Comments (4)
micheloosterhof
commented on May 28, 2024
hi! check the container logs. user docker log .... to see.
Also, please copy and paste text rather than pasting images.
from cowrie.
true-zk
commented on May 28, 2024
oh. ok, I try to put a file again, and copy the docker logs here. But I can not find abnormal things. it logs "SFTP openFile: b'/root/mirai.bot'", and seems nothing wrong.
2024-02-07T02:05:14+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha1
2024-02-07T02:05:14+0000 [cowrie.ssh.factory.CowrieSSHFactory] No moduli, no diffie-hellman-group-exchange-sha256
2024-02-07T02:05:14+0000 [cowrie.ssh.factory.CowrieSSHFactory] New connection: 192.168.1.5:57540 (172.17.0.2:2222) [session: ea272156b0de]
2024-02-07T02:05:15+0000 [HoneyPotSSHTransport,15,192.168.1.5] Remote SSH version: SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u1
2024-02-07T02:05:15+0000 [HoneyPotSSHTransport,15,192.168.1.5] SSH client hassh fingerprint: 78c05d999799066a2b4554ce7b1585a6
2024-02-07T02:05:15+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] kex alg=b'curve25519-sha256' key alg=b'ssh-ed25519'
2024-02-07T02:05:15+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] outgoing: b'aes128-ctr' b'hmac-sha2-256' b'none'
2024-02-07T02:05:15+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] incoming: b'aes128-ctr' b'hmac-sha2-256' b'none'
2024-02-07T02:05:15+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] NEW KEYS
2024-02-07T02:05:15+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] starting service b'ssh-userauth'
2024-02-07T02:05:15+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'none'
2024-02-07T02:05:18+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' trying auth b'password'
2024-02-07T02:05:18+0000 [HoneyPotSSHTransport,15,192.168.1.5] Could not read etc/userdb.txt, default database activated
2024-02-07T02:05:18+0000 [HoneyPotSSHTransport,15,192.168.1.5] login attempt [b'root'/b'123'] succeeded
2024-02-07T02:05:18+0000 [HoneyPotSSHTransport,15,192.168.1.5] Initialized emulated server as architecture: linux-x64-lsb
2024-02-07T02:05:18+0000 [cowrie.ssh.userauth.HoneyPotSSHUserAuthServer#debug] b'root' authenticated with b'password'
2024-02-07T02:05:18+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#debug] starting service b'ssh-connection'
2024-02-07T02:05:18+0000 [cowrie.ssh.connection.CowrieSSHConnection#debug] got channel b'session' request
2024-02-07T02:05:18+0000 [cowrie.ssh.session.HoneyPotSSHSession#info] channel open
2024-02-07T02:05:18+0000 [cowrie.ssh.connection.CowrieSSHConnection#debug] got global b'[email protected]' request
2024-02-07T02:05:18+0000 [SSHChannel session (0) on SSHService b'ssh-connection' on HoneyPotSSHTransport,15,192.168.1.5] request_env: LANG=en_GB.UTF-8
2024-02-07T02:05:18+0000 [twisted.conch.ssh.session#info] Asking for subsystem "b'sftp'"
2024-02-07T02:05:18+0000 [cowrie.shell.avatar.CowrieUser#debug] Subsystem lookup: {b'sftp': <class 'twisted.conch.ssh.filetransfer.FileTransferServer'>}
2024-02-07T02:05:19+0000 [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: INIT requestId=3
2024-02-07T02:05:19+0000 [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: REALPATH requestId=1
2024-02-07T02:05:27+0000 [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: OPEN requestId=2
2024-02-07T02:05:27+0000 [HoneyPotSSHTransport,15,192.168.1.5] **SFTP openFile: b'/root/mirai.bot'**
2024-02-07T02:06:09+0000 [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: OPEN requestId=3
2024-02-07T02:06:09+0000 [HoneyPotSSHTransport,15,192.168.1.5] SFTP openFile: b'/root/mirai.bot'
2024-02-07T02:06:13+0000 [cowrie.ssh.connection.CowrieSSHConnection#info] sending close 0
2024-02-07T02:06:13+0000 [cowrie.ssh.session.HoneyPotSSHSession#info] remote close
2024-02-07T02:06:13+0000 [HoneyPotSSHTransport,15,192.168.1.5] Got remote error, code 11 reason: b'disconnected by user'
2024-02-07T02:06:13+0000 [HoneyPotSSHTransport,15,192.168.1.5] avatar root logging out
2024-02-07T02:06:13+0000 [cowrie.ssh.transport.HoneyPotSSHTransport#info] connection lost
2024-02-07T02:06:13+0000 [HoneyPotSSHTransport,15,192.168.1.5] Connection lost after 58 seconds
from cowrie.
micheloosterhof
commented on May 28, 2024
somethign is wrong. I would expect
2024-02-07T14:08:19.795997Z [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: WRITE requestId=4
2024-02-07T14:08:19.797623Z [twisted.conch.ssh.filetransfer.FileTransferServer#info] dispatching: CLOSE requestId=3
after the OpenFile
from cowrie.
true-zk
commented on May 28, 2024
hi, it is the Spring Festival recently. So I did not reply in time.
I setup Cowrie without docker, and it works. I mean I can upload files now.
So I guess the docker edition of Cowrie has some problems.
Anyway, my Cowrie works now. And, thanks! :p
from cowrie.
Related Issues (20)
- Let's add fuzz testing! HOT 8
- how to add a new file in honeyfs, why I cant find it in fs.pickle
- Add uname HOT 1
- There is a docker specific documentation? HOT 1
- Failed to load output engine: abuseipdb on cowrie-docker. HOT 1
- `ls 2>/dev/null` cause file download HOT 5
- Capture file contents of failed redirects HOT 1
- Failed to load output engine: hpfeeds3 HOT 2
- Issues with libvirt and nftables
- Docker deployment does not break if output plugin is broken HOT 1
- Oracle Cloud custom log output plugin HOT 1
- Run proxy mode + pool in Docker HOT 2
- Error in pool while requesting guest. Losing connection HOT 1
- exceptions.ImportError: No module named cowrie HOT 2
- No module named cowrie, error while playing log from tty HOT 2
- sftp mkdir ./test fails HOT 1
- honeydet detects cowrie HOT 3
- how to see log on cowrie docker. HOT 3
- Issues logging in with Warp as the client. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cowrie.