def __init__(self, uuid, channelName, ssh, channelId, command): super().__init__(uuid, channelName, ssh) log.msg( eventid="cowrie.command.input", input=command.decode("ascii"), format="CMD: %(input)s", ) self.transportId = ssh.server.transportId self.channelId = channelId self.startTime = time.time() self.ttylogPath = CowrieConfig.get("honeypot", "ttylog_path") self.ttylogEnabled = CowrieConfig.getboolean("honeypot", "ttylog", fallback=True) self.ttylogSize = 0 if self.ttylogEnabled: self.ttylogFile = "{}/{}-{}-{}e.log".format( self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), self.transportId, self.channelId, ) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self): transportId, channelId = self.getSessionId() self.startTime = time.time() if self.ttylogEnabled: self.ttylogFile = '%s/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylogFile, self.startTime) self.ttylogOpen = True self.ttylogSize = 0 self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) if self.type == 'e': self.stdinlogOpen = True else: self.stdinlogOpen = False insults.ServerProtocol.connectionMade(self) if self.type == 'e': cmd = self.terminalProtocol.execcmd.encode('utf8') ttylog.ttylog_write(self.ttylogFile, len(cmd), ttylog.TYPE_INTERACT, time.time(), cmd)
def __init__(self, server): # holds packet data; useful to manipulate it across functions as needed self.currentData = None self.sendData = True # front and backend references self.server = server self.client = None # definitions from config self.spoofAuthenticationData = CowrieConfig().getboolean( 'proxy', 'telnet_spoof_authentication') self.backendLogin = CowrieConfig().get('proxy', 'backend_user').encode() self.backendPassword = CowrieConfig().get('proxy', 'backend_pass').encode() self.usernameInNegotiationRegex = CowrieConfig().get( 'proxy', 'telnet_username_in_negotiation_regex', raw=True).encode() self.usernamePromptRegex = CowrieConfig().get( 'proxy', 'telnet_username_prompt_regex', raw=True).encode() self.passwordPromptRegex = CowrieConfig().get( 'proxy', 'telnet_password_prompt_regex', raw=True).encode() # telnet state self.currentCommand = b'' # auth state self.authStarted = False self.authDone = False self.usernameState = b'' # TODO clear on end self.inputingLogin = False self.passwordState = b'' # TODO clear on end self.inputingPassword = False self.waitingLoginEcho = False # some data is sent by the backend right before the password prompt, we want to capture that # and the respective frontend response and send it before starting to intercept auth data self.prePasswordData = False # buffer self.backend_buffer = [] # tty logging self.startTime = time.time() self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path') self.ttylogEnabled = CowrieConfig().getboolean('honeypot', 'ttylog', fallback=True) self.ttylogSize = 0 if self.ttylogEnabled: self.ttylogFile = '{0}/telnet-{1}.log'.format( self.ttylogPath, time.strftime('%Y%m%d-%H%M%S')) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self): """ """ transportId, channelId = self.getSessionId() self.startTime = time.time() self.ttylogFile = '%s/tty/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylogFile, self.startTime) self.ttylogOpen = True self.ttylogSize = 0 log.msg(eventid='cowrie.log.open', ttylog=self.ttylogFile, format='Opening TTY Log: %(ttylog)s') self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) if self.type == 'e': self.stdinlogOpen = True else: #i self.stdinlogOpen = False insults.ServerProtocol.connectionMade(self)
def connectionMade(self): """ """ transport = self.transport.session.conn.transport channelId = self.transport.session.id transport.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ (self.cfg.get('honeypot', 'log_path'), time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId, self.type) self.ttylog_file = transport.ttylog_file log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file, format='Opening TTY Log: %(ttylog)s') ttylog.ttylog_open(transport.ttylog_file, time.time()) self.ttylog_open = True self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ (self.cfg.get('honeypot', 'download_path'), time.strftime('%Y%m%d-%H%M%S'), transport.transportId, channelId) self.stdinlog_open = False insults.ServerProtocol.connectionMade(self)
def __init__(self, uuid, channelName, ssh, channelId, command): super().__init__(uuid, channelName, ssh) try: log.msg( eventid="cowrie.command.input", input=command.decode("utf8"), format="CMD: %(input)s", ) except UnicodeDecodeError: log.err("Unusual execcmd: {}".format(repr(command))) self.transportId = ssh.server.transportId self.channelId = channelId self.startTime: float = time.time() self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path") self.ttylogEnabled: bool = CowrieConfig.getboolean("honeypot", "ttylog", fallback=True) self.ttylogSize: bool = 0 if self.ttylogEnabled: self.ttylogFile = "{}/{}-{}-{}e.log".format( self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), self.transportId, self.channelId, ) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self): """ """ transportId, channelId = self.getSessionId() self.startTime = time.time() if self.ttylogEnabled: self.ttylogFile = '%s/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylogFile, self.startTime) self.ttylogOpen = True self.ttylogSize = 0 log.msg(eventid='cowrie.log.open', ttylog=self.ttylogFile, format='Opening TTY Log: %(ttylog)s') self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) if self.type == 'e': self.stdinlogOpen = True else: #i self.stdinlogOpen = False insults.ServerProtocol.connectionMade(self)
def connectionMade(self): """ """ transport = self.transport.session.conn.transport channelId = self.transport.session.id transport.ttylog_file = "%s/tty/%s-%s-%s%s.log" % ( self.cfg.get("honeypot", "log_path"), time.strftime("%Y%m%d-%H%M%S"), transport.transportId, channelId, self.type, ) self.ttylog_file = transport.ttylog_file log.msg(eventid="KIPP0004", ttylog=transport.ttylog_file, format="Opening TTY Log: %(ttylog)s") ttylog.ttylog_open(transport.ttylog_file, time.time()) self.ttylog_open = True self.stdinlog_file = "%s/%s-%s-%s-stdin.log" % ( self.cfg.get("honeypot", "download_path"), time.strftime("%Y%m%d-%H%M%S"), transport.transportId, channelId, ) self.stdinlog_open = False insults.ServerProtocol.connectionMade(self)
def channelOpen(self, specificData): self.startTime = time.time() self.ttylogFile = '%s/tty/%s-%s-%s.log' % (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), self.conn.transport.transportId, self.id) log.msg(eventid='cowrie.log.open', ttylog=self.ttylogFile, format="Opening TTY Log: %(ttylog)s") ttylog.ttylog_open(self.ttylogFile, time.time()) channel.SSHChannel.channelOpen(self, specificData)
def channelOpen(self, specificData): self.startTime = time.time() self.ttylogFile = "{}/tty/{}-{}-{}.log".format( self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), self.conn.transport.transportId, self.id, ) log.msg( eventid="cowrie.log.open", ttylog=self.ttylogFile, format="Opening TTY Log: %(ttylog)s", ) ttylog.ttylog_open(self.ttylogFile, time.time()) channel.SSHChannel.channelOpen(self, specificData)
def connectionMade(self): transport = self.transport.session.conn.transport transport.ttylog_file = '%s/tty/%s-%s.log' % \ (config().get('honeypot', 'log_path'), time.strftime('%Y%m%d-%H%M%S'), int(random.random() * 10000)) print 'Opening TTY log: %s' % transport.ttylog_file ttylog.ttylog_open(transport.ttylog_file, time.time()) transport.ttylog_open = True insults.ServerProtocol.connectionMade(self) transport.stdinlog_file = '%s/tty/%s-%s.log' % \ (config().get('honeypot', 'download_path'), time.strftime('%Y%m%d-%H%M%S'), int(random.random() * 10000)) transport.stdinlog_open = True
def __init__(self, uuid, channelName, ssh, channelId, command): super(ExecTerm, self).__init__(uuid, channelName, ssh) log.msg(eventid='cowrie.command.input', input=command.decode('ascii'), format='CMD: %(input)s') self.transportId = ssh.server.transportId self.channelId = channelId self.startTime = time.time() self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path') self.ttylogEnabled = CowrieConfig().getboolean('honeypot', 'ttylog', fallback=True) self.ttylogSize = 0 if self.ttylogEnabled: self.ttylogFile = '{0}/{1}-{2}-{3}e.log'.format( self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), self.transportId, self.channelId) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def __init__(self, uuid, chan_name, ssh, channelId): super().__init__(uuid, chan_name, ssh) self.command = b'' self.pointer = 0 self.tabPress = False self.upArrow = False self.transportId = ssh.server.transportId self.channelId = channelId self.startTime = time.time() self.ttylogPath = CowrieConfig().get('honeypot', 'ttylog_path') self.ttylogEnabled = CowrieConfig().getboolean('honeypot', 'ttylog', fallback=True) self.ttylogSize = 0 if self.ttylogEnabled: self.ttylogFile = \ '{}/{}-{}-{}i.log'.format(self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), uuid, self.channelId) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self): """ """ transport = self.transport.session.conn.transport transport.ttylog_file = '%s/tty/%s-%s.log' % \ (self.cfg.get('honeypot', 'log_path'), time.strftime('%Y%m%d-%H%M%S'), transport.transportId) self.ttylog_file = transport.ttylog_file log.msg(eventid='KIPP0004', ttylog=transport.ttylog_file, format='Opening TTY Log: %(ttylog)s') ttylog.ttylog_open(transport.ttylog_file, time.time()) self.ttylog_open = True self.stdinlog_file = '%s/%s-%s-stdin.log' % \ (self.cfg.get('honeypot', 'download_path'), time.strftime('%Y%m%d-%H%M%S'), transport.transportId) self.stdinlog_open = False insults.ServerProtocol.connectionMade(self)
def connectionMade(self) -> None: transportId, channelId = self.getSessionId() self.startTime = time.time() if self.ttylogEnabled: self.ttylogFile = "{}/{}-{}-{}{}.log".format( self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), transportId, channelId, self.type, ) ttylog.ttylog_open(self.ttylogFile, self.startTime) self.ttylogOpen = True self.ttylogSize = 0 self.stdinlogFile = "{}/{}-{}-{}-stdin.log".format( self.downloadPath, time.strftime("%Y%m%d-%H%M%S"), transportId, channelId, ) if self.type == "e": self.stdinlogOpen = True # log the command into ttylog if self.ttylogEnabled: (sess, cmd) = self.protocolArgs ttylog.ttylog_write( self.ttylogFile, len(cmd), ttylog.TYPE_INTERACT, time.time(), cmd ) else: self.stdinlogOpen = False insults.ServerProtocol.connectionMade(self) if self.type == "e": self.terminalProtocol.execcmd.encode("utf8")
def connectionMade(self): """ """ transportId, channelId = self.getSessionId() self.startTime = time.time() if self.ttylogEnabled: self.ttylogFile = '%s/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylogFile, self.startTime) self.ttylogOpen = True self.ttylogSize = 0 self.stdinlogFile = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) if self.type == 'e': self.stdinlogOpen = True else: self.stdinlogOpen = False insults.ServerProtocol.connectionMade(self)
def connectionMade(self): """ """ transportId = self.transport.session.conn.transport.transportId channelId = self.transport.session.id self.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylog_file, time.time()) self.ttylog_open = True log.msg(eventid='COW0004', ttylog=self.ttylog_file, format='Opening TTY Log: %(ttylog)s') self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) self.stdinlog_open = False self.ttylogSize = 0 insults.ServerProtocol.connectionMade(self)
def __init__(self, uuid, chan_name, ssh, channelId): super().__init__(uuid, chan_name, ssh) self.command: bytes = b"" self.pointer: int = 0 self.tabPress: bool = False self.upArrow: bool = False self.transportId: int = ssh.server.transportId self.channelId: int = channelId self.startTime: float = time.time() self.ttylogPath: str = CowrieConfig.get("honeypot", "ttylog_path") self.ttylogEnabled: bool = CowrieConfig.getboolean( "honeypot", "ttylog", fallback=True ) self.ttylogSize: int = 0 if self.ttylogEnabled: self.ttylogFile = "{}/{}-{}-{}i.log".format( self.ttylogPath, time.strftime("%Y%m%d-%H%M%S"), uuid, self.channelId ) ttylog.ttylog_open(self.ttylogFile, self.startTime)
def connectionMade(self): """ """ transportId = self.transport.session.conn.transport.transportId channelId = self.transport.session.id self.ttylog_file = '%s/tty/%s-%s-%s%s.log' % \ (self.ttylogPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId, self.type) ttylog.ttylog_open(self.ttylog_file, time.time()) self.ttylog_open = True log.msg(eventid='cowrie.log.open', ttylog=self.ttylog_file, format='Opening TTY Log: %(ttylog)s') self.stdinlog_file = '%s/%s-%s-%s-stdin.log' % \ (self.downloadPath, time.strftime('%Y%m%d-%H%M%S'), transportId, channelId) self.stdinlog_open = False self.ttylogSize = 0 insults.ServerProtocol.connectionMade(self)