From 749df4181a6fc348b5eb53b1b042ebb7c41a6df1 Mon Sep 17 00:00:00 2001 From: kev Date: Sun, 5 Nov 2017 21:06:52 +0800 Subject: [PATCH] update cowrie --- cowrie/Dockerfile | 16 ++++++++-------- cowrie/README.md | 8 +++++--- cowrie/docker-compose.yml | 1 + 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/cowrie/Dockerfile b/cowrie/Dockerfile index c1a5851..a66f32e 100644 --- a/cowrie/Dockerfile +++ b/cowrie/Dockerfile @@ -5,7 +5,9 @@ FROM alpine MAINTAINER kev -RUN apk add -U build-base \ +RUN apk add -U bash \ + build-base \ + ca-certificates \ libffi \ libffi-dev \ openssl \ @@ -14,14 +16,12 @@ RUN apk add -U build-base \ python-dev \ tar \ && wget -qO- https://bootstrap.pypa.io/get-pip.py | python \ - && pip install pyasn1 \ - pyOpenSSL \ - service_identity \ - twisted \ && adduser -D cowrie \ && cd /home/cowrie \ && wget -qO- https://github.com/micheloosterhof/cowrie/archive/master.tar.gz | tar xz --strip 1 \ - && mv cowrie.cfg.dist cowrie.cfg \ + && pip install -r requirements.txt \ + && sed '/Enable Telnet/{n;s/\(enabled\).*/\1 = true/}' cowrie.cfg.dist > cowrie.cfg \ + && sed -i 's/^\(VIRTUALENV_ENABLED\).*/\1=no/' bin/cowrie \ && chown -R cowrie:cowrie . \ && apk del build-base \ libffi-dev \ @@ -30,9 +30,9 @@ RUN apk add -U build-base \ tar \ && rm -rf /var/cache/apk/* -EXPOSE 2222 +EXPOSE 2222 2223 USER cowrie WORKDIR /home/cowrie -CMD ["twistd", "-n", "-l", "log/cowrie.log", "cowrie"] +CMD ["bin/cowrie", "start", "-n"] diff --git a/cowrie/README.md b/cowrie/README.md index 2a8c315..5780b2d 100644 --- a/cowrie/README.md +++ b/cowrie/README.md @@ -10,11 +10,12 @@ and, most importantly, the entire shell interaction performed by the attacker. ## docker-compose.yml -``` +```yaml cowrie: image: vimagick/cowrie ports: - "2222:2222" + - "2223:2223" volumes: - ./dl:/home/cowrie/dl - ./log:/home/cowrie/log @@ -23,7 +24,7 @@ cowrie: ## server -``` +```bash $ cd ~/fig/cowrie $ mkdir -p dl log/tty $ chmod -R 777 dl log @@ -39,8 +40,9 @@ $ tail -f log/cowrie.log ## client -``` +```bash $ ssh -p 2222 root@server +$ telnet server 2223 ``` > You can login as `root` with any password except `root` or `123456`. diff --git a/cowrie/docker-compose.yml b/cowrie/docker-compose.yml index d621dec..80be516 100644 --- a/cowrie/docker-compose.yml +++ b/cowrie/docker-compose.yml @@ -2,6 +2,7 @@ cowrie: image: vimagick/cowrie ports: - "2222:2222" + - "2223:2223" volumes: - ./dl:/home/cowrie/dl - ./log:/home/cowrie/log