason):
        """
        FIXME: this method is called 4 times on logout....
        it's called once from Avatar.closed() if disconnected
        """
        if self.stdinlogOpen:
            try:
                with open(self.stdinlogFile, 'rb') as f:
                    shasum = hashlib.sha256(f.read()).hexdigest()
                    shasumfile = os.path.join(self.downloadPath, shasum)
                    if os.path.exists(shasumfile):
                        os.remove(self.stdinlogFile)
                        log.msg("Not storing duplicate content " + shasum)
                    else:
                        os.rename(self.stdinlogFile, shasumfile)
                    # os.symlink(shasum, self.stdinlogFile)
                log.msg(eventid='cowrie.session.file_download',
                        format='Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s',
                        url='stdin',
                        outfile=shasumfile,
                        shasum=shasum,
                        destfile='')
            except IOError as e:
                pass
            finally:
                self.stdinlogOpen = False

        if self.redirFiles:
            for rp in self.redirFiles:

                rf = rp[0]

                if rp[1]:
                    url = rp[1]
                else:
                    url = rf[rf.find('redir_')+len('redir_'):]

                try:
                    if not os.path.exists(rf):
                        continue

                    if os.path.getsize(rf) == 0:
                        os.remove(rf)
                        continue

                    with open(rf, 'rb') as f:
                        shasum = hashlib.sha256(f.read()).hexdigest()
                        shasumfile = os.path.join(self.downloadPath, shasum)
                        if os.path.exists(shasumfile):
                            os.remove(rf)
                            log.msg("Not storing duplicate content " + shasum)
                        else:
                            os.rename(rf, shasumfile)
                        # os.symlink(shasum, rf)
                    log.msg(eventid='cowrie.session.file_download',
                            format='Saved redir contents with SHA-256 %(shasum)s to %(outfile)s',
                            url=url,
                            outfile=shasumfile,
                            shasum=shasum,
                            destfile=url)
                except IOError:
                    pass
            self.redirFiles.clear()

        if self.ttylogEnabled and self.ttylogOpen:
            log.msg(eventid='cowrie.log.closed',
                    format='Closing TTY Log: %(ttylog)s after %(duration)d seconds',
                    ttylog=self.ttylogFile,
                    size=self.ttylogSize,
                    duration=time.time()-self.startTime)
            ttylog.ttylog_close(self.ttylogFile, time.time())
            self.ttylogOpen = False

        insults.ServerProtocol.connectionLost(self, reason)