前回記事の続き、今回はTinyTinyRSSのAPIを触ってみようと思います。
環境構築の方法は前回の記事をどーぞ!
APIがある
TinyTinyRSSではAPIが公開されています。
APIでRSS情報を収集してシステムと連携するなんて使い方もできそうですね。ちょっとAPIについても触ってみたいと思います。
APIの有効化
TinyTinyRSSはそのままではAPIを使用することができないので、APIの有効化を行う必要があります。右上のハンバーガーメニューから設定を選択します。
設定タブの全体の中に[APIを有効にする]があります。初期状態はチェックされていない状態なので、チェックを入れます。
設定を保存すればAPIが使用できるようになります。
ログイン
TinyTinyRSSにログインします。ログインAPIにはuser
とpassword
をリクエストします。レスポンスでsession_id
を取得することができます。
- request
$ curl -d '{"op":"login", "user":"admin", "password":"password"}' http://localhost:8280/tt-rss/api/
- response
{"seq":0, "status":0, "content": {"session_id":"7cugckd3jophsejqiti152js6i", "api_level":14} }
feedを取得する
購読feedの一覧を取得します。"sid"
はログイン時に取得したsession_idを入力します。
- request
$ curl -d '{"sid":"7cugckd3jophsejqiti152js6i", "op":"getFeeds"}' http://localhost:8280/tt-rss/api/
- response
{ "seq": 0, "status": 0, "content": [ { "feed_url": "https://www.tsubock-lab.xyz/rss", "title": "TSUBOCK★LABO-ツボックラボ-", "id": 2, "unread": 28, "has_icon": true, "cat_id": 0, "last_updated": 1594999471, "order_id": 0 }, { "feed_url": "https://tt-rss.org/forum/rss.php", "title": "Tiny Tiny RSS: Forum", "id": 1, "unread": 0, "has_icon": true, "cat_id": 0, "last_updated": 1594999836, "order_id": 0 } ] }
未読件数を取得する
未読件数を取得します。
- request
$ curl -d '{"sid":"7cugckd3jophsejqiti152js6i", "op":"getUnread"}' http://localhost:8280/tt-rss/api/
- response
{ "seq": 0, "status": 0, "content": { "unread": 28 } }
"unread"件数については購読Feed一覧でも取得できるので、そちらを使った方が楽かも??
見出しを取得する
購読Feedに対しての見出し一覧を取得します。引数は公式を確認すると色々ありますが、とりあえず簡単なところで"feed_id"
を指定してみます。先ほどgetFeeds
で取得した購読Feed一覧の中からツボックラボの見出しを取得してみたいと思います。全ての記事を取得するとレスポンスが見ずらいので、とりあえずlimit
パラメータで3件を指定して取得してみます。
- request
$ curl -d '{"sid":"7cugckd3jophsejqiti152js6i", "op":"getHeadlines", "feed_id":2, "limit": 3}' http://localhost:8280/tt-rss/api/
- response
{ "seq": 0, "status": 0, "content": [ { "id": 37, "guid": "{\"ver\":2,\"uid\":1,\"hash\":\"SHA1:007c305d328340a5da6bf782c05e29bf499bc122\"}", "unread": true, "marked": false, "published": false, "updated": 1594563364, "is_updated": false, "title": "PlantUMLでシーケンス図を描いてみる", "link": "https://www.tsubock-lab.xyz/entry/2020/07/12/231604?utm_source=feed", "feed_id": 2, "tags": [ "plantuml" ], "labels": [], "feed_title": "TSUBOCK★LABO-ツボックラボ-", "comments_count": 0, "comments_link": "", "always_display_attachments": false, "author": "", "score": 0, "note": null, "lang": "", "content": "", "flavor_image": "https://cdn-ak.f.st-hatena.com/images/fotolife/p/panda-loves-smile/20200712/20200712231427.png", "flavor_stream": "" }, { "id": 38, "guid": "{\"ver\":2,\"uid\":1,\"hash\":\"SHA1:7d392d739eaec739f22cd2d396c91b58c8bc9732\"}", "unread": true, "marked": false, "published": false, "updated": 1594388340, "is_updated": false, "title": "OSSハニーポット「Cowrie」を触ってみた", "link": "https://www.tsubock-lab.xyz/entry/2020/07/10/223900?utm_source=feed", "feed_id": 2, "tags": [ "" ], "labels": [], "feed_title": "TSUBOCK★LABO-ツボックラボ-", "comments_count": 0, "comments_link": "", "always_display_attachments": false, "author": "", "score": 0, "note": null, "lang": "", "content": "", "flavor_image": "https://cdn.user.blog.st-hatena.com/default_entry_og_image/126415417/1592406732551062", "flavor_stream": "" }, { "id": 39, "guid": "{\"ver\":2,\"uid\":1,\"hash\":\"SHA1:c48e49ebedf0464716627cf6d0c38b6c414e4b7f\"}", "unread": true, "marked": false, "published": false, "updated": 1593960548, "is_updated": false, "title": "二要素認証のワンタイムパスワードをPythonで自動生成処理してみる", "link": "https://www.tsubock-lab.xyz/entry/2020/07/05/234908?utm_source=feed", "feed_id": 2, "tags": [ "" ], "labels": [], "feed_title": "TSUBOCK★LABO-ツボックラボ-", "comments_count": 0, "comments_link": "", "always_display_attachments": false, "author": "", "score": 0, "note": null, "lang": "", "content": "", "flavor_image": "https://cdn.user.blog.st-hatena.com/default_entry_og_image/126415417/1592406732551062", "flavor_stream": "" } ] }
最新から降順で3件取得できました。取得したレスポンスの"content":
の中の"id"
が記事のIDになります。次は記事を取得してみましょう。
更新記事を取得する
getHeadline
で取得した"id"
一覧から特定の記事のみを取得します。今回は先ほど取得した3件のうち、2件目のものを取得してみます。
- request
$ curl -d '{"sid":"7cugckd3jophsejqiti152js6i", "op":"getArticle", "article_id": 38}' http://localhost:8280/tt-rss/api/
- response
{ "seq": 0, "status": 0, "content": [ { "id": 38, "guid": "{\"ver\":2,\"uid\":1,\"hash\":\"SHA1:7d392d739eaec739f22cd2d396c91b58c8bc9732\"}", "title": "OSSハニーポット「Cowrie」を触ってみた", "link": "https://www.tsubock-lab.xyz/entry/2020/07/10/223900?utm_source=feed", "labels": [], "unread": true, "marked": false, "published": false, "comments": "", "author": "", "updated": 1594388340, "feed_id": 2, "attachments": [ { "id": 2, "0": 2, "content_url": "https://cdn.user.blog.st-hatena.com/default_entry_og_image/126415417/1592406732551062", "1": "https://cdn.user.blog.st-hatena.com/default_entry_og_image/126415417/1592406732551062", "content_type": "image/png", "2": "image/png", "title": "", "3": "", "duration": "0", "4": "0", "width": 0, "5": 0, "height": 0, "6": 0, "post_id": 38, "7": 38 } ], "score": 0, "feed_title": "TSUBOCK★LABO-ツボックラボ-", "note": null, "lang": "", "content": "<p>サイバーセキュリティの情報収集の一つで「ハニーポット」という技術があります。今回は業務中にハニーポットについて調べている中での覚書として本記事を残しておきます。</p>\n\n<h2>ハニーポットとは</h2>\n\n<p>ハニーポットは脆弱性のあるサービスを実際に、または疑似的に動かして不正アクセスを受け付けるためのシステムです。攻撃者は不正アクセスが成功すると、様々な手法で攻撃を試行してきます。ハニーポットは攻撃試行をログとして記録し、攻撃方法などを収集する目的で設置します。</p>\n\n<p>収集方法としては大きく分けて、</p>\n\n<ul>\n<li>実際に脆弱性のあるサービスを外部公開して攻撃を待ち受ける<strong>高対話型ハニーポット</strong></li>\n<li>脆弱性のあるサービスをエミュレートし、外部公開して攻撃を待ち受ける<strong>低対話型ハニーポット</strong></li>\n</ul>\n\n\n<p>があります。</p>\n\n<p><strong>高対話型ハニーポット</strong>では本物の脆弱性のあるサービスを公開することで、より詳細なログ情報を収集することができますが、同時に感染リスクも高いのが特徴です。</p>\n\n<p><strong>低対話型ハニーポット</strong>ではエミュレートされたサービスを公開するため、攻撃を受けてもエミュレートした範囲以上に攻撃を受けないため、高対話型ハニーポットに比べると安全に運用することができますが、エミュレートした範囲でしかログ情報の収集を行うことができないため、情報量が少なくなってしまいます。</p>\n\n<p>今回は収集できる情報は少ないけど、比較的安全に運用することができる低対話型ハニーポットのうちSSH/Telnet特化のハニーポットであるCowrieについて触っていきたいと思います。</p>\n\n<h2>Cowrieとは</h2>\n\n<p>CowrieはSSH/Telnetに特化したOSSのハニーポットクライアント。SSH(Port22)とTelnet(23)のサービスを疑似的に立ち上げて、アクセスしてきた人の動作をログとして収集するプログラムです。これにより、攻撃者がSSHで接続試行するときのアカウント情報やログイン後に実行するコマンドを収集することができます。</p>\n\n<p>インストールして動かすこともできますが、Dockerコンテナが公開されているので、実際に立ち上げて触ってみたいと思います。</p>\n\n<h2>事前準備</h2>\n\n<p>Dockerコンテナで起動するため、事前にDockerのインストールをしておいてください。</p>\n\n<p>Dockerのインストール方法は下記の記事を参考にどうぞ。</p>\n\n<h2>インストール</h2>\n\n<p>公開されているDockerコンテナのリポジトリを指定して<code>docker pull</code>を行います。</p>\n\n<pre>$ docker pull cowrie/cowrie\n</pre>\n\n\n<p>これで動かす準備は完了です。</p>\n\n<h2>起動してみる</h2>\n\n<p>実際にCowrieのコンテナを起動してみたいと思います。</p>\n\n<p>下記コマンドを実行してください。</p>\n\n<pre>$ docker run <span>-p</span> 2222:2222/tcp cowrie/cowrie\n</pre>\n\n\n<p>起動が完了すると下記のようなログが出力されます。</p>\n\n<pre>Join the Cowrie community at: https://www.cowrie.org/slack/\n\nUsing default Python virtual environment <span>\"</span><span>/cowrie/cowrie-env</span><span>\"</span>\nversion check\nStarting cowrie: <span>[</span>twistd --umask<span>=</span><span>0022</span> --pidfile<span>=</span> <span>-l</span> - cowrie <span>-n]</span>...\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Python Version <span>3</span>.<span>7</span>.<span>3</span> <span>(</span><span>default, Dec </span><span>20</span><span> </span><span>2019</span><span>, 18:57:59</span><span>)</span> <span>[</span>GCC <span>8</span>.<span>3</span>.<span>0</span><span>]</span>\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Twisted Version <span>20</span>.<span>3</span>.<span>0</span>\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Loaded output engine: jsonlog\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>twisted.scripts._twistd_unix.UnixAppLogger#info<span>]</span> twistd <span>20</span>.<span>3</span>.<span>0</span> <span>(</span><span>/cowrie/cowrie-env/bin/python3 </span><span>3</span><span>.</span><span>7</span><span>.</span><span>3</span><span>)</span> starting up.\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>twisted.scripts._twistd_unix.UnixAppLogger#info<span>]</span> reactor class: twisted.internet.epollreactor.EPollReactor.\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> CowrieSSHFactory starting on <span>2222</span>\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>cowrie.ssh.factory.CowrieSSHFactory#info<span>]</span> Starting factory <span><</span>cowrie.ssh.factory.CowrieSSHFactory object at 0x7fd16a5c7f9<span>8></span>\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Generating new RSA keypair...\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Generating new DSA keypair...\n2020-07-09T17:28:13+<span>0000</span> <span>[</span>-<span>]</span> Ready to accept SSH connections\n</pre>\n\n\n<p><code>Ready to accept SSH connections</code>と表示されたらCowrieが立ち上がった証拠です。</p>\n\n<h2>アクセスしてみる</h2>\n\n<p>それでは実際にCowrieにアクセスしてみましょう。dockerを立ち上げているコンソールとは別のコンソールを立ち上げてください。</p>\n\n<p>dockerコンテナにSSHでアクセスしてみます。docker起動の時にPort2222をポートフォワードするように起動しているので、Port2222に対してログインをしてみます。</p>\n\n<pre>$ ssh <span>-p</span> <span>2222</span> root@localhost\nroot@localhost<span>'</span><span>s password:</span>\n\n<span>The programs included with the Debian GNU/Linux system are free software;</span>\n<span>the exact distribution terms for each program are described in the</span>\n<span>individual files in /usr/share/doc/*/copyright.</span>\n\n<span>Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent</span>\n<span>permitted by applicable law.</span>\n<span>root@svr04:~#</span>\n</pre>\n\n\n<p>パスワードを求められるのですが、ここではアカウントと同じ文字列でなければ、どんなパスワードを入れてもログインが成功します。</p>\n\n<p>ログイン後、Cowrie側のログを見てみましょう。</p>\n\n<pre>2020-07-10T13:14:51+<span>0000</span> <span>[</span>cowrie.ssh.factory.CowrieSSHFactory<span>]</span> New connection: <span>172</span>.<span>17</span>.<span>0</span>.1:38570 <span>(</span><span>172</span><span>.</span><span>17</span><span>.</span><span>0</span><span>.2:2222</span><span>)</span> <span>[</span>session: 2780b89da733<span>]</span>\n2020-07-10T13:14:51+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>1</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Remote SSH version: b<span>'</span><span>SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3</span><span>'</span>\n</pre>\n\n\n<p>ログから確認できるのは、Remote SSHしてきたサーバのIP、SSHクライアントのバージョン、ログインしてきたサーバのカーネルバージョンが取得できます。</p>\n\n<p>RemoteSSHしてきたサーバが入力してきたログインアカウント/ログインパスワードも</p>\n\n<pre>2020-07-10T13:15:00+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>1</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> login attempt <span>[</span>b<span>'</span><span>root</span><span>'</span>/b<span>'</span><span>password</span><span>']</span> succeeded\n</pre>\n\n\n<p>上記の通り、丸わかりです。</p>\n\n<p>RemoteSSH側でログインして、<code>whoami</code>や<code>id</code>、<code>uname -a</code>などで情報を取得したり、netcatコマンドを実行してログアウトしてみます。</p>\n\n<p>RemoteSSH側のコンソールでは次のようになります。</p>\n\n<pre>$ ssh <span>-p</span> <span>2222</span> root@localhost\nroot@localhost<span>'</span><span>s password:</span>\n\n<span>The programs included with the Debian GNU/Linux system are free software;</span>\n<span>the exact distribution terms for each program are described in the</span>\n<span>individual files in /usr/share/doc/*/copyright.</span>\n\n<span>Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent</span>\n<span>permitted by applicable law.</span>\n<span>root@svr04:~# whoami</span>\n<span>root</span>\n<span>root@svr04:~# id</span>\n<span>uid=0(root) gid=0(root) groups=0(root)</span>\n<span>root@svr04:~# uname -a</span>\n<span>Linux svr04 3.2.0-4-amd64 #1 SMP Debian 3.2.68-1+deb7u1 x86_64 GNU/Linux</span>\n<span>root@svr04:~#</span>\n<span>root@svr04:~#</span>\n<span>root@svr04:~# nc</span>\n<span>This is nc from the netcat-openbsd package. An alternative nc is available</span>\n<span>in the netcat-traditional package.</span>\n<span>usage: nc [-46bCDdhjklnrStUuvZz] [-I length] [-i interval] [-O length]</span>\n<span> [-P proxy_username] [-p source_port] [-q seconds] [-s source]</span>\n<span> [-T toskeyword] [-V rtable] [-w timeout] [-X proxy_protocol]</span>\n<span> [-x proxy_address[:port]] [destination] [port]</span>\n<span>root@svr04:~#</span>\n<span>root@svr04:~#</span>\n<span>root@svr04:~# exit</span>\n<span>Connection to localhost closed.</span>\n</pre>\n\n\n<p>Cowrie側では次のようになります。</p>\n\n<pre>2020-07-10T13:25:48+<span>0000</span> <span>[</span>cowrie.ssh.factory.CowrieSSHFactory<span>]</span> No moduli, no diffie-hellman-group-exchange-sha1\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>cowrie.ssh.factory.CowrieSSHFactory<span>]</span> No moduli, no diffie-hellman-group-exchange-sha256\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>cowrie.ssh.factory.CowrieSSHFactory<span>]</span> New connection: <span>172</span>.<span>17</span>.<span>0</span>.1:38578 <span>(</span><span>172</span><span>.</span><span>17</span><span>.</span><span>0</span><span>.2:2222</span><span>)</span> <span>[</span>session: 1731957be020<span>]</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Remote SSH version: b<span>'</span><span>SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> SSH client hassh fingerprint: 06046964c022c6407d15a27b12a6a4fb\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> kex alg, key alg: b<span>'</span><span>curve25519-sha256</span><span>'</span> b<span>'</span><span>ssh-rsa</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> outgoing: b<span>'</span><span>aes128-ctr</span><span>'</span> b<span>'</span><span>hmac-sha2-512</span><span>'</span> b<span>'</span><span>none</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> incoming: b<span>'</span><span>aes128-ctr</span><span>'</span> b<span>'</span><span>hmac-sha2-512</span><span>'</span> b<span>'</span><span>none</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> NEW KEYS\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> starting service b<span>'</span><span>ssh-userauth</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> b<span>'</span><span>root</span><span>'</span> trying auth b<span>'</span><span>none</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> b<span>'</span><span>root</span><span>'</span> trying auth b<span>'</span><span>publickey</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> public key attempt <span>for</span> user b<span>'</span><span>root</span><span>'</span> of <span>type</span> b<span>'</span><span>ssh-rsa</span><span>'</span> with fingerprint bc:62:6b:16:0a:40:b6:58:a7:99:e7:ad:1a:9e:e4:4e\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> b<span>'</span><span>root</span><span>'</span> failed auth b<span>'</span><span>publickey</span><span>'</span>\n2020-07-10T13:25:48+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> reason: <span>(</span><span>'</span><span>Incorrect signature</span><span>'</span>, None<span>)</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> b<span>'</span><span>root</span><span>'</span> trying auth b<span>'</span><span>password</span><span>'</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Could not <span>read</span> etc/userdb.txt, default database activated\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> login attempt <span>[</span>b<span>'</span><span>root</span><span>'</span>/b<span>'</span><span>password</span><span>']</span> succeeded\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Initialized emulated server as architecture: linux-x64-lsb\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> b<span>'</span><span>root</span><span>'</span> authenticated with b<span>'</span><span>password</span><span>'</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-userauth</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> starting service b<span>'</span><span>ssh-connection</span><span>'</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> got channel b<span>'</span><span>session</span><span>'</span> request\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> channel open\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> got global b<span>'</span><span>no-more-sessions@openssh.com</span><span>'</span> request\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> pty request: b<span>'</span><span>xterm-256color</span><span>'</span> <span>(</span><span>54</span>, <span>202</span>, <span>0</span>, <span>0</span><span>)</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Terminal Size: <span>202</span> <span>54</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> request_env: b<span>'</span><span>LANG</span><span>'=</span>b<span>'</span><span>C.UTF-8</span><span>'</span>\n2020-07-10T13:25:51+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> getting shell\n2020-07-10T13:25:55+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD: whoami\n2020-07-10T13:25:55+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Command found: whoami\n2020-07-10T13:25:56+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD: id\n2020-07-10T13:25:56+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Command found: id\n2020-07-10T13:25:59+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD: uname <span>-a</span>\n2020-07-10T13:25:59+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Command found: uname <span>-a</span>\n2020-07-10T13:26:01+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD:\n2020-07-10T13:26:01+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD:\n2020-07-10T13:26:03+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD: nc\n2020-07-10T13:26:03+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Command found: nc\n2020-07-10T13:26:04+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD:\n2020-07-10T13:26:04+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD:\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> CMD: <span>exit</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Command found: <span>exit</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> exitCode: <span>0</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> sending request b<span>'</span><span>exit-status</span><span>'</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Closing TTY Log: var/lib/cowrie/tty/b5377bf3fdd31e29a30f8f18a4835d9f439157f591eafef456b563055e59a28e after <span>13</span> seconds\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> sending close <span>0</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>SSHChannel session (<span>0</span>) on SSHService b<span>'</span><span>ssh-connection</span><span>'</span> on HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> remote close\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Got remote error, code <span>11</span> reason: b<span>'</span><span>disconnected by user</span><span>'</span>\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> avatar root logging out\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> connection lost\n2020-07-10T13:26:05+<span>0000</span> <span>[</span>HoneyPotSSHTransport,<span>3</span>,<span>172</span>.<span>17</span>.<span>0</span>.<span>1</span><span>]</span> Connection lost after <span>16</span> seconds\n</pre>\n\n\n<p><code>CMD: hogehoge</code>となっている部分がRemote SSH側で入力されたコマンドです。このような形で、攻撃してきたときに入力されたコマンドを収集することができます。</p>\n\n<p>ハニーポットではこのように攻撃を受けたときのログ情報などを収集することができます。世の中の色々なサービスをエミュレートできるハニーポットが色々あるので、調べつつ本ブログに残していきたいと思います。</p>\n\n<h2>参考</h2>\n\n<p><a href=\"https://ja.wikipedia.org/wiki/%E3%83%8F%E3%83%8B%E3%83%BC%E3%83%9D%E3%83%83%E3%83%88\" rel=\"noopener noreferrer\" target=\"_blank\">ハニーポット - Wikipedia</a></p>" } ] }
記事が取得・・・できたのかもしれないのですが、"content"が化けちゃってうまく取得できないですね・・・
変換すれば読めるのかもしれないですが、どうやってやったらいいのでしょうか・・・(調べ中。。。)
ログアウト
とりあえず、ログインしたセッションを終了します。
- request
$ curl -d '{"sid":"7cugckd3jophsejqiti152js6i" ,"op":"logout"}' http://localhost:8280/tt-rss/api/
- response
{ "seq": 0, "status": 0, "content": { "status": "OK" } }
TinyTinyRSSをAPIで操作してみました。APIで操作できると特定キーワードの必要な記事を自動で収集したりできそうです。
Contentが化けちゃってる件は調査中です・・・!どうやったらいいかわかる人いたら教えてください。。。( ノД`)シクシク…
参考: