Unhandled Error from gweerwe323f Bot #220
Comments
|
same issue on my honeypot |
|
I also noticed that bot from the same IP address on my honeypot. Looks like that host is infected for quite some time now: https://amihacked.turris.cz/?address=195.22.127.83 Has anybody contacted the ISP (who else can I?) about this? |
|
I have the same issue on my kippo. |
|
I came here by googling for gweerwe323f after reading https://medium.com/@dmrickert/what-ssh-hacking-attempts-look-like-8f698e70a4f5 Is this an evolution on the bot to try break kippo when it runs into it? I mean, intentionally? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey guys, got an unhandled exception in the context.py on line 118. It looks like it had something to do with the core/protocol.py", line 206, in handle_RETURN. I'm not 100% sure why it threw the error message I'm guessing there just needs to be a len check for the object before it executes.
I'm Running Ubuntu Server 14.04
I also found a similar issue in a spinoff of Kippo, and thought this might be helpful cowrie/cowrie#422. I
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: rm -f //.nippon
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] CMD:
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] CMD: echo -e '\x47\x72\x6f\x70/lib/init/rw' > /lib/init/rw/.nippon; cat /lib/init/rw/.nippon; rm -f /lib/init/rw/.nippon
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: echo -e '\x47\x72\x6f\x70/lib/init/rw' > /lib/init/rw/.nippon
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Command found: cat /lib/init/rw/.nippon
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] Unhandled Error
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/service.py", line 44, in packetReceived
return f(packet)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/connection.py", line 242, in ssh_CHANNEL_DATA
log.callWithLogger(channel, channel.dataReceived, data)
--- ---
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 88, in callWithLogger
return callWithContext({"system": lp}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/log.py", line 73, in callWithContext
return context.call({ILogContext: newCtx}, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 118, in callWithContext
return self.currentContext().callWithContext(ctx, func, *args, **kw)
File "/usr/lib/python2.7/dist-packages/twisted/python/context.py", line 81, in callWithContext
return func(*args,**kw)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 107, in dataReceived
self.client.transport.write(data)
File "/usr/lib/python2.7/dist-packages/twisted/conch/ssh/session.py", line 158, in write
self.proto.dataReceived(data)
File "/usr/lib/python2.7/dist-packages/twisted/conch/insults/insults.py", line 431, in dataReceived
self.terminalProtocol.keystrokeReceived(ch, None)
File "/opt/kippo/kippo/core/protocol.py", line 189, in keystrokeReceived
recvline.HistoricRecvLine.keystrokeReceived(self, keyID, modifier)
File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 199, in keystrokeReceived
m()
File "/opt/kippo/kippo/core/protocol.py", line 206, in handle_RETURN
return recvline.RecvLine.handle_RETURN(self)
File "/usr/lib/python2.7/dist-packages/twisted/conch/recvline.py", line 257, in handle_RETURN
self.lineReceived(line)
File "/opt/kippo/kippo/core/protocol.py", line 108, in lineReceived
self.cmdstack[-1].lineReceived(line)
File "/opt/kippo/kippo/core/honeypot.py", line 68, in lineReceived
self.runCommand()
File "/opt/kippo/kippo/core/honeypot.py", line 125, in runCommand
self.honeypot.call_command(cmdclass, *rargs)
File "/opt/kippo/kippo/core/protocol.py", line 182, in call_command
HoneyPotBaseProtocol.call_command(self, cmd, *args)
File "/opt/kippo/kippo/core/protocol.py", line 117, in call_command
obj.start()
File "/opt/kippo/kippo/core/honeypot.py", line 27, in start
self.exit()
File "/opt/kippo/kippo/core/honeypot.py", line 34, in exit
self.honeypot.cmdstack[-1].resume()
File "/opt/kippo/kippo/core/honeypot.py", line 136, in resume
self.runCommand()
File "/opt/kippo/kippo/core/honeypot.py", line 125, in runCommand
self.honeypot.call_command(cmdclass, *rargs)
File "/opt/kippo/kippo/core/protocol.py", line 182, in call_command
HoneyPotBaseProtocol.call_command(self, cmd, *args)
File "/opt/kippo/kippo/core/protocol.py", line 117, in call_command
obj.start()
File "/opt/kippo/kippo/core/honeypot.py", line 26, in start
self.call()
File "/opt/kippo/kippo/commands/fs.py", line 16, in call
if self.fs.is_dir(path):
File "/opt/kippo/kippo/core/fs.py", line 172, in is_dir
dir = self.get_path(os.path.dirname(path))
File "/opt/kippo/kippo/core/fs.py", line 87, in get_path
p = [x for x in p[A_CONTENTS] if x[A_NAME] == i][0]
exceptions.IndexError: list index out of range
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] INPUT: echo -e '\x47\x72\x6f\x70/proc' > /proc/.nippon; cat /proc/.nippon; rm -f /proc/.nippon
2017-03-03 19:35:27-0800 [SSHChannel session (0) on SSHService ssh-connection on HoneyPotTransport,1,195.22.127.83] INPUT:
The text was updated successfully, but these errors were encountered: