def __init__(self, uuid, channelName, ssh, channelId, command):
super().__init__(uuid, channelName, ssh)
log.msg(
eventid="cowrie.command.input",
input=command.decode("ascii"),
format="CMD: %(input)s",
)
self.transportId = ssh.server.transportId
self.channelId = channelId
self.startTime = time.time()
self.ttylogPath = CowrieConfig.get("honeypot", "ttylog_path")
self.ttylogEnabled = CowrieConfig.getboolean("honeypot",
"ttylog",
fallback=True)
self.ttylogSize = 0
if self.ttylogEnabled:
self.ttylogFile = "{}/{}-{}-{}e.log".format(
self.ttylogPath,
time.strftime("%Y%m%d-%H%M%S"),
self.transportId,
self.channelId,
)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self):
transportId, channelId = self.getSessionId()
self.startTime = time.time()
if self.ttylogEnabled:
self.ttylogFile = '%s/%s-%s-%s%s.log' % \
(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
transportId, channelId, self.type)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
self.ttylogOpen = True
self.ttylogSize = 0
self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
if self.type == 'e':
self.stdinlogOpen = True
else:
self.stdinlogOpen = False
insults.ServerProtocol.connectionMade(self)
if self.type == 'e':
cmd = self.terminalProtocol.execcmd.encode('utf8')
ttylog.ttylog_write(self.ttylogFile, len(cmd),
ttylog.TYPE_INTERACT, time.time(), cmd)
def __init__(self, server):
# holds packet data; useful to manipulate it across functions as needed
self.currentData = None
self.sendData = True
# front and backend references
self.server = server
self.client = None
# definitions from config
self.spoofAuthenticationData = CowrieConfig().getboolean(
'proxy', 'telnet_spoof_authentication')
self.backendLogin = CowrieConfig().get('proxy',
'backend_user').encode()
self.backendPassword = CowrieConfig().get('proxy',
'backend_pass').encode()
self.usernameInNegotiationRegex = CowrieConfig().get(
'proxy', 'telnet_username_in_negotiation_regex',
raw=True).encode()
self.usernamePromptRegex = CowrieConfig().get(
'proxy', 'telnet_username_prompt_regex', raw=True).encode()
self.passwordPromptRegex = CowrieConfig().get(
'proxy', 'telnet_password_prompt_regex', raw=True).encode()
# telnet state
self.currentCommand = b''
# auth state
self.authStarted = False
self.authDone = False
self.usernameState = b'' # TODO clear on end
self.inputingLogin = False
self.passwordState = b'' # TODO clear on end
self.inputingPassword = False
self.waitingLoginEcho = False
# some data is sent by the backend right before the password prompt, we want to capture that
# and the respective frontend response and send it before starting to intercept auth data
self.prePasswordData = False
# buffer
self.backend_buffer = []
# tty logging
self.startTime = time.time()
self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path')
self.ttylogEnabled = CowrieConfig().getboolean('honeypot',
'ttylog',
fallback=True)
self.ttylogSize = 0
if self.ttylogEnabled:
self.ttylogFile = '{0}/telnet-{1}.log'.format(
self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'))
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self):
"""
"""
transportId, channelId = self.getSessionId()
self.startTime = time.time()
self.ttylogFile = '%s/tty/%s-%s-%s%s.log' % \
(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
transportId, channelId, self.type)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
self.ttylogOpen = True
self.ttylogSize = 0
log.msg(eventid='cowrie.log.open',
ttylog=self.ttylogFile,
format='Opening TTY Log: %(ttylog)s')
self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath,
time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
if self.type == 'e':
self.stdinlogOpen = True
else: #i
self.stdinlogOpen = False
insults.ServerProtocol.connectionMade(self)
def connectionMade(self):
"""
"""
transport = self.transport.session.conn.transport
channelId = self.transport.session.id
transport.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \
(self.cfg.get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId,
self.type)
self.ttylog_file = transport.ttylog_file
log.msg(eventid='KIPP0004',
ttylog=transport.ttylog_file,
format='Opening TTY Log: %(ttylog)s')
ttylog.ttylog_open(transport.ttylog_file, time.time())
self.ttylog_open = True
self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \
(self.cfg.get('honeypot', 'download_path'),
time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId)
self.stdinlog_open = False
insults.ServerProtocol.connectionMade(self)
def __init__(self, uuid, channelName, ssh, channelId, command):
super().__init__(uuid, channelName, ssh)
try:
log.msg(
eventid="cowrie.command.input",
input=command.decode("utf8"),
format="CMD: %(input)s",
)
except UnicodeDecodeError:
log.err("Unusual execcmd: {}".format(repr(command)))
self.transportId = ssh.server.transportId
self.channelId = channelId
self.startTime: float = time.time()
self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path")
self.ttylogEnabled: bool = CowrieConfig.getboolean("honeypot",
"ttylog",
fallback=True)
self.ttylogSize: bool = 0
if self.ttylogEnabled:
self.ttylogFile = "{}/{}-{}-{}e.log".format(
self.ttylogPath,
time.strftime("%Y%m%d-%H%M%S"),
self.transportId,
self.channelId,
)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self):
"""
"""
transportId, channelId = self.getSessionId()
self.startTime = time.time()
if self.ttylogEnabled:
self.ttylogFile = '%s/%s-%s-%s%s.log' % \
(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
transportId, channelId, self.type)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
self.ttylogOpen = True
self.ttylogSize = 0
log.msg(eventid='cowrie.log.open',
ttylog=self.ttylogFile,
format='Opening TTY Log: %(ttylog)s')
self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
if self.type == 'e':
self.stdinlogOpen = True
else: #i
self.stdinlogOpen = False
insults.ServerProtocol.connectionMade(self)
def connectionMade(self):
"""
"""
transport = self.transport.session.conn.transport
channelId = self.transport.session.id
transport.ttylog_file = "%s/tty/%s-%s-%s%s.log" % (
self.cfg.get("honeypot", "log_path"),
time.strftime("%Y%m%d-%H%M%S"),
transport.transportId,
channelId,
self.type,
)
self.ttylog_file = transport.ttylog_file
log.msg(eventid="KIPP0004", ttylog=transport.ttylog_file, format="Opening TTY Log: %(ttylog)s")
ttylog.ttylog_open(transport.ttylog_file, time.time())
self.ttylog_open = True
self.stdinlog_file = "%s/%s-%s-%s-stdin.log" % (
self.cfg.get("honeypot", "download_path"),
time.strftime("%Y%m%d-%H%M%S"),
transport.transportId,
channelId,
)
self.stdinlog_open = False
insults.ServerProtocol.connectionMade(self)
def channelOpen(self, specificData):
self.startTime = time.time()
self.ttylogFile = '%s/tty/%s-%s-%s.log' % (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
self.conn.transport.transportId, self.id)
log.msg(eventid='cowrie.log.open',
ttylog=self.ttylogFile,
format="Opening TTY Log: %(ttylog)s")
ttylog.ttylog_open(self.ttylogFile, time.time())
channel.SSHChannel.channelOpen(self, specificData)
def channelOpen(self, specificData):
self.startTime = time.time()
self.ttylogFile = '%s/tty/%s-%s-%s.log' % (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
self.conn.transport.transportId, self.id)
log.msg(eventid='cowrie.log.open',
ttylog=self.ttylogFile,
format="Opening TTY Log: %(ttylog)s")
ttylog.ttylog_open(self.ttylogFile, time.time())
channel.SSHChannel.channelOpen(self, specificData)
def channelOpen(self, specificData):
self.startTime = time.time()
self.ttylogFile = "{}/tty/{}-{}-{}.log".format(
self.ttylogPath,
time.strftime("%Y%m%d-%H%M%S"),
self.conn.transport.transportId,
self.id,
)
log.msg(
eventid="cowrie.log.open",
ttylog=self.ttylogFile,
format="Opening TTY Log: %(ttylog)s",
)
ttylog.ttylog_open(self.ttylogFile, time.time())
channel.SSHChannel.channelOpen(self, specificData)
def connectionMade(self):
transport = self.transport.session.conn.transport
transport.ttylog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
print 'Opening TTY log: %s' % transport.ttylog_file
ttylog.ttylog_open(transport.ttylog_file, time.time())
transport.ttylog_open = True
insults.ServerProtocol.connectionMade(self)
transport.stdinlog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'download_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
transport.stdinlog_open = True
def connectionMade(self):
transport = self.transport.session.conn.transport
transport.ttylog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
print 'Opening TTY log: %s' % transport.ttylog_file
ttylog.ttylog_open(transport.ttylog_file, time.time())
transport.ttylog_open = True
insults.ServerProtocol.connectionMade(self)
transport.stdinlog_file = '%s/tty/%s-%s.log' % \
(config().get('honeypot', 'download_path'),
time.strftime('%Y%m%d-%H%M%S'),
int(random.random() * 10000))
transport.stdinlog_open = True
def __init__(self, uuid, channelName, ssh, channelId, command):
super(ExecTerm, self).__init__(uuid, channelName, ssh)
log.msg(eventid='cowrie.command.input',
input=command.decode('ascii'),
format='CMD: %(input)s')
self.transportId = ssh.server.transportId
self.channelId = channelId
self.startTime = time.time()
self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path')
self.ttylogEnabled = CowrieConfig().getboolean('honeypot', 'ttylog', fallback=True)
self.ttylogSize = 0
if self.ttylogEnabled:
self.ttylogFile = '{0}/{1}-{2}-{3}e.log'.format(
self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), self.transportId, self.channelId)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def __init__(self, uuid, chan_name, ssh, channelId):
super().__init__(uuid, chan_name, ssh)
self.command = b''
self.pointer = 0
self.tabPress = False
self.upArrow = False
self.transportId = ssh.server.transportId
self.channelId = channelId
self.startTime = time.time()
self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path')
self.ttylogEnabled = CowrieConfig().getboolean('honeypot', 'ttylog', fallback=True)
self.ttylogSize = 0
if self.ttylogEnabled:
self.ttylogFile = \
'{}/{}-{}-{}i.log'.format(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), uuid, self.channelId)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self):
"""
"""
transport = self.transport.session.conn.transport
transport.ttylog_file = '%s/tty/%s-%s.log' % \
(self.cfg.get('honeypot', 'log_path'),
time.strftime('%Y%m%d-%H%M%S'), transport.transportId)
self.ttylog_file = transport.ttylog_file
log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file,
format='Opening TTY Log: %(ttylog)s')
ttylog.ttylog_open(transport.ttylog_file, time.time())
self.ttylog_open = True
self.stdinlog_file = '%s/%s-%s-stdin.log' % \
(self.cfg.get('honeypot', 'download_path'),
time.strftime('%Y%m%d-%H%M%S'), transport.transportId)
self.stdinlog_open = False
insults.ServerProtocol.connectionMade(self)
def connectionMade(self) -> None:
transportId, channelId = self.getSessionId()
self.startTime = time.time()
if self.ttylogEnabled:
self.ttylogFile = "{}/{}-{}-{}{}.log".format(
self.ttylogPath,
time.strftime("%Y%m%d-%H%M%S"),
transportId,
channelId,
self.type,
)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
self.ttylogOpen = True
self.ttylogSize = 0
self.stdinlogFile = "{}/{}-{}-{}-stdin.log".format(
self.downloadPath,
time.strftime("%Y%m%d-%H%M%S"),
transportId,
channelId,
)
if self.type == "e":
self.stdinlogOpen = True
# log the command into ttylog
if self.ttylogEnabled:
(sess, cmd) = self.protocolArgs
ttylog.ttylog_write(
self.ttylogFile, len(cmd), ttylog.TYPE_INTERACT, time.time(), cmd
)
else:
self.stdinlogOpen = False
insults.ServerProtocol.connectionMade(self)
if self.type == "e":
self.terminalProtocol.execcmd.encode("utf8")
def connectionMade(self):
"""
"""
transportId, channelId = self.getSessionId()
self.startTime = time.time()
if self.ttylogEnabled:
self.ttylogFile = '%s/%s-%s-%s%s.log' % \
(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'),
transportId, channelId, self.type)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
self.ttylogOpen = True
self.ttylogSize = 0
self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
if self.type == 'e':
self.stdinlogOpen = True
else:
self.stdinlogOpen = False
insults.ServerProtocol.connectionMade(self)
def connectionMade(self):
"""
"""
transportId = self.transport.session.conn.transport.transportId
channelId = self.transport.session.id
self.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \
(self.ttylogPath,
time.strftime('%Y%m%d-%H%M%S'), transportId, channelId,
self.type)
ttylog.ttylog_open(self.ttylog_file, time.time())
self.ttylog_open = True
log.msg(eventid='COW0004', ttylog=self.ttylog_file,
format='Opening TTY Log: %(ttylog)s')
self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath,
time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
self.stdinlog_open = False
self.ttylogSize = 0
insults.ServerProtocol.connectionMade(self)
def __init__(self, uuid, chan_name, ssh, channelId):
super().__init__(uuid, chan_name, ssh)
self.command: bytes = b""
self.pointer: int = 0
self.tabPress: bool = False
self.upArrow: bool = False
self.transportId: int = ssh.server.transportId
self.channelId: int = channelId
self.startTime: float = time.time()
self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path")
self.ttylogEnabled: bool = CowrieConfig.getboolean(
"honeypot", "ttylog", fallback=True
)
self.ttylogSize: int = 0
if self.ttylogEnabled:
self.ttylogFile = "{}/{}-{}-{}i.log".format(
self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), uuid, self.channelId
)
ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self):
"""
"""
transportId = self.transport.session.conn.transport.transportId
channelId = self.transport.session.id
self.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \
(self.ttylogPath,
time.strftime('%Y%m%d-%H%M%S'), transportId, channelId,
self.type)
ttylog.ttylog_open(self.ttylog_file, time.time())
self.ttylog_open = True
log.msg(eventid='cowrie.log.open',
ttylog=self.ttylog_file,
format='Opening TTY Log: %(ttylog)s')
self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \
(self.downloadPath,
time.strftime('%Y%m%d-%H%M%S'), transportId, channelId)
self.stdinlog_open = False
self.ttylogSize = 0
insults.ServerProtocol.connectionMade(self)
