From 9f932f5b64d450d738286a416e7d7654ad9bb74f Mon Sep 17 00:00:00 2001
From: g0tmi1k <have.you.g0tmi1k@gmail.com>
Date: Tue, 3 Jun 2014 17:26:36 +0100
Subject: [PATCH] Basic pipe support ('>', '<' and '|'). This isn't idiot
 proof. Its not perfect... ...However, its the start of something!

---
 kippo/core/honeypot.py | 47 ++++++++++++++++++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/kippo/core/honeypot.py b/kippo/core/honeypot.py
index c4f75af..a370fdf 100644
--- a/kippo/core/honeypot.py
+++ b/kippo/core/honeypot.py
@@ -113,6 +113,45 @@ def runOrPrompt():
             runOrPrompt()
             return
 
+        if len(args) > 0 and ('<' == args[-1] or '>' == args[-1] or '|' == args[-1]):
+            print 'The attacker failed to a pipe command.'
+            self.honeypot.logDispatch('The attacker failed to a pipe command.')
+
+            if '<' == args[-1] or '>' == args[-1]:
+                self.honeypot.writeln('bash: syntax error near unexpected token `newline\'')
+            elif '|' == args[-1]:
+                self.honeypot.writeln('bash: syntax error: unexpected end of file')
+            self.cmdpending = []
+            self.showPrompt()
+            return
+
+        i = 0
+        for arg in args:
+            i += 1
+            if '<' == arg[-1:] or '>' == arg[-1:] or '|' == arg[-1:]:
+                print 'The attacker is trying to a pipe command.'
+                self.honeypot.logDispatch('The attacker is trying to a pipe command.')
+
+                if '<' == arg[-1:]:
+                    #path = args[i]
+                    #if self.fs.exists(path):
+                    #    continue
+                    #else:
+                    #    self.writeln('bash: no such file or directory: %s' % (path,))
+                    self.honeypot.writeln('')
+                    self.cmdpending = []
+                    self.showPrompt()
+                    return
+                elif '>' == arg[-1:]:
+                    self.cmdpending = []
+                    self.showPrompt()
+                    return
+                elif '|' == arg[-1:]:
+                    cmd = args[i]
+                    args = args[i+1:]
+                    print 'NEW CMD: %s' % cmd
+                    print 'NEW ARGS: %s' % args
+
         rargs = []
         for arg in args:
             matches = self.honeypot.fs.resolve_path_wc(arg, self.honeypot.cwd)
@@ -137,11 +176,11 @@ def resume(self):
         self.runCommand()
 
     def showPrompt(self):
-        # Example: svr03:~#
+        # Example: nas3:~#
         #prompt = '%s:%%(path)s' % self.honeypot.hostname
-        # Example: root@svr03:~#     (More of a "Debianu" feel)
+        # Example: root@nas3:~#     (More of a "Debianu" feel)
         prompt = '%s@%s:%%(path)s' % (self.honeypot.user.username, self.honeypot.hostname,)
-        # Example: [root@svr03 ~]#   (More of a "CentOS" feel)
+        # Example: [root@nas3 ~]#   (More of a "CentOS" feel)
         #prompt = '[%s@%s %%(path)s]' % (self.honeypot.user.username, self.honeypot.hostname,)
         if not self.honeypot.user.uid:
             prompt += '# '    # "Root" user
@@ -156,7 +195,7 @@ def showPrompt(self):
                 path[:(homelen+1)] == self.honeypot.user.home + '/':
             path = '~' + path[homelen:]
         # Uncomment the three lines below for a 'better' CenOS look.
-        # Rather than '[root@svr03 /var/log]#' is shows '[root@svr03 log]#'.
+        # Rather than '[root@nas3 /var/log]#' is shows '[root@nas3 log]#'.
         #path = path.rsplit('/', 1)[-1]
         #if not path:
         #    path = '/'