#!/usr/bin/python2 import os import sys import time import random import signal '''SSH honeypot login shell.''' signal.signal(signal.SIGTSTP, signal.SIG_IGN) os.system('mesg n 2> /dev/null') filename = time.strftime('/var/log/dipshits/%Y-%m-%d_%H:%M:%S') username = os.getenv('USER') sys.stderr.write(''' ******************** * * * ACCESS GRANTED * * * ******************** ''') oldprompt, prompt = 'Fuck you>', '[{}@oskog97 ~]# '.format(username) os.system('echo User: {} > {}'.format(username, filename)) os.system( 'echo Host: $(echo $SSH_CLIENT | cut -d " " -f 1) >> {}'.format( filename ) ) incident_log = open(filename, 'a') incident_log.write('Time: {}\n'.format( time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime()) )) commandmode = False if len(sys.argv) == 3: if sys.argv[1] == '-c': commandmode = True if commandmode: incident_log.write('Command: {}\n'.format(repr(sys.argv[2]))) else: if len(sys.argv) != 1: for index, arg in enumerate(sys.argv): incident_log.write('sys.argv[{}] = {}\n'.format(index, repr(arg))) incident_log.write('Script:\n') try: while True: try: sys.stderr.write(prompt) sys.stderr.flush() line = sys.stdin.readline() if not line: break except KeyboardInterrupt: sys.stderr.write('\n') continue incident_log.write('{}: {}\n'.format( time.strftime('%Y-%m-%d %H:%M:%S UTC', time.gmtime()), repr(line.rstrip('\n')) )) incident_log.flush() # Inspect in real time. # Let's have some fun with the dipshit. # Cut off newline and truncate if NULs. line = line[:line.find('\0')] if line: if len(line) % 2: line = line[:-1] try: # What moron would ever use UTF-16? sys.stderr.write( 'bash: {}: command not found\n'.format( line.decode('utf-16-le').encode('utf-8') ) ) except: pass sys.stderr.write('\n') except: pass incident_log.write('%\n') incident_log.close() sys.stderr.write(''' This incident will be reported. Have a bad day, you deserve it. ''') os.system( 'mesg y 2> /dev/null; ' + 'for username in `who | cut -d" " -f1 | sort | uniq`; do ' + 'write $username < {} 2> /dev/null; '.format(filename) + 'done ' )