Beispiel #1
0
	def __init__(self):
		
		# reverse arp demon. Used to simulate the virtual host
		self.arp_demon     = None
		# the exploit currently loaded
		self.exploit       = None
		# the module containing the current exploit
		self.exp_module    = None
		# the interface used to generate and receive packets
		self.interface     = 'eth0'
		# Mutant operators manager
		self.opmanager     = OpManager()
		# List of alert collectors
		self.collectors    = []
		# Mutant factory
		self.factory       = None
		# True if the alerts must be collected after each mutant execution
		self.collect_sync  = False
		# True if the log messages must be redirected during the exploit execution
		self.redirect      = True
		
		self.virtualhost_mac = 'undefined'
		self.virtualhost_ip  = 'undefined'
		
		self.targethost_mac  = 'undefined'
		self.targethost_ip   = '127.0.0.1'
				
		self.log    = logger.main.newSource("ENGINE")
		
		# Load the default mutant factory
		self.set_factory(utils.load_factory("factories/NullFactory.py"))
 		
		# Load the mutant operators
		self.opmanager.load_operators()
		
		# Scapy configuration
		scapy.scapy.conf.padding = 0
Beispiel #2
0
class Engine:
	
	def __init__(self):
		
		# reverse arp demon. Used to simulate the virtual host
		self.arp_demon     = None
		# the exploit currently loaded
		self.exploit       = None
		# the module containing the current exploit
		self.exp_module    = None
		# the interface used to generate and receive packets
		self.interface     = 'eth0'
		# Mutant operators manager
		self.opmanager     = OpManager()
		# List of alert collectors
		self.collectors    = []
		# Mutant factory
		self.factory       = None
		# True if the alerts must be collected after each mutant execution
		self.collect_sync  = False
		# True if the log messages must be redirected during the exploit execution
		self.redirect      = True
		
		self.virtualhost_mac = 'undefined'
		self.virtualhost_ip  = 'undefined'
		
		self.targethost_mac  = 'undefined'
		self.targethost_ip   = '127.0.0.1'
				
		self.log    = logger.main.newSource("ENGINE")
		
		# Load the default mutant factory
		self.set_factory(utils.load_factory("factories/NullFactory.py"))
 		
		# Load the mutant operators
		self.opmanager.load_operators()
		
		# Scapy configuration
		scapy.scapy.conf.padding = 0

	def clean_up(self):
		self.log.info("Cleaning up.\nBye Bye")
		if (self.arp_demon != None) and (self.arp_demon.is_running()):
			self.arp_demon.stop()
		if self.exploit:
			del self.exploit
		
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	# Alert Collectors	
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	
	def get_selected_collectors(self):
		return self.collectors
	
	def add_collector(self, collector):
		if collector in self.collectors:
			return
		self.collectors.append(collector)
	
	def remove_collector(self, collector):
		try:
			self.collectors.remove(collector)
		except:
			pass
				
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	# Interfaces	
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	def get_interfaces(self):
		temp = scapy.scapy.get_if_list()
		temp.remove('lo')
		return temp

	def get_iface(self):
		return self.interface
	
	def set_iface(self, iface):
		self.interface = iface
		tcp.interface  = iface
	
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	# Mutant factories
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	def set_factory(self, factory):
		if factory == None:
			self.log.error('Attempt to set Factory to "None".')
		self.factory = factory
		self.factory.set_opmanager(self.opmanager)
		if self.factory.require_sync_collectors():
			self.collect_sync = True
		else:
			self.collect_sync = False
		self.log.debug('Mutant Factory sets to: %s'%self.factory.__class__)
	
	def get_factory(self):
		return self.factory
		
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	# Hosts
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	def setVirtualHost(self, tmac, smac, ipaddr):
		self.log.info('Virtual host: %s (%s)'%(ipaddr,smac))
		self.log.info('Target MAC: %s'%(tmac))
				
		self.virtualhost_mac = smac
		self.virtualhost_ip  = ipaddr

		self.targethost_mac  = tmac
		eth.DEFAULT_TARGET_MAC = tmac

		ip.DEFAULT_SOURCE_ADDR = ipaddr
		eth.DEFAULT_SOURCE_MAC = smac
		if (self.arp_demon != None) and (self.arp_demon.is_running()):
			self.arp_demon.stop()
		self.arp_demon = ARPDemon(ipaddr, smac, iface=self.interface)
		
	def start_demon(self):
		if self.arp_demon == None:
			self.log.error('Attempt to start the ARP demon before configuring it')
			return False
		if self.arp_demon.is_running()==False:
			 self.arp_demon.start()
		return True
	
	def stop_demon(self):
		self.arp_demon.stop()
		
	def setTargetHost(self,ipaddr):
		self.log.info('Target host: %s'%ipaddr)
		self.targethost_ip   = ipaddr
		ip.DEFAULT_TARGET_ADDR = ipaddr
		
	def getTargetHost(self):
		return (self.targethost_ip, self.targethost_mac)
	
	def getVirtualHost(self):
		return (self.virtualhost_ip, self.virtualhost_mac)

	def set_userland_socket(self, bool):
		if bool==False:
			tcp.TCPSocket.DEFAULT_SOCKET = tcp.PythonTCPSocket
		else:
			tcp.TCPSocket.DEFAULT_SOCKET = tcp.UserSpaceTCPSocket

	def is_userland_socket_enabled(self):
		if tcp.TCPSocket.DEFAULT_SOCKET == tcp.PythonTCPSocket:
			return False
		else:
			return True

	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	# Exploit
	# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	def load_exploit(self, filename):
		loaded = False
		try:
			if self.exp_module != None:
				del sys.modules[self.exp_module.__name__]
			directory, f = os.path.split(filename)
			sys.path.append(directory)
			if f[-3:]=='.py':
				self.exp_module  = __import__(f[:-3]) 
			elif f[-4:]=='.pyc':
				self.exp_module  = __import__(f[:-4])
			else:
				self.log.warning('Bad file name %s'%filename)
			content = dir(self.exp_module)
			for x in content:
				try:
					obj = self.exp_module.__dict__[x]
					if issubclass(obj, interfaces.exploit.Exploit):
						self.exploit = obj()
						loaded = True
						self.log.info('%s exploit loaded'%filename)
						break
				except Exception, msg: 
					#print "Error loading exploit file %s:\r\n%s"%(filename,msg)
					#junk1, junk2, trace = sys.exc_info()
					#print "Line number: %d"%trace.tb_lineno
					pass
					
					
			sys.path.remove(directory)
		except Exception, msg:
			self.log.error("Error loading exploit file %s:\r\n%s"%(filename,msg))