Ejemplo n.º 1
0
    def rsync_creak(self,ip,port):
            try:
                for data in self.lines:
                    username=data.split(':')[0]
                    password=data.split(':')[1]
                    flag=self.rsync_connect(ip,username,password,port)

                    if flag==3:
                        self.lock.acquire()
                        printRed("fail!!bacaues can't find any module\r\n")
                        self.lock.release()
                        break

                    if flag==2:
                        self.lock.acquire()
                        printRed("fail!!bacaues modulename is error\r\n")
                        self.lock.release()
                        break

                    if flag==1:
                        self.lock.acquire()
                        printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                        self.result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                        self.lock.release()
                        break
                    else:
                        self.lock.acquire()
                        print "%s rsync service 's %s:%s login fail " %(ip,username,password)
                        self.lock.release()
            except Exception,e:
                print e
Ejemplo n.º 2
0
def rsync_creak(ip,port):
        try:
            d=open('conf/rsync.conf','r')
            data=d.readline().strip('\r\n')
            while(data):
                username=data.split(':')[0]
                password=data.split(':')[1]
                flag=rsync_connect(ip,username,password,port)

                if flag==3:
                    lock.acquire()
                    printRed("fail!!bacaues can't find any module\r\n")
                    lock.release()
                    break

                if flag==2:
                    lock.acquire()
                    printRed("fail!!bacaues modulename is error\r\n")
                    lock.release()
                    break

                if flag==1:
                    lock.acquire()
                    printGreen("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                    result.append("%s rsync at %s has weaken password!!-------%s:%s\r\n" %(ip,port,username,password))
                    lock.release()
                    break
                else:
                    lock.acquire()
                    print "%s rsync service 's %s:%s login fail " %(ip,username,password)
                    lock.release()
                data=d.readline().strip('\r\n')
        except Exception,e:
            print e
Ejemplo n.º 3
0
def hit_hb(s,ip,port):
    s.send(hb)
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            lock.acquire()
            print 'No heartbeat response received, %s ssl at %s likely not vulnerable' %(ip,port)
            lock.release()
            return False

        if typ == 24:
            if len(pay) > 3:
                lock.acquire()
                printRed('WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n' %(ip,port))
                result.append('WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n' %(ip,port))
                lock.release()
            else:
                lock.acquire()
                printRed('%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n' %(ip,port))
                result.append('%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n' %(ip,port))
                lock.release()
            return True

        if typ == 21:
            lock.acquire()
            print 'Server returned error, likely not vulnerable'
            lock.release()
            return False
Ejemplo n.º 4
0
    def mongoDB_connect(self, ip, username, password, port):
        crack = 0
        try:
            connection = pymongo.Connection(ip, port)
            db = connection.admin
            db.collection_names()
            self.lock.acquire()
            printRed(
                '%s mongodb service at %s allow login Anonymous login!!\r\n' %
                (ip, port))
            self.result.append(
                '%s mongodb service at %s allow login Anonymous login!!\r\n' %
                (ip, port))
            self.lock.release()
            crack = 1

        except Exception, e:
            if e[0] == 'database error: not authorized for query on admin.system.namespaces':
                try:
                    r = db.authenticate(username, password)
                    if r != False:
                        crack = 2
                    else:
                        self.lock.acquire()
                        crack = 3
                        print "%s mongodb service 's %s:%s login fail " % (
                            ip, username, password)
                        self.lock.release()
                except Exception, e:
                    pass
Ejemplo n.º 5
0
    def mongoDB_connect(self,ip,username,password,port):
        crack=0
        try:
            connection=pymongo.Connection(ip,port)
            db=connection.admin
            db.collection_names()
            self.lock.acquire()
            printRed('%s mongodb service at %s allow login Anonymous login!!\r\n' %(ip,port))
            self.result.append('%s mongodb service at %s allow login Anonymous login!!\r\n' %(ip,port))
            self.lock.release()
            crack=1

        except Exception,e:
            if e[0]=='database error: not authorized for query on admin.system.namespaces':
                try:
                    r=db.authenticate(username,password)
                    if r!=False:
                        crack=2
                    else:               
                        self.lock.acquire()
                        crack=3
                        print "%s mongodb service 's %s:%s login fail " %(ip,username,password)
                        self.lock.release()                   
                except Exception,e:
                    pass
Ejemplo n.º 6
0
def mongoDB_connect(ip, username, password, port):
    crack = 0
    try:
        connection = pymongo.Connection(ip, port)
        db = connection.admin
        db.collection_names()
        lock.acquire()
        printRed("%s mongodb service at %s allow login Anonymous login!!\r\n" % (ip, port))
        result.append("%s mongodb service at %s allow login Anonymous login!!\r\n" % (ip, port))
        lock.release()
        crack = 1

    except Exception, e:
        if e[0] == "database error: not authorized for query on admin.system.namespaces":
            try:
                db.authenticate(username, password)
                crack = 2
            except Exception, e:
                lock.acquire()
                print "%s mongodb service 's %s:%s login fail " % (ip, username, password)
                lock.release()
                crack = 3
Ejemplo n.º 7
0
    def hit_hb(self,s,ip,port):
        s.send(self.hb)
        while True:
            typ, ver, pay = self.recvmsg(s)
            if typ is None:
                return False

            if typ == 24:
                if len(pay) > 3:
                    self.lock.acquire()
                    printRed('WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n' %(ip,port))
                    self.result.append('WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n' %(ip,port))
                    self.lock.release()
                else:
                    self.lock.acquire()
                    printRed('%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n' %(ip,port))
                    self.result.append('%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n' %(ip,port))
                    self.lock.release()
                return True

            if typ == 21:
                return False
Ejemplo n.º 8
0
def hit_hb(s, ip, port):
    s.send(hb)
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            lock.acquire()
            print 'No heartbeat response received, %s ssl at %s likely not vulnerable' % (
                ip, port)
            lock.release()
            return False

        if typ == 24:
            if len(pay) > 3:
                lock.acquire()
                printRed(
                    'WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n'
                    % (ip, port))
                result.append(
                    'WARNING: %s ssl at %s returned more data than it should - server is vulnerable!\r\n'
                    % (ip, port))
                lock.release()
            else:
                lock.acquire()
                printRed(
                    '%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n'
                    % (ip, port))
                result.append(
                    '%s ssl at %s processed malformed heartbeat, but did not return any extra data.\r\n'
                    % (ip, port))
                lock.release()
            return True

        if typ == 21:
            lock.acquire()
            print 'Server returned error, likely not vulnerable'
            lock.release()
            return False
Ejemplo n.º 9
0
    def rsync_creak(self, ip, port):
        try:
            for data in self.lines:
                username = data.split(':')[0]
                password = data.split(':')[1]
                flag = self.rsync_connect(ip, username, password, port)

                if flag == 3:
                    self.lock.acquire()
                    printRed("fail!!bacaues can't find any module\r\n")
                    self.lock.release()
                    break

                if flag == 2:
                    self.lock.acquire()
                    printRed("fail!!bacaues modulename is error\r\n")
                    self.lock.release()
                    break

                if flag == 1:
                    self.lock.acquire()
                    printGreen(
                        "%s rsync at %s has weaken password!!-------%s:%s\r\n"
                        % (ip, port, username, password))
                    self.result.append(
                        "%s rsync at %s has weaken password!!-------%s:%s\r\n"
                        % (ip, port, username, password))
                    self.lock.release()
                    break
                else:
                    self.lock.acquire()
                    print "%s rsync service 's %s:%s login fail " % (
                        ip, username, password)
                    self.lock.release()
        except Exception, e:
            print e
Ejemplo n.º 10
0
        lock.release()
        crack = 1

    except Exception, e:
        if e[0] == "database error: not authorized for query on admin.system.namespaces":
            try:
                db.authenticate(username, password)
                crack = 2
            except Exception, e:
                lock.acquire()
                print "%s mongodb service 's %s:%s login fail " % (ip, username, password)
                lock.release()
                crack = 3

        else:
            printRed("%s mongodb service at %s not connect" % (ip, port))
            crack = 4
    return crack


def mongoDB(ip, port):
    try:
        d = open("conf/mongodb.conf", "r")
        data = d.readline().strip("\r\n")
        while data:
            username = data.split(":")[0]
            password = data.split(":")[1]
            flag = mongoDB_connect(ip, username, password, port)
            if flag in [1, 4]:
                break
Ejemplo n.º 11
0
        lock.release()
        crack=1

    except Exception,e:
        if e[0]=='database error: not authorized for query on admin.system.namespaces':
            try:
                db.authenticate(username,password)
                crack=2
            except Exception,e:
                lock.acquire()
                print "%s mongodb service 's %s:%s login fail " %(ip,username,password)
                lock.release()
                crack=3

        else:
            printRed('%s mongodb service at %s not connect' %(ip,port))
            crack=4
    return crack



def mongoDB(ip,port):
        try:
            d=open('conf/mongodb.conf','r')
            data=d.readline().strip('\r\n')
            while(data):
                username=data.split(':')[0]
                password=data.split(':')[1]
                flag=mongoDB_connect(ip,username,password,port)
                if flag in [1,4]:
                    break