cowrie蜜罐修改方法(附部署链接)

2017-04-04  本文已影响0人  Exspectate

2017.4.4

本文档内容为cowrie蜜罐修改方法。分为如下三个部分。

准备工作:
部署cowrie:http://blog.csdn.net/youjianzhou/article/details/55505243

注意:以下操作均需要在honey用户下操作

su honey
cd /opt/cowrie
source env/bin/activate

变为如下

(env)honey@huanbiao:/opt/cowrie$

文件系统修改

cd /opt/cowrie/bin/ 
./fsctl /opt/cowrie/data/fs.pickle #进入修改文件系统程序

界面如下:

Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help

fs.pickle:/$

操作如下:
共支持如下17个操作:

  1. EOF
    The escape character ctrl+d exits the session

  2. chgrp
    Change file ownership

  3. chown
    Change file ownership

  4. cp
    Copies a file/directory from one directory to another.

     Usage: cp <source file> <destination file>

  5. file
    Identifies file types.

     Usage: file <file name>

  6. mv
    Moves a file/directory from one directory to another.

     Usage: mv <source file> <destination file>

  7. rm
    Remove an object from the file system.
    Will not remove a directory unless the -r switch is invoked.

     Usage: rm [-r] <target>

  8. touch
    Add a new file in the target directory.
    Handles relative or absolute file paths.

     Usage: touch <destination> [<size in bytes>]

  9. cd
    Changes the current directory.

     Usage: cd <target directory>

  10. chmod
    Change file permissions.
    only modes between 000 and 777 are implemented

  11. clear
    Clears the screen.

  12. exit
    Exits the file system editor

  13. help
    Type help <topic> to get more information.

  14. mkdir
    Add a new directory in the target directory.
    Handles relative or absolute file paths.

    Usage: mkdir <destination>...

  15. pwd
    Prints the current working directory

  16. rmdir
    Remove a file object. Like the unix command,
    this can only delete empty directories.
    Use rm -r to recursively delete full directories.

    Usage: rmdir <target directory>

  17. ls
    Prints the contents of a directory, use ls -l to list in long format
    Prints the current directory if no arguments are specified

增加无参数操作

以建立tess操作,内容为you are testing 无参数操作为例

1、 在txt文件夹下建立新文件tess,内容为you are testing

cd /opt/cowrie/txtcmds/bin
vi tess

2、 写入cowrie可执行操作表

cd /opt/cowrie/cowrie/commands
vi busybox.py

在Currently defined functions内添加tess,并保存,如下所示:

Currently defined functions:
        [, [[, adjtimex, ar, arp, arping, ash, awk, basename, blockdev, brctl,
        bunzip2, bzcat, bzip2, cal, cat, chgrp, chmod, chown, chroot, chvt,
        clear, cmp, cp, cpio, cttyhack, cut, date, dc, dd, deallocvt, depmod,
        df, diff, dirname, dmesg, dnsdomainname, dos2unix, du, dumpkmap,
        dumpleases, echo, egrep, env, expand, expr, false, fgrep, find, fold,
        free, freeramdisk, ftpget, ftpput, getopt, getty, grep, groups, gunzip,
        gzip, halt, head, hexdump, hostid, hostname, httpd, hwclock, id,
        ifconfig, init, insmod, ionice, ip, ipcalc, kill, killall, klogd, last,
        less, ln, loadfont, loadkmap, logger, login, logname, logread, losetup,
        ls, lsmod, lzcat, lzma, md5sum, mdev, microcom, mkdir, mkfifo, mknod,
        mkswap, mktemp, modinfo, modprobe, more, mount, mt, mv, nameif, nc,
        netstat, nslookup, od, openvt, patch, pidof, ping, ping6, pivot_root,
        poweroff, printf, ps, pwd, rdate, readlink, realpath, reboot, renice,
        reset, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, run-parts, sed, seq,
        setkeycodes, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort,
        start-stop-daemon, stat, strings, stty, swapoff, swapon, switch_root,
        sync, sysctl, syslogd, tac, tail, tar, taskset, tee, telnet, test, tftp,
        time, timeout, top, touch, tr, traceroute, traceroute6, true, tty,
        udhcpc, udhcpd, umount, uname, uncompress, unexpand, uniq, unix2dos,
        unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode, vconfig, vi,
        watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes,
        zcat, wtf, tess

3、 在虚拟机系统内建立对应文件

cd /opt/cowrie/bin/
./fsctl /opt/cowrie/data/fs.pickle

界面如下:

Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help

fs.pickle:/$

在fs.pickle内bin文件夹新增文件tess如下:

fs.pickle:/$ cd bin
fs.pickle:/bin$ touch tess 1245
Added '/bin/tess'

4、创建新fs文件

cd /opt/cowrie/bin/
./createfs

5、重启

/opt/cowrie/stop.sh
/opt/cowrie/start.sh

增加含参数操作

以建立ppp操作,功能与apt-get相同为例

1、 在cowrie/commands下建立新文件ppp.py,内容可暂时复制apt-get

cd /opt/cowrie/cowrie/commands
vi AAA.py

注:需要修改以下部分

类名:
class command_aptget(HoneyPotCommand):
               ↓ 
class command_ppp(HoneyPotCommand):

最后一行:
commands['/usr/bin/apt-get'] = command_aptget
                     ↓             ↓ 
commands['/usr/bin/ppp'] = command_ppp

2、 写入cowrie可执行操作表

cd /opt/cowrie/cowrie/commands
vi busybox.py

在Currently defined functions内添加ppp,并保存,如下所示:

Currently defined functions:
        [, [[, adjtimex, ar, arp, arping, ash, awk, basename, blockdev, brctl,
        bunzip2, bzcat, bzip2, cal, cat, chgrp, chmod, chown, chroot, chvt,
        clear, cmp, cp, cpio, cttyhack, cut, date, dc, dd, deallocvt, depmod,
        df, diff, dirname, dmesg, dnsdomainname, dos2unix, du, dumpkmap,
        dumpleases, echo, egrep, env, expand, expr, false, fgrep, find, fold,
        free, freeramdisk, ftpget, ftpput, getopt, getty, grep, groups, gunzip,
        gzip, halt, head, hexdump, hostid, hostname, httpd, hwclock, id,
        ifconfig, init, insmod, ionice, ip, ipcalc, kill, killall, klogd, last,
        less, ln, loadfont, loadkmap, logger, login, logname, logread, losetup,
        ls, lsmod, lzcat, lzma, md5sum, mdev, microcom, mkdir, mkfifo, mknod,
        mkswap, mktemp, modinfo, modprobe, more, mount, mt, mv, nameif, nc,
        netstat, nslookup, od, openvt, patch, pidof, ping, ping6, pivot_root,
        poweroff, printf, ps, pwd, rdate, readlink, realpath, reboot, renice,
        reset, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, run-parts, sed, seq,
        setkeycodes, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort,
        start-stop-daemon, stat, strings, stty, swapoff, swapon, switch_root,
        sync, sysctl, syslogd, tac, tail, tar, taskset, tee, telnet, test, tftp,
        time, timeout, top, touch, tr, traceroute, traceroute6, true, tty,
        udhcpc, udhcpd, umount, uname, uncompress, unexpand, uniq, unix2dos,
        unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode, vconfig, vi,
        watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes,
        zcat, wtf, ppp

3、 在虚拟机系统内建立对应文件

cd /opt/cowrie/bin/
./fsctl /opt/cowrie/data/fs.pickle

界面如下:

Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help

fs.pickle:/$

在fs.pickle内bin文件夹新增文件ppp如下:

fs.pickle:/$ cd /usr/bin
fs.pickle:/bin$ touch ppp 1111
Added '/usr/bin/ppp'

4、创建新fs文件

cd /opt/cowrie/bin/
./createfs

5、重启

/opt/cowrie/stop.sh
/opt/cowrie/start.sh
上一篇下一篇

猜你喜欢

热点阅读