From 824004f6eed95ce4c745b09fd46d0e2e11a6e982 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Thu, 29 May 2014 08:55:21 +0100 Subject: [PATCH] Added "env" command Credit: https://github.com/basilfx/kippo-extra ...Will come back to this to add 'SSH_*' response later. --- kippo/commands/__init__.py | 1 + kippo/commands/env.py | 31 +++++++++++++++++++++++++++++++ kippo/core/honeypot.py | 28 ++++++++++++++++++++++------ 3 files changed, 54 insertions(+), 6 deletions(-) create mode 100644 kippo/commands/env.py diff --git a/kippo/commands/__init__.py b/kippo/commands/__init__.py index 01cdddf..6f7ee23 100644 --- a/kippo/commands/__init__.py +++ b/kippo/commands/__init__.py @@ -14,4 +14,5 @@ 'last', 'fs', 'malware', + 'env', ] diff --git a/kippo/commands/env.py b/kippo/commands/env.py new file mode 100644 index 0000000..e4f2d7b --- /dev/null +++ b/kippo/commands/env.py @@ -0,0 +1,31 @@ +from kippo.core.honeypot import HoneyPotCommand + +commands = {} + +class command_env(HoneyPotCommand): + def call(self): + self.defaultenv = { + 'TERM': 'xterm-256color', + 'SHELL': '/bin/bash', + 'SSH_TTY': '/dev/pts/0', + 'USER': self.honeypot.user.username, + 'MAIL': '/var/mail/%s' % self.honeypot.user.username, + 'PATH': '/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin', + 'PWD': self.honeypot.cwd, + 'LANG': 'en_US.UTF-8', + 'SHLVL': '1', + 'HOME': '/root', + 'LANGUAGE': 'en_GB:en', + 'LOGNAME': self.honeypot.user.username, + '_': '/usr/bin/env', + } + + if self.env and len(self.env) > 0: + self.defaultenv.update(self.env) + + for key, value in self.defaultenv.iteritems(): + self.writeln("%s=%s" % (key, value)) + +commands['/usr/bin/env'] = command_env + +# vim: set sw=4 et tw=0: diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py index 0957d7e..cfdc401 100644 --- a/kippo/core/honeypot.py +++ b/kippo/core/honeypot.py @@ -21,9 +21,10 @@ import ConfigParser class HoneyPotCommand(object): - def __init__(self, honeypot, *args): + def __init__(self, honeypot, *args, **kwargs): self.honeypot = honeypot self.args = args + self.env = kwargs self.writeln = self.honeypot.writeln self.write = self.honeypot.terminal.write self.nextLine = self.honeypot.terminal.nextLine @@ -124,7 +125,11 @@ def runOrPrompt(): if cmdclass: print 'Command found: %s' % (line,) self.honeypot.logDispatch('Command found: %s' % (line,)) - self.honeypot.call_command(cmdclass, *rargs) + + if getattr(cmdclass, 'resolve_args', False): + self.honeypot.call_command(cmdclass, *rargs, **envvars) + else: + self.honeypot.call_command(cmdclass, *args, **envvars) else: self.honeypot.logDispatch('Command not found: %s' % (line,)) print 'Command not found: %s' % (line,) @@ -137,10 +142,16 @@ def resume(self): self.runCommand() def showPrompt(self): + # Example: nas3:~# + #prompt = '%s:%%(path)s' % self.honeypot.hostname + # Example: root@nas3:~# (More of a "Debianu" feel) + prompt = '%s@%s:%%(path)s' % (self.honeypot.user.username, self.honeypot.hostname,) + # Example: [root@nas3 ~]# (More of a "CentOS" feel) + #prompt = '[%s@%s %%(path)s]' % (self.honeypot.user.username, self.honeypot.hostname,) if not self.honeypot.user.uid: - prompt = '%s:%%(path)s# ' % self.honeypot.hostname + prompt += '# ' # "Root" user else: - prompt = '%s:%%(path)s$ ' % self.honeypot.hostname + prompt += '$ ' # "Non-Root" user path = self.honeypot.cwd homelen = len(self.honeypot.user.home) @@ -149,6 +160,11 @@ def showPrompt(self): elif len(path) > (homelen+1) and \ path[:(homelen+1)] == self.honeypot.user.home + '/': path = '~' + path[homelen:] + # Uncomment the three lines below for a 'better' CenOS look. + # Rather than '[root@nas3 /var/log]#' is shows '[root@nas3 log]#'. + #path = path.rsplit('/', 1)[-1] + #if not path: + # path = '/' attrs = {'path': path} self.honeypot.terminal.write(prompt % attrs) @@ -357,8 +373,8 @@ def writeln(self, data): self.terminal.write(data) self.terminal.nextLine() - def call_command(self, cmd, *args): - obj = cmd(self, *args) + def call_command(self, cmd, *args, **kwargs): + obj = cmd(self, *args, **kwargs) self.cmdstack.append(obj) self.setTypeoverMode() obj.start()