class Attacker(Service, threading.Thread): def __init__(self): pass def name(self): return "attacker" def description(self): return "Attacker based on multiprocessing." def start(self, *args, **kwargs): self.log = NLog(self.name) self.log.info("Service attacker inited.") threading.Thread.start(self, *args, **kwargs) def stop(self): self.log.info("Service attacker stopped.") def setDaemon(self, *args, **kwargs): threading.Thread.setDaemon(self, *args, **kwargs) def make_parser(self, superparser): if not superparser: msg = "Need to give super parser" self.log.error(msg) subp = superparser.add_parser(self.name(), help=self.description()) subp.add_argument("action", type=str, help="service action") def do(self, action): pass def run(self): atk_round = -1 pass
class SubmitterService(Service, threading.Thread): def __init__(self): threading.Thread.__init__(self, name="Submitter") gc = ConfigParser() gc.read("/app/config/general.cfg") self.token = gc.get("GENERAL", "FLAG_TOKEN") self.flagq = Queue.Queue() self.isrun = True #self.token = token self.log = None def name(self): return "submitter" def description(self): return "Service used to submit flag and generate log." def stop(self): self.isrun = False self.log.info("Service submitter stopped.") def start(self, *args, **kwargs): self.log = NLog(self.name()) self.log.info("Service submitter inited.") threading.Thread.start(self, *args, **kwargs) def make_completer(self): return None def make_parser(self, superparser=None): if not superparser: msg = "Need to give super parser" subp = superparser.add_parser(self.name(), help=self.description()) subp.add_argument("action", type=str, help="service action") def setDaemon(self, *args, **kwargs): threading.Thread.setDaemon(self, *args, **kwargs) def do(self, action): if action == "help": print self.description() else: msg = "Unrecognized action for service {}: {}".format( self.name(), action) self.log.error(msg) def run(self): self.log.info("Submitter start running.") while self.isrun: try: if not self.flagq.empty(): flag = self.flagq.get() self.submit(flag) except Exception as e: msg = str(e) self.log.error(e) #print(msg) def correct_flag(self, r): return {"status": "correct"} def submit(self, flag): url = "http://127.0.0.1:8099/" data = {"flag": flag.flag, "token": self.token} r = requests.post(url, data=data) self.report(flag, self.correct_flag(r.text)) def report(self, flag, resp): msg = "Attack {ip}:{port} with payload {payload} {status}.".format( ip=flag.ip, port=flag.port, payload=flag.payload, status=resp["status"]) print(msg) self.log.info("Report: " + msg) def add(self, flag, ip, port, payload): f = Flag(flag, ip, port, payload) self.flagq.put(f)
class GameboxService(Service): def __init__(self): gc = ConfigParser() gc.read("/app/config/general.cfg") confpath = gc.get("GENERAL", "GAMEBOX_CONFIG") self.cfg = ConfigParser() #confpath="/app/config/gamebox.cfg" self.cfg.read(confpath) self.gameboxs = [] def name(self): return "gamebox" def description(self): return "Gamebox service store gamebox information." def stop(self): self.log.info("Service Gamebox stopped.") pass def start(self, *args, **kwargs): self.log = NLog(self.name()) msg = ("Service Gamebox inited.") self.log.info(msg) self.loadGameboxs() def setDaemon(self, *args, **kwargs): pass def make_parser(self, superparser): if not superparser: msg = "Need to give super parser" self.log.error(msg) subp = superparser.add_parser(self.name(), help=self.description()) subp.add_argument("action", type=str, help="service action") def do(self, action): if action == "show": self.printGameboxs() elif action == "load" or action == "reload": self.loadGameboxs() else: msg = "Unrecognized action for service {}: {}".format(self.name(), action) self.log.error(msg) print msg def loadGameboxs(self): secs = self.cfg.sections() self.gameboxs = [] for sec in secs: self.gameboxs.append( Gamebox( sec, self.cfg.get(sec, "IP"), self.cfg.get(sec, "PORT"), self.cfg.get(sec, "INNER_IP"), self.cfg.get(sec, "INNER_PORT"), self.cfg.get(sec, "SSH_PORT"), self.cfg.get(sec, "SSH_USER"), self.cfg.get(sec, "SSH_PASS") ) ) def printGameboxs(self): x = lambda x,y: safeGetAttr(x,y) pt = PrettyTable(['name', "ip", "port"]) for gb in self.gameboxs: pt.add_row([ x(gb, "name"), x(gb, "ip"), x(gb, "port") ]) print(pt) def getGameboxs(self): return self.gameboxs def getGameboxByName(self, name): for gb in self.gameboxs: if gb.name == name: return gb return None def get_gamebox_names(self): return [each.name for each in self.gameboxs] def get_gamebox_ips(self): ret = [] for each in self.gameboxs: ret.extend(genIPList(each.ip)) return ret
class ExploitService(Service): def __init__(self): gc = ConfigParser() gc.read("/app/config/general.cfg") self.exppath = gc.get("GENERAL", "EXP_PATH") #self.exppath = "/app/exploits/" self.exps = {} self.log = None def name(self): return "exploit" def description(self): return "Exploit services" def stop(self): self.log.info("Service Exploit stopped.") pass def start(self, *args, **kwargs): self.log = NLog(self.name()) self.log.info("Service Exploit inited.") self.loadAllExps() def setDaemon(self, *args, **kwargs): pass def make_parser(self, superparser): if not superparser: msg = "Need to give super parser" self.log.error(msg) return subp = superparser.add_parser(self.name(), help=self.description) subp.add_argument("action", type=str, help="service action") def do(self, action): if action == "show": self.printExps() elif action == "reload": c = WordCompleter(self.getExps) p = prompt("Which exp you want to reload:\n>> ", completer=c) exps = shlex.split(p) msg = "reload: " + str(exps) self.log.info(msg) self.reload(exps) else: msg = "Unrecognized action for service {}: {}".format(self.name(), action) print(msg) self.log.error(msg) def getExps(self): explist = [] for f in os.listdir(self.exppath): if os.path.isfile(self.exppath + os.sep + f): if f[-3:] == ".py": explist.append(f[:-3]) return explist def loadExp(self, exp_name): """ Load an exploit and return an exploit object. Args: exp_name: Script name of the exploit Returns: An exploit module if success, otherwise None. """ try: exp_path = "{base}{fn}.py".format(base=self.exppath, fn=exp_name) mod = imp.load_source(exp_name, exp_path) obj = mod.Exploit() return mod #return obj except Exception as e: msg = "Cannot load exploit `{exp_name}`".format(exp_name=exp_name) self.log.error(msg) print e return None def loadAllExps(self): self.exps = [] exists_exps = self.getExps() ret = {} for exp in exists_exps: e = self.loadExp(exp) if e.Exploit().target in ret: ret[e.Exploit().target].append(e) else: ret[e.Exploit().target] = [e] for t in ret: ret[t].sort(key=lambda x: x.Exploit().level, reverse=True) self.exps = ret def printExps(self): x = lambda x,y: safeGetAttr(x,y) exp_list = [] for k in self.exps: exp_list.extend(self.exps[k]) pt = prettytable.PrettyTable(["file", "target", "author", "level", "timeout"]) for exp in exp_list: pt.add_row([ x(exp.Exploit(), "fname"), x(exp.Exploit(), "target"), x(exp.Exploit(), "author"), x(exp.Exploit(), "level"), x(exp.Exploit(), "timeout") ]) print(pt) def getExpNameByPath(self, s): bname = os.path.basename(s) if bname.endswith(".py"): return bname[:-3] if bname.endswith(".pyc"): return bname[:-4] def reload(self, targets=[]): if 'all' in targets: self.loadAllExps() return for e in targets: for target in self.exps: l = self.exps[target] found = 0 for ee in l: if e == self.getExpNameByPath(ee.Exploit().fname): self.exps[target].remove(ee) self.exps[target].append( self.loadExp(e) ) self.exps[target].sort(key=lambda x: x.Exploit().level, reverse=True) found = 1 break if found == 0: msg = "Unable to find exploit {}".format(e) print msg self.log.error(e) return def getExpByTarget(self, target): return self.exps[target] if target in self.exps else [] def get_exp_names(self): ret = [] for k in self.exps: for exp in self.exps[k]: ret.append(exp.name()) return ret