def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ log.msg("received call to LSP.connectionLost") transport = self.transport.session.conn.transport if self.stdinlog_open: try: with open(self.stdinlog_file, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = self.cfg.get('honeypot', 'download_path') + "/" + shasum if (os.path.exists(shasumfile)): os.remove(self.stdinlog_file) else: os.rename(self.stdinlog_file, shasumfile) os.symlink(shasum, self.stdinlog_file) log.msg(eventid='KIPP0007', format='Saved stdin contents to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum) except IOError as e: pass finally: self.stdinlog_open = False if self.ttylog_open: log.msg(eventid='KIPP0012', format='Closing TTY Log: %(ttylog)s', ttylog=transport.ttylog_file) ttylog.ttylog_close(transport.ttylog_file, time.time()) self.ttylog_open = False self.cfg = None insults.ServerProtocol.connectionLost(self, reason)
def closed(self): log.msg(eventid='cowrie.log.closed', format="Closing TTY Log: %(ttylog)s after %(duration)d seconds", ttylog=self.ttylogFile, size=self.bytesReceived + self.bytesWritten, duration=time.time() - self.startTime) ttylog.ttylog_close(self.ttylogFile, time.time()) channel.SSHChannel.closed(self)
def connectionLost(self, reason): for i in self.interactors: i.sessionClosed() if self.transport.sessionno in self.factory.sessions: del self.factory.sessions[self.transport.sessionno] if self.ttylog_open: ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False transport.SSHServerTransport.connectionLost(self, reason)
def closed(self): """ """ log.msg( eventid='cowrie.log.closed', format='Closing TTY Log: %(ttylog)s after %(duration)d seconds', ttylog=self.ttylogFile, size=self.bytesReceived + self.bytesWritten, duration=time.time() - self.startTime) ttylog.ttylog_close(self.ttylogFile, time.time()) channel.SSHChannel.closed(self)
def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ log.msg("received call to LSP.connectionLost") for i in self.interactors: i.sessionClosed() transport = self.transport.session.conn.transport if self.stdinlog_open: try: with open(self.stdinlog_file, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = self.cfg.get('honeypot', 'download_path') + "/" + shasum if (os.path.exists(shasumfile)): os.remove(self.stdinlog_file) else: os.rename(self.stdinlog_file, shasumfile) os.symlink(shasum, self.stdinlog_file) log.msg(eventid='COW0007', format='Saved stdin contents to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum) except IOError as e: pass finally: self.stdinlog_open = False if self.ttylog_open: size = self.ttylog_size[self.ttylog_file] log.msg(eventid='COW0012', format='Closing TTY Log: %(ttylog)s', ttylog=self.ttylog_file, size=size) ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False self.cfg = None insults.ServerProtocol.connectionLost(self, reason)
def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ log.msg("received call to LSP.connectionLost") for i in self.interactors: i.sessionClosed() transport = self.transport.session.conn.transport if self.stdinlog_open: try: with open(self.stdinlog_file, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = self.downloadPath + "/" + shasum if (os.path.exists(shasumfile)): os.remove(self.stdinlog_file) else: os.rename(self.stdinlog_file, shasumfile) os.symlink(shasum, self.stdinlog_file) log.msg(eventid='cowrie.session.file_download', format='Saved stdin contents to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum) except IOError as e: pass finally: self.stdinlog_open = False if self.ttylog_open: # TODO: Add session duration to this entry log.msg(eventid='cowrie.log.closed', format='Closing TTY Log: %(ttylog)s', ttylog=self.ttylog_file, size=self.ttylogSize) ttylog.ttylog_close(self.ttylog_file, time.time()) self.ttylog_open = False insults.ServerProtocol.connectionLost(self, reason)
def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ for i in self.interactors: i.sessionClosed() if self.stdinlog_open: try: with open(self.stdinlogFile, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = self.downloadPath + "/" + shasum if (os.path.exists(shasumfile)): os.remove(self.stdinlogFile) else: os.rename(self.stdinlogFile, shasumfile) os.symlink(shasum, self.stdinlogFile) log.msg(eventid='cowrie.session.file_download', format='Saved stdin contents to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum) except IOError as e: pass finally: self.stdinlog_open = False if self.ttylog_open: # TODO: Add session duration to this entry log.msg( eventid='cowrie.log.closed', format='Closing TTY Log: %(ttylog)s after %(duration)d seconds', ttylog=self.ttylogFile, size=self.ttylogSize, duration=time.time() - self.startTime) ttylog.ttylog_close(self.ttylogFile, time.time()) self.ttylog_open = False insults.ServerProtocol.connectionLost(self, reason)
def channel_closed(self): if self.ttylogEnabled: ttylog.ttylog_close(self.ttylogFile, time.time()) shasum = ttylog.ttylog_inputhash(self.ttylogFile) shasumfile = os.path.join(self.ttylogPath, shasum) if os.path.exists(shasumfile): duplicate = True os.remove(self.ttylogFile) else: duplicate = False os.rename(self.ttylogFile, shasumfile) umask = os.umask(0) os.umask(umask) os.chmod(shasumfile, 0o666 & ~umask) log.msg(eventid='cowrie.log.closed', format='Closing TTY Log: %(ttylog)s after %(duration)d seconds', ttylog=shasumfile, size=self.ttylogSize, shasum=shasum, duplicate=duplicate, duration=time.time() - self.startTime)
def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ if self.stdinlogOpen: try: with open(self.stdinlogFile, "rb") as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(self.stdinlogFile) duplicate = True else: os.rename(self.stdinlogFile, shasumfile) duplicate = False log.msg( eventid="cowrie.session.file_download", format= "Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s", duplicate=duplicate, outfile=shasumfile, shasum=shasum, destfile="", ) except OSError: pass finally: self.stdinlogOpen = False if self.redirFiles: for rp in self.redirFiles: rf = rp[0] if rp[1]: url = rp[1] else: url = rf[rf.find("redir_") + len("redir_"):] try: if not os.path.exists(rf): continue if os.path.getsize(rf) == 0: os.remove(rf) continue with open(rf, "rb") as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(rf) duplicate = True else: os.rename(rf, shasumfile) duplicate = False log.msg( eventid="cowrie.session.file_download", format= "Saved redir contents with SHA-256 %(shasum)s to %(outfile)s", duplicate=duplicate, outfile=shasumfile, shasum=shasum, destfile=url, ) except OSError: pass self.redirFiles.clear() if self.ttylogEnabled and self.ttylogOpen: ttylog.ttylog_close(self.ttylogFile, time.time()) self.ttylogOpen = False shasum = ttylog.ttylog_inputhash(self.ttylogFile) shasumfile = os.path.join(self.ttylogPath, shasum) if os.path.exists(shasumfile): duplicate = True os.remove(self.ttylogFile) else: duplicate = False os.rename(self.ttylogFile, shasumfile) umask = os.umask(0) os.umask(umask) os.chmod(shasumfile, 0o666 & ~umask) log.msg( eventid="cowrie.log.closed", format="Closing TTY Log: %(ttylog)s after %(duration)d seconds", ttylog=shasumfile, size=self.ttylogSize, shasum=shasum, duplicate=duplicate, duration=time.time() - self.startTime, ) insults.ServerProtocol.connectionLost(self, reason)
def connectionLost(self, reason): """ FIXME: this method is called 4 times on logout.... it's called once from Avatar.closed() if disconnected """ if self.stdinlogOpen: try: with open(self.stdinlogFile, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(self.stdinlogFile) log.msg("Not storing duplicate content " + shasum) else: os.rename(self.stdinlogFile, shasumfile) # os.symlink(shasum, self.stdinlogFile) log.msg(eventid='cowrie.session.file_download', format='Saved stdin contents with SHA-256 %(shasum)s to %(outfile)s', url='stdin', outfile=shasumfile, shasum=shasum, destfile='') except IOError as e: pass finally: self.stdinlogOpen = False if self.redirFiles: for rp in self.redirFiles: rf = rp[0] if rp[1]: url = rp[1] else: url = rf[rf.find('redir_')+len('redir_'):] try: if not os.path.exists(rf): continue if os.path.getsize(rf) == 0: os.remove(rf) continue with open(rf, 'rb') as f: shasum = hashlib.sha256(f.read()).hexdigest() shasumfile = os.path.join(self.downloadPath, shasum) if os.path.exists(shasumfile): os.remove(rf) log.msg("Not storing duplicate content " + shasum) else: os.rename(rf, shasumfile) # os.symlink(shasum, rf) log.msg(eventid='cowrie.session.file_download', format='Saved redir contents with SHA-256 %(shasum)s to %(outfile)s', url=url, outfile=shasumfile, shasum=shasum, destfile=url) except IOError: pass self.redirFiles.clear() if self.ttylogEnabled and self.ttylogOpen: log.msg(eventid='cowrie.log.closed', format='Closing TTY Log: %(ttylog)s after %(duration)d seconds', ttylog=self.ttylogFile, size=self.ttylogSize, duration=time.time()-self.startTime) ttylog.ttylog_close(self.ttylogFile, time.time()) self.ttylogOpen = False insults.ServerProtocol.connectionLost(self, reason)