From f85fa8c503f5f30fabbd79fe66b75b42a406e6b1 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Mon, 2 Jun 2014 16:38:00 +0100 Subject: [PATCH] Attempt to guess attacker's hostname for exit_jail Credit: https://bitbucket.org/reuteras/kippo/ ...Could extend this by putting it into the config file too --- kippo/commands/base.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/kippo/commands/base.py b/kippo/commands/base.py index 4aefd43..b7d6cc1 100644 --- a/kippo/commands/base.py +++ b/kippo/commands/base.py @@ -7,6 +7,7 @@ from kippo.core.config import config from kippo.core.userdb import UserDB from kippo.core import utils +import re, socket commands = {} @@ -60,6 +61,11 @@ def call(self): self.honeypot.terminal.reset() self.writeln('Connection to server closed.') self.honeypot.hostname = 'localhost' + name, alias, addresslist = socket.gethostbyaddr(self.honeypot.clientIP) + name = name.split('.')[0] + r = re.compile('^[-a-zA-Z0-9]+$') + if r.match(name): + self.honeypot.hostname = name self.honeypot.cwd = '/root' if not self.fs.exists(self.honeypot.cwd): self.honeypot.cwd = '/' @@ -234,6 +240,11 @@ def start(self): def finish(self): self.writeln('Connection to server closed.') self.honeypot.hostname = 'localhost' + name, alias, addresslist = socket.gethostbyaddr(self.honeypot.clientIP) + name = name.split('.')[0] + r = re.compile('^[-a-zA-Z0-9]+$') + if r.match(name): + self.honeypot.hostname = name self.honeypot.cwd = '/root' if not self.fs.exists(self.honeypot.cwd): self.honeypot.cwd = '/' @@ -253,6 +264,11 @@ def start(self): def finish(self): self.writeln('Connection to server closed.') self.honeypot.hostname = 'localhost' + name, alias, addresslist = socket.gethostbyaddr(self.honeypot.clientIP) + name = name.split('.')[0] + r = re.compile('^[-a-zA-Z0-9]+$') + if r.match(name): + self.honeypot.hostname = name self.honeypot.cwd = '/root' if not self.fs.exists(self.honeypot.cwd): self.honeypot.cwd = '/'