2017.4.4
本文档内容为cowrie蜜罐修改方法。分为如下三个部分。
- 文件系统修改(目录、文件)
- 无参数命令修改
- 有参数命令修改
准备工作:
部署cowrie:http://blog.csdn.net/youjianzhou/article/details/55505243
注意:以下操作均需要在honey用户下操作
su honey
cd /opt/cowrie
source env/bin/activate
变为如下
(env)honey@huanbiao:/opt/cowrie$
文件系统修改
cd /opt/cowrie/bin/
./fsctl /opt/cowrie/data/fs.pickle #进入修改文件系统程序
界面如下:
Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help
fs.pickle:/$
操作如下:
共支持如下17个操作:
EOF
The escape character ctrl+d exits the sessionchgrp
Change file ownershipchown
Change file ownership-
cp
Copies a file/directory from one directory to another.Usage: cp -
file
Identifies file types.Usage: file -
mv
Moves a file/directory from one directory to another.Usage: mv -
rm
Remove an object from the file system.
Will not remove a directory unless the -r switch is invoked.Usage: rm [-r] -
touch
Add a new file in the target directory.
Handles relative or absolute file paths.Usage: touch[ ] -
cd
Changes the current directory.Usage: cd chmod
Change file permissions.
only modes between 000 and 777 are implementedclear
Clears the screen.exit
Exits the file system editorhelp
Type helpto get more information. -
mkdir
Add a new directory in the target directory.
Handles relative or absolute file paths.Usage: mkdir... pwd
Prints the current working directory-
rmdir
Remove a file object. Like the unix command,
this can only delete empty directories.
Use rm -r to recursively delete full directories.Usage: rmdir ls
Prints the contents of a directory, use ls -l to list in long format
Prints the current directory if no arguments are specified
增加无参数操作
以建立tess操作,内容为you are testing 无参数操作为例
1、 在txt文件夹下建立新文件tess,内容为you are testing
cd /opt/cowrie/txtcmds/bin
vi tess
2、 写入cowrie可执行操作表
cd /opt/cowrie/cowrie/commands
vi busybox.py
在Currently defined functions内添加tess,并保存,如下所示:
Currently defined functions:
[, [[, adjtimex, ar, arp, arping, ash, awk, basename, blockdev, brctl,
bunzip2, bzcat, bzip2, cal, cat, chgrp, chmod, chown, chroot, chvt,
clear, cmp, cp, cpio, cttyhack, cut, date, dc, dd, deallocvt, depmod,
df, diff, dirname, dmesg, dnsdomainname, dos2unix, du, dumpkmap,
dumpleases, echo, egrep, env, expand, expr, false, fgrep, find, fold,
free, freeramdisk, ftpget, ftpput, getopt, getty, grep, groups, gunzip,
gzip, halt, head, hexdump, hostid, hostname, httpd, hwclock, id,
ifconfig, init, insmod, ionice, ip, ipcalc, kill, killall, klogd, last,
less, ln, loadfont, loadkmap, logger, login, logname, logread, losetup,
ls, lsmod, lzcat, lzma, md5sum, mdev, microcom, mkdir, mkfifo, mknod,
mkswap, mktemp, modinfo, modprobe, more, mount, mt, mv, nameif, nc,
netstat, nslookup, od, openvt, patch, pidof, ping, ping6, pivot_root,
poweroff, printf, ps, pwd, rdate, readlink, realpath, reboot, renice,
reset, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, run-parts, sed, seq,
setkeycodes, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort,
start-stop-daemon, stat, strings, stty, swapoff, swapon, switch_root,
sync, sysctl, syslogd, tac, tail, tar, taskset, tee, telnet, test, tftp,
time, timeout, top, touch, tr, traceroute, traceroute6, true, tty,
udhcpc, udhcpd, umount, uname, uncompress, unexpand, uniq, unix2dos,
unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode, vconfig, vi,
watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes,
zcat, wtf, tess
3、 在虚拟机系统内建立对应文件
cd /opt/cowrie/bin/
./fsctl /opt/cowrie/data/fs.pickle
界面如下:
Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help
fs.pickle:/$
在fs.pickle内bin文件夹新增文件tess如下:
fs.pickle:/$ cd bin
fs.pickle:/bin$ touch tess 1245
Added '/bin/tess'
4、创建新fs文件
cd /opt/cowrie/bin/
./createfs
5、重启
/opt/cowrie/stop.sh
/opt/cowrie/start.sh
增加含参数操作
以建立ppp操作,功能与apt-get相同为例
1、 在cowrie/commands下建立新文件ppp.py,内容可暂时复制apt-get
cd /opt/cowrie/cowrie/commands
vi AAA.py
注:需要修改以下部分
类名:
class command_aptget(HoneyPotCommand):
↓
class command_ppp(HoneyPotCommand):
最后一行:
commands['/usr/bin/apt-get'] = command_aptget
↓ ↓
commands['/usr/bin/ppp'] = command_ppp
2、 写入cowrie可执行操作表
cd /opt/cowrie/cowrie/commands
vi busybox.py
在Currently defined functions内添加ppp,并保存,如下所示:
Currently defined functions:
[, [[, adjtimex, ar, arp, arping, ash, awk, basename, blockdev, brctl,
bunzip2, bzcat, bzip2, cal, cat, chgrp, chmod, chown, chroot, chvt,
clear, cmp, cp, cpio, cttyhack, cut, date, dc, dd, deallocvt, depmod,
df, diff, dirname, dmesg, dnsdomainname, dos2unix, du, dumpkmap,
dumpleases, echo, egrep, env, expand, expr, false, fgrep, find, fold,
free, freeramdisk, ftpget, ftpput, getopt, getty, grep, groups, gunzip,
gzip, halt, head, hexdump, hostid, hostname, httpd, hwclock, id,
ifconfig, init, insmod, ionice, ip, ipcalc, kill, killall, klogd, last,
less, ln, loadfont, loadkmap, logger, login, logname, logread, losetup,
ls, lsmod, lzcat, lzma, md5sum, mdev, microcom, mkdir, mkfifo, mknod,
mkswap, mktemp, modinfo, modprobe, more, mount, mt, mv, nameif, nc,
netstat, nslookup, od, openvt, patch, pidof, ping, ping6, pivot_root,
poweroff, printf, ps, pwd, rdate, readlink, realpath, reboot, renice,
reset, rev, rm, rmdir, rmmod, route, rpm, rpm2cpio, run-parts, sed, seq,
setkeycodes, setsid, sh, sha1sum, sha256sum, sha512sum, sleep, sort,
start-stop-daemon, stat, strings, stty, swapoff, swapon, switch_root,
sync, sysctl, syslogd, tac, tail, tar, taskset, tee, telnet, test, tftp,
time, timeout, top, touch, tr, traceroute, traceroute6, true, tty,
udhcpc, udhcpd, umount, uname, uncompress, unexpand, uniq, unix2dos,
unlzma, unxz, unzip, uptime, usleep, uudecode, uuencode, vconfig, vi,
watch, watchdog, wc, wget, which, who, whoami, xargs, xz, xzcat, yes,
zcat, wtf, ppp
3、 在虚拟机系统内建立对应文件
cd /opt/cowrie/bin/
./fsctl /opt/cowrie/data/fs.pickle
界面如下:
Kippo/Cowrie file system interactive editor
Donovan Hubbard, Douglas Hubbard, March 2013
Type 'help' for help
fs.pickle:/$
在fs.pickle内bin文件夹新增文件ppp如下:
fs.pickle:/$ cd /usr/bin
fs.pickle:/bin$ touch ppp 1111
Added '/usr/bin/ppp'
4、创建新fs文件
cd /opt/cowrie/bin/
./createfs
5、重启
/opt/cowrie/stop.sh
/opt/cowrie/start.sh