You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If .ssh doesn't exist, you will get an error: "No such file or directory".
This is correct, but it stops a file download event from happening - you can't capture the artifact.
Describe the solution you'd like
Would something like this work?
If self.safeoutfile remains set, then a redir capture should still happen AFAICT. But we still unset self.outfile and enter the same "error state" as before.
diff --git a/src/cowrie/shell/command.py b/src/cowrie/shell/command.py
index 6617700c..6f53a5c1 100644
--- a/src/cowrie/shell/command.py
+++ b/src/cowrie/shell/command.py
@@ -83,13 +83,11 @@ class HoneyPotCommand:
)
self.writefn = self.write_to_failed
self.outfile = None
- self.safeoutfile = ""
except fs.PermissionDenied:
# The outfile locates in a file-system that doesn't allow file creation
self.errorWrite(f"-bash: {self.outfile}: Permission denied\n")
self.writefn = self.write_to_failed
self.outfile = None
- self.safeoutfile = ""
else:
with open(self.safeoutfile, "ab"):
@@ -139,7 +137,9 @@ class HoneyPotCommand:
self.fs.update_size(self.outfile, self.writtenBytes)
def write_to_failed(self, data: bytes) -> None:
- pass
+ with open(self.safeoutfile, "ab") as f:
+ f.write(data)
+ self.writtenBytes += len(data)
def start(self) -> None:
if self.writefn != self.write_to_failed:
This handles redirects only.
Describe alternatives you've considered
This is a very simple example, and it would be reasonable to just pre-create .ssh in your cowrie installation. However, there may be other examples (maybe a bug in the attempt) or the exploit is against a specific device that you don't happen to have a profile for, where it would be good to capture the assets.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Conisder something like this:
If .ssh doesn't exist, you will get an error: "No such file or directory".
This is correct, but it stops a file download event from happening - you can't capture the artifact.
Describe the solution you'd like
Would something like this work?
If self.safeoutfile remains set, then a redir capture should still happen AFAICT. But we still unset self.outfile and enter the same "error state" as before.
This handles redirects only.
Describe alternatives you've considered
This is a very simple example, and it would be reasonable to just pre-create .ssh in your cowrie installation. However, there may be other examples (maybe a bug in the attempt) or the exploit is against a specific device that you don't happen to have a profile for, where it would be good to capture the assets.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: