Ejemplo n.º 1
0
 def genNextRequest(self): 
     """
     Generate next request to fire on target SIP UAS
     """
     if not self._testpktgenerated:
         self._testpktgenerated = True
         self.logDebug('sending test request')
         reqpkt = makeRequest('REGISTER',
                              self._targetip,
                              self._targetport,  
                              self._xternalip,
                              self._localport,
                              extension=self._username, 
                              cseqnum=1,
                              )
     else:
         localtag = None
         cseqnum = 1
         if len(self._challenges) > 0:
             try:
                 nextpasswd = self._scaniter.next()
             except StopIteration:
                 return None
             self.logDebug('trying password: %s' %nextpasswd)
             localtag = createTag('%s:%s' %(self._username,nextpasswd), '\xDE\xAD\xBE\xEF')
             auth = dict()
             auth['username'] = self._username
             auth['realm'] = self._realm
             auth['algorithm'] = self._digestalgorithm
             if self._reusenonce:
                 auth['nonce'] = self._staticnonce
                 callid = self._staticcallid
             else:
                 auth['nonce'], callid = self._challenges.pop()
                 auth['proxy'] = self._targetisproxy
                 auth['password'] = nextpasswd
                 cseqnum = 2
         else:
             auth = None
             callid = None
         reqpkt = makeRequest('REGISTER',
                              self._targetip,
                              self._targetport,  
                              self._xternalip,
                              self._localport,
                              toaddr,
                              fromaddr,
                              extension=self._username, 
                              callid=callid,
                              contact=contact,
                              cseqnum=cseqnum,
                              localtag=localtag,
                              auth=auth)
     return (self._targetip,self._targetport), reqpkt
Ejemplo n.º 2
0
 def genNextRequest(self):
     """
     Generate next request to fire on target SIP UAS
     """
     if self._BADUSERCODE is None:
         self._nb_test_pkts_generated += 1
         self.logDebug("generating test packet #%d for method '%s' .." %(self._nb_test_pkts_generated,
                                                                         self._currentmethod))
         nextusername = random.getrandbits(50)
     else:
         try:
             nextusername = self._scaniter.next()
         except StopIteration:
             return None
     toaddr = fromaddr = '"%s"<sip:%s@%s>' %(nextusername,nextusername,self._targetip)
     contact = 'sip:%s@%s' %(nextusername,self._targetip)
     reqpkt = makeRequest(self._currentmethod,
                          self._targetip,
                          self._targetport,
                          self._xternalip, 
                          self._localport,
                          toaddr,
                          fromaddr,
                          contact=contact,
                          extension=nextusername)
     return (self._targetip,self._targetport), reqpkt        
Ejemplo n.º 3
0
 def genNextRequest(self):
     try:
         ip, port, method = self._scaniter.next()
     except StopIteration:
         return None
     reqpkt = makeRequest(method,
                          ip,
                          port,
                          self._xternalip,
                          self._localport,
                          )
     return (ip,port), reqpkt
Ejemplo n.º 4
0
 def pktCallback(self, srcaddr, pkt):
     """
     Food is served
     """
     self._targetisalive = True
     metadata = parsePkt(pkt)
     if metadata['headers']['To'] is None:
         # self.logInfo("received failure response: %s" %(metadata['respfirstline']))
         return
     if self._BADUSERCODE is None:
         """
         Perform a test 1st .. to find out what error code is returned for unknown users
         Quit if weird codes are returned (the SIP UAS must be sick or somethx \L/)
         """
         if metadata['code'] == TRYING \
                 or metadata['code'] == RINGING \
                 or metadata['code'] == UNAVAILABLE:
             pass
         elif metadata['code'] == OKAY \
                 or metadata['code'] == NOTALLOWED \
                 or metadata['code'] == UNSUPPORTED \
                 or metadata['code'] == NOTIMPLEMENTED \
                 or metadata['code'] == INEXISTENTTRANSACTION \
                 or metadata['code'] == NOTACCEPTABLE \
                 or metadata['code'] == BADREQUEST \
                 or metadata['code'] == PROXYAUTHREQ \
                 or metadata['code'] == INVALIDPASS \
                 or metadata['code'] == AUTHREQ \
                 or metadata['code'] == TEMPORARILYUNAVAILABLE:
             self.logWarning("SIP server (fatally) replied test packet with '%s'" %(metadata['respfirstline']))
             self.set_currentmethod()
         else:
             self.logDebug("ok. server replied test packet with '%s'"%(metadata['respfirstline']))
             self._BADUSERCODE = metadata['code']
             self.logDebug("setting BADUSERCODE = %s" % self._BADUSERCODE)
         return
     match = re.search("^(?P<username>.+?) *?<", metadata['headers']['To'])
     username = match.group('username').replace('"', '').replace("'", "")
     if metadata['code'] != self._BADUSERCODE:
         if username in self._doneusernames:
             return
         if (200 <= metadata['code'] < 300) and self._ackenabled: # ACKnowledge all 2XX (success!) responses
             if metadata['headers']['CSeq'] is None:
                 # self.logDebug("received failure response: %s" %(metadata['firstline']))
                 return
             match = re.search("^(?P<cseqnum>[0-9]+?) .+?", metadata['headers']['CSeq'])
             assert match is not None # XXX dirty
             cseqnum = match.group('cseqnum')
             ackpkt = makeRequest('ACK',
                                  srcaddr[0],
                                  srcaddr[1],
                                  self._xternalip,
                                  self._localport,
                                  extension=username,
                                  callid=metadata['headers']['Call-ID'],
                                  cseqnum=cseqnum)
             self.logInfo("received (success) response '%s' for username '%s'" %(metadata['respfirstline'], username))
             self.logDebug("sending ACK ..")
             self.sendto(ackpkt, srcaddr)
         if metadata['code'] == OKAY \
                 or metadata['code'] == AUTHREQ \
                 or metadata['code'] == PROXYAUTHREQ \
                 or metadata['code'] == INVALIDPASS \
                 or metadata['code'] == TEMPORARILYUNAVAILABLE:
             self._doneusernames.append(username)
             authentication = 'reqauth'
             if metadata['code'] == OKAY:
                 authentication = 'noauth'
             self.logInfo("cracked username: %s (response to '%s' request was '%s')" %(username,self._currentmethod,metadata['respfirstline']))
             if self._pcallback:
                 self._pcallback.announceNewTarget(targets.TARGET_SIP_USER(ip=srcaddr[0], 
                                                                           port=srcaddr[1],
                                                                           ua=metadata['headers']['User-Agent'],
                                                                           user=username,
                                                                           auth=authentication))
         else:
             self.logInfo("received '%s' for username '%s'" %(metadata['respfirstline'], username))
     else:
         self.logInfo("received failure response '%s' for username '%s'" %(metadata['respfirstline'], username))
         pass