Unhandled Error from gweerwe323f Bot

[XxTheRockxX]

Hey guys, got an unhandled exception in the context.py on line 118. It looks like it had something to do with the core/protocol.py", line 206, in handle_RETURN. I'm not 100% sure why it threw the error message I'm guessing there just needs to be a len check for the object before it executes.

I'm Running Ubuntu Server 14.04

I also found a similar issue in a spinoff of Kippo, and thought this might be helpful https://github.com/micheloosterhof/cowrie/issues/422. I

2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: rm -f //.nippon 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] CMD: 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] CMD: echo -e '\x47\x72\x6f\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: echo -e '\x47\x72\x6f\x70/lib/init/rw' > /lib/init/rw/.nippon 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: cat /lib/init/rw/.nippon 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Unhandled Error Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(*args,*kw) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/service.py", line 44, in packetReceived return f(packet) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/connection.py", line 242, in ssh_CHANNEL_DATA log.callWithLogger(channel, channel.dataReceived, data) --- --- File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 88, in callWithLogger return callWithContext({"system": lp}, func, args, kw) File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext return context.call({ILogContext: newCtx}, func, *args, kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, *args, *kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(args,kw) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 107, in dataReceived self.client.transport.write(data) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 158, in write self.proto.dataReceived(data) File "/usr/lib/python2.7/dist-packages/twisted/conch/insults/insults.py", line 431, in dataReceived self.terminalProtocol.keystrokeReceived(ch, None) File "/opt/kippo/kippo/core/protocol.py", line 189, in keystrokeReceived recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier) File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 199, in keystrokeReceived m() File "/opt/kippo/kippo/core/protocol.py", line 206, in handle_RETURN return recvline.RecvLine.handle_RETURN(self) File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 257, in handle_RETURN self.lineReceived(line) File "/opt/kippo/kippo/core/protocol.py", line 108, in lineReceived self.cmdstack[-1].lineReceived(line) File "/opt/kippo/kippo/core/honeypot.py", line 68, in lineReceived self.runCommand() File "/opt/kippo/kippo/core/honeypot.py", line 125, in runCommand self.honeypot.call_command(cmdclass, rargs) File "/opt/kippo/kippo/core/protocol.py", line 182, in call_command HoneyPotBaseProtocol.call_command(self, cmd, args) File "/opt/kippo/kippo/core/protocol.py", line 117, in call_command obj.start() File "/opt/kippo/kippo/core/honeypot.py", line 27, in start self.exit() File "/opt/kippo/kippo/core/honeypot.py", line 34, in exit self.honeypot.cmdstack[-1].resume() File "/opt/kippo/kippo/core/honeypot.py", line 136, in resume self.runCommand() File "/opt/kippo/kippo/core/honeypot.py", line 125, in runCommand self.honeypot.call_command(cmdclass, rargs) File "/opt/kippo/kippo/core/protocol.py", line 182, in call_command HoneyPotBaseProtocol.call_command(self, cmd, args) File "/opt/kippo/kippo/core/protocol.py", line 117, in call_command obj.start() File "/opt/kippo/kippo/core/honeypot.py", line 26, in start self.call() File "/opt/kippo/kippo/commands/fs.py", line 16, in call if self.fs.is_dir(path): File "/opt/kippo/kippo/core/fs.py", line 172, in is_dir dir = self.get_path(os.path.dirname(path)) File "/opt/kippo/kippo/core/fs.py", line 87, in get_path p = [x for x in p[A_CONTENTS] if x[A_NAME] == i][0] exceptions.IndexError: list index out of range

2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] INPUT: echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon 2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] INPUT:

[kapiorr]

same issue on my honeypot

[mimi89999]

I also noticed that bot from the same IP address on my honeypot. Looks like that host is infected for quite some time now: https://amihacked.turris.cz/?address=195.22.127.83 Has anybody contacted the ISP (who else can I?) about this?

[gtbaby]

I have the same issue on my kippo.

[ghost]

I came here by googling for gweerwe323f after reading https://medium.com/@dmrickert/what-ssh-hacking-attempts-look-like-8f698e70a4f5

Is this an evolution on the bot to try break kippo when it runs into it? I mean, intentionally?