ghost
commented
10 years ago From gj12345636 on August 19, 2012 03:58:52
Oh : Revision 220 System: Gentoo python 2.7 twisted 11.0.0
Closed ghost closed 10 years ago
ghost
commented
10 years ago From gj12345636 on August 19, 2012 03:58:52
Oh : Revision 220 System: Gentoo python 2.7 twisted 11.0.0
ghost
commented
10 years ago ghost
commented
10 years ago From michel.oosterhof on November 20, 2012 02:38:54
I still see this behaviour in my kippo (svn 223) where it crashes. I can't trace it yet to a specific cause, but it does not seem related to the cwd, last time I got it with 'unset HISTFILE' and 'ping ;sh -c "iptables -t nat -vnL"', which were both executed by a honeypot visitor. (The last example even went wrong during the 'ping').
ghost
commented
10 years ago From michel.oosterhof on November 26, 2012 14:24:05
Here's some log examples:
2012-11-26 15:11:46+0100 [kippo.core.honeypot.HoneyPotSSHFactory] New connection: AAA.BBB.CCC.DD:4972 (XXX.YYY.ZZZ.QQ:2222) [session: 201]
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] Remote SSH version: SSH-2.0-paramiko_1.7.6
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] kex alg, key alg: diffie-hellman-group1-sha1 ssh-rsa
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] outgoing: aes128-ctr hmac-sha1 none
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] incoming: aes128-ctr hmac-sha1 none
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] NEW KEYS
2012-11-26 15:11:46+0100 [HoneyPotTransport,201,AAA.BBB.CCC.DD] starting service ssh-userauth
2012-11-26 15:11:46+0100 [SSHService ssh-userauth on HoneyPotTransport,AAA.BBB.CCC.DD] admin trying auth password
2012-11-26 15:11:46+0100 [SSHService ssh-userauth on HoneyPotTransport,AAA.BBB.CCC.DD] login attempt [admin/admin] succeeded
2012-11-26 15:11:46+0100 [SSHService ssh-userauth on HoneyPotTransport,AAA.BBB.CCC.DD] admin authenticated with password
2012-11-26 15:11:46+0100 [SSHService ssh-userauth on HoneyPotTransport,AAA.BBB.CCC.DD] starting service ssh-connection
2012-11-26 15:11:46+0100 [SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] got channel session request
2012-11-26 15:11:46+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] channel open
2012-11-26 15:11:46+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] pty request: vt100 (24, 80, 0, 0)
2012-11-26 15:11:46+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] Terminal size: 24 80
2012-11-26 15:11:46+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] getting shell
2012-11-26 15:11:46+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] Opening TTY log: log/tty/20121126-151146-4296.log
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] /etc/motd resolved into /etc/motd
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] /var/run/motd resolved into /var/run/motd
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] CMD: unset HISTFILE
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, _args, _kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(_args,__kw)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/service.py", line 44, in packetReceived
return f(packet)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/connection.py", line 243, in ssh_CHANNEL_DATA
log.callWithLogger(channel, channel.dataReceived, data)
---
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] CMD: ping ;sh -c "iptables -t nat -vnL";
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] Command found: ping
2012-11-26 15:11:47+0100 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,AAA.BBB.CCC.DD] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, _args, _kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(_args,__kw)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/service.py", line 44, in packetReceived
return f(packet)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/connection.py", line 243, in ssh_CHANNEL_DATA
log.callWithLogger(channel, channel.dataReceived, data)
---
ghost
commented
10 years ago From michel.oosterhof on November 26, 2012 14:24:05
... 69, in callWithContext return context.call({ILogContext: newCtx}, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext return func(args,kw) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 107, in dataReceived self.client.transport.write(data) File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 158, in write self.proto.dataReceived(data) File "/usr/lib/python2.7/dist-packages/twisted/conch/insults/insults.py", line 431, in dataReceived self.terminalProtocol.keystrokeReceived(ch, None) File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 340, in keystrokeReceived recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier) File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 199, in keystrokeReceived m() File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 367, in handle_RETURN return recvline.RecvLine.handle_RETURN(self) File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 257, in handle_RETURN self.lineReceived(line) File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 333, in lineReceived self.cmdstack[-1].lineReceived(line) File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 73, in lineReceived self.runCommand() File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 126, in runCommand self.honeypot.call_command(cmdclass, rargs) File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 360, in call_command obj.start() File "/home/kippo/kippo-trunk/kippo/commands/ping.py", line 26, in start self.exit() File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 41, in exit self.honeypot.cmdstack[-1].resume() File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 136, in resume self.runCommand() File "/home/kippo/kippo-trunk/kippo/core/honeypot.py", line 117, in runCommand matches = self.honeypot.fs.resolve_path_wc(arg, self.honeypot.cwd) File "/home/kippo/kippo-trunk/kippo/core/fs.py", line 76, in resolve_path_wc foo(pieces, cwd) File "/home/kippo/kippo-trunk/kippo/core/fs.py", line 72, in foo names = [x[A_NAME] for x in self.get_path('/'.join(cwd))] File "/home/kippo/kippo-trunk/kippo/core/fs.py", line 84, in get_path p = [x for x in p[A_CONTENTS] if x[A_NAME] == i][0] exceptions.IndexError: list index out of range 2012-11-26 15:11:47+0100 [HoneyPotTransport,AAA.BBB.CCC.DD] connection lost
ghost
commented
10 years ago From michel.oosterhof on December 17, 2012 12:29:54
Confirmed, it is the current working directory. Honeypot visitor logged in with admin (homedir /home/admin, which did not exist), and that caused the problem.
ghost
commented
10 years ago From desaster on January 08, 2013 09:54:22
Added another fix in r226 Problem is, that when you create normal users, you should also create home directories for them in fs.pickle. Currently the tool (createfs.py) is very inconvinient for this, so I'll try and make a better tool in future.
Status: Fixed
From gj12345636 on August 19, 2012 13:57:00
What steps will reproduce the problem? 1. Start kipp with default Config File
this let kippo crash with an exception: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext return self.currentContext().callWithContext(ctx, func, _args, _kw) File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext return func(_args,__kw) File "/usr/lib/python2.7/site-packages/twisted/conch/ssh/service.py", line 44, in packetReceived return f(packet) File "/usr/lib/python2.7/site-packages/twisted/conch/ssh/connection.py", line 243, in ssh_CHANNEL_DATA log.callWithLogger(channel, channel.dataReceived, data) --- ---
File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 84, in callWithLogger
return callWithContext({"system": lp}, func, args, _kw)
File "/usr/lib/python2.7/site-packages/twisted/python/log.py", line 69, in callWithContext
return context.call({ILogContext: newCtx}, func, _args, _kw)
File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, _args, _kw)
File "/usr/lib/python2.7/site-packages/twisted/python/context.py", line 81, in callWithContext
return func(args,kw)
File "/usr/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 107, in dataReceived
self.client.transport.write(data)
File "/usr/lib/python2.7/site-packages/twisted/conch/ssh/session.py", line 158, in write
self.proto.dataReceived(data)
File "/usr/lib/python2.7/site-packages/twisted/conch/insults/insults.py", line 431, in dataReceived
self.terminalProtocol.keystrokeReceived(ch, None)
File "/opt/external_src/kippo/kippo/core/honeypot.py", line 340, in keystrokeReceived
recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier)
File "/usr/lib/python2.7/site-packages/twisted/conch/recvline.py", line 198, in keystrokeReceived
m()
File "/opt/external_src/kippo/kippo/core/honeypot.py", line 367, in handle_RETURN
return recvline.RecvLine.handle_RETURN(self)
File "/usr/lib/python2.7/site-packages/twisted/conch/recvline.py", line 256, in handle_RETURN
self.lineReceived(line)
File "/opt/external_src/kippo/kippo/core/honeypot.py", line 333, in lineReceived
self.cmdstack[-1].lineReceived(line)
File "/opt/external_src/kippo/kippo/core/honeypot.py", line 73, in lineReceived
self.runCommand()
File "/opt/external_src/kippo/kippo/core/honeypot.py", line 117, in runCommand
matches = self.honeypot.fs.resolve_path_wc(arg, self.honeypot.cwd)
File "/opt/external_src/kippo/kippo/core/fs.py", line 76, in resolve_path_wc
foo(pieces, cwd)
File "/opt/external_src/kippo/kippo/core/fs.py", line 72, in foo
names = [x[A_NAME] for x in self.get_path('/'.join(cwd))]
File "/opt/external_src/kippo/kippo/core/fs.py", line 84, in get_path
p = [x for x in p[A_CONTENTS] if x[A_NAME] == i][0]
exceptions.IndexError: list index out of range
Please wrote me, if you want all Logfiles.
Original issue: http://code.google.com/p/kippo/issues/detail?id=55