def accounts_import_file(filename=None, service=['info', '0'], f_type=None, f_source=None):
"""
Processes an Imported password file to the accounts table
"""
print("Processing password file: %s" % (filename))
from skaldship.passwords import process_password_file, insert_or_update_acct
account_data = process_password_file(pw_file=filename, file_type=f_type, source=f_source)
resp_text = insert_or_update_acct(service, account_data)
print(resp_text)
return True
def accounts_import_file(filename=None,
service=['info', '0'],
f_type=None,
f_source=None):
"""
Processes an Imported password file to the accounts table
"""
print("Processing password file: %s" % (filename))
from skaldship.passwords import process_password_file, insert_or_update_acct
account_data = process_password_file(pw_file=filename,
file_type=f_type,
source=f_source)
resp_text = insert_or_update_acct(service, account_data)
print(resp_text)
return True
def process_pwdump_loot(loot_list=[], msf=None):
"""
Takes an array of loot records in loot_list, downloads the pwdump file and
adds the users.
"""
from skaldship.passwords import process_password_file, insert_or_update_acct
db = current.globalenv['db']
cache = current.globalenv['cache']
logging.debug('loot_list = %s' % (loot_list))
data = []
for loot_id in loot_list:
loot = msf.loot_download(loot_id)
if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
logging.error("Loot is not a pwdump, it is a %s" % loot['ltype'])
continue
else:
# process the pwdump file
pw_data = loot['data'].split('\n')
accounts = process_password_file(
pw_data=pw_data,
file_type='PWDUMP',
source='Metasploit',
)
# find the info/0 service id for the host
host_id = get_host_record(loot['host'])
query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host_id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host_id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
logging.info("Added pwdump records for host: %s" % (loot['host']))
data.append({ loot['host']: resp_text })
return data
def process_pwdump_loot(loot_list=[], msf=None):
"""
Takes an array of loot records in loot_list, downloads the pwdump file and
adds the users.
"""
from skaldship.passwords import process_password_file, insert_or_update_acct
db = current.globalenv['db']
cache = current.globalenv['cache']
logging.debug('loot_list = %s' % (loot_list))
data = []
for loot_id in loot_list:
loot = msf.loot_download(loot_id)
if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
logging.error("Loot is not a pwdump, it is a %s" % loot['ltype'])
continue
else:
# process the pwdump file
pw_data = loot['data'].split('\n')
accounts = process_password_file(
pw_data=pw_data,
file_type='PWDUMP',
source='Metasploit',
)
# find the info/0 service id for the host
host_id = get_host_record(loot['host'])
query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host_id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host_id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
logging.info("Added pwdump records for host: %s" % (loot['host']))
data.append({ loot['host']: resp_text })
return data
pw_data=pw_data,
file_type=file_type,
source='Metasploit',
)
# find the info/0 service id for the host
host_id = get_host_record(loot['host'])
query = (db.t_services.f_number == number) & (db.t_services.f_proto == proto) & (db.t_services.f_hosts_id == host_id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host_id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
logging.info("Added loot accounts for host: %s" % ())
data.append({ loot['host']: resp_text })
##-------------------------------------------------------------------------
def process_report_xml(
filename=None,
ip_ignore_list=None,
ip_include_list=None,
engineer=1,
asset_group="Metasploit Import",
update_hosts=True,
):
"""
Processes a Metasploit XML Export for the following data and adds to the db:
def import_file():
"""
Import and parse password file into t_accounts
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL('accounts', 'import_file')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
url = URL('accounts',
'import_file',
vars={'service_id': request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(
db.t_services.f_hosts_id == host_record.id).select(
cache=(cache.ram, 30))
url = URL('accounts',
'import_file',
vars={'host_id': request.vars.host_id})
for record in svc_records:
svc_set.append(
(record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
if request.extension == "load":
buttons = []
else:
buttons = ['submit']
form = SQLFORM.factory(
Field('f_service',
'string',
label=T('Host / Service'),
requires=IS_IN_SET(svc_set),
default=svc_set[0][0]),
Field('f_filename',
'upload',
uploadfolder=os.path.join(request.folder,
settings.password_upload_dir),
label=T('Password file')),
Field('f_type',
'string',
label=T('File type'),
default='PWDUMP',
requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')),
Field('f_taskit',
type='boolean',
default=True,
label=T('Run in background task')),
buttons=buttons,
_action=url,
_id='accounts_import_form')
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if form.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir,
form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
accounts_import_file,
pvars=dict(filename=filename,
service=form.vars.f_service,
f_type=form.vars.f_type,
f_source=form.vars.f_source),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=300 # 5 minutes
)
if task.id:
resp_text = "Submitted file for processing: %s" % (A(
"task " + str(task.id),
_href=URL(c='tasks', f='status', args=task.id)).xml())
else:
resp_text = "Error submitting job: %s" % (task.errors)
else:
logger.info("Processing password file: %s" % (filename))
account_data = process_password_file(pw_file=filename,
file_type=request.vars.f_type,
source=request.vars.f_source)
resp_text = insert_or_update_acct(form.vars.f_service,
account_data)
logger.info(resp_text)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(filename, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (filename, e))
db.t_evidence.insert(
f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id,
f_type='Password File',
f_text=form.vars.f_type,
f_filename=orig_filename,
f_evidence=form.vars.f_filename,
f_data=pwdata)
db.commit()
def paste():
"""
Import and parse password pasted to a textbox into t_accounts
"""
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL('accounts', 'paste')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
url = URL('accounts',
'paste',
vars={'service_id': request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(
db.t_services.f_hosts_id == host_record.id).select(
cache=(cache.ram, 30))
url = URL('accounts',
'paste',
vars={'host_id': request.vars.host_id})
for record in svc_records:
svc_set.append(
(record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
if request.extension == "load":
buttons = []
else:
buttons = ['submit']
form = SQLFORM.factory(
Field('f_service',
'string',
label=T('Host / Service'),
requires=IS_IN_SET(svc_set),
default=svc_set[0][0]),
Field('f_pwtext', 'text', label=T('Password text')),
Field('f_type',
'string',
label=T('File type'),
default='PWDUMP',
requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')),
buttons=buttons,
_action=url,
_id='accounts_paste_form'
#_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
from utils import web2py_uuid
host_id = db.t_services[form.vars.f_service].f_hosts_id
pwd_file_dir = os.path.join(request.folder, 'data', 'passwords',
'other')
if not os.path.exists(pwd_file_dir):
from gluon.fileutils import mktree
mktree(pwd_file_dir)
filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
full_file_path = os.path.join(request.folder, 'data/passwords/other',
filename)
of = open(full_file_path, "w")
of.write(form.vars.f_pwtext)
of.close()
logger.debug("Processing password file: %s" % (full_file_path))
account_data = process_password_file(pw_file=full_file_path,
file_type=request.vars.f_type,
source=request.vars.f_source)
response.headers[
'web2py-component-command'] = 'accounttable.fnReloadAjax();'
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(full_file_path, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (full_file_path, e))
resp_text += "Error opening %s: %s\n" % (full_file_path, e)
db.t_evidence.insert(f_hosts_id=host_id,
f_type='Password File',
f_text=form.vars.f_type,
f_filename=filename,
f_evidence=filename,
f_data=pwdata)
resp_text += "\n%s added to evidence\n" % (filename)
db.commit()
pw_data=pw_data,
file_type=file_type,
source='Metasploit',
)
# find the info/0 service id for the host
host_id = get_host_record(loot['host'])
query = (db.t_services.f_number == number) & (db.t_services.f_proto == proto) & (db.t_services.f_hosts_id == host_id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host_id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
logging.info("Added loot accounts for host: %s" % ())
data.append({ loot['host']: resp_text })
##-------------------------------------------------------------------------
def process_report_xml(
filename=None,
ip_ignore_list=None,
ip_include_list=None,
engineer=1,
asset_group="Metasploit Import",
update_hosts=True,
):
"""
Processes a Metasploit XML Export for the following data and adds to the db:
def import_file():
"""
Import and parse password file into t_accounts
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL("accounts", "import_file")
if request.vars.has_key("service_id"):
try:
record = db.t_services[request.vars.service_id]
svc_set.append(
(
record.id,
"%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
url = URL("accounts", "import_file", vars={"service_id": request.vars.service_id})
except:
pass
elif request.vars.has_key("host_id"):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL("accounts", "import_file", vars={"host_id": request.vars.host_id})
for record in svc_records:
svc_set.append(
(
record.id,
"%s :: %s/%s"
% (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append(
(
record.id,
"%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
if request.extension == "load":
buttons = []
else:
buttons = ["submit"]
form = SQLFORM.factory(
Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field(
"f_filename",
"upload",
uploadfolder=os.path.join(request.folder, settings.password_upload_dir),
label=T("Password file"),
),
Field(
"f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types)
),
Field("f_source", "string", label=T("Source (if necessary)")),
Field("f_add_to_evidence", "boolean", label=T("Add Evidence")),
Field("f_taskit", type="boolean", default=True, label=T("Run in background task")),
buttons=buttons,
_action=url,
_id="accounts_import_form",
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = "Error in form"
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if form.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
accounts_import_file,
pvars=dict(
filename=filename, service=form.vars.f_service, f_type=form.vars.f_type, f_source=form.vars.f_source
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=300, # 5 minutes
)
if task.id:
resp_text = "Submitted file for processing: %s" % (
A("task " + str(task.id), _href=URL(c="tasks", f="status", args=task.id)).xml()
)
else:
resp_text = "Error submitting job: %s" % (task.errors)
else:
logger.info("Processing password file: %s" % (filename))
account_data = process_password_file(
pw_file=filename, file_type=request.vars.f_type, source=request.vars.f_source
)
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
logger.info(resp_text)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(filename, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (filename, e))
db.t_evidence.insert(
f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id,
f_type="Password File",
f_text=form.vars.f_type,
f_filename=orig_filename,
f_evidence=form.vars.f_filename,
f_data=pwdata,
)
db.commit()
def paste():
"""
Import and parse password pasted to a textbox into t_accounts
"""
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL("accounts", "paste")
if request.vars.has_key("service_id"):
try:
record = db.t_services[request.vars.service_id]
svc_set.append(
(
record.id,
"%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
url = URL("accounts", "paste", vars={"service_id": request.vars.service_id})
except:
pass
elif request.vars.has_key("host_id"):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL("accounts", "paste", vars={"host_id": request.vars.host_id})
for record in svc_records:
svc_set.append(
(
record.id,
"%s :: %s/%s"
% (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append(
(
record.id,
"%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
)
)
if request.extension == "load":
buttons = []
else:
buttons = ["submit"]
form = SQLFORM.factory(
Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field("f_pwtext", "text", label=T("Password text")),
Field(
"f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types)
),
Field("f_source", "string", label=T("Source (if necessary)")),
Field("f_add_to_evidence", "boolean", label=T("Add file to Evidence")),
buttons=buttons,
_action=url,
_id="accounts_paste_form"
# _action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = "Error in form"
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
from utils import web2py_uuid
host_id = db.t_services[form.vars.f_service].f_hosts_id
pwd_file_dir = os.path.join(request.folder, "data", "passwords", "other")
if not os.path.exists(pwd_file_dir):
from gluon.fileutils import mktree
mktree(pwd_file_dir)
filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
full_file_path = os.path.join(request.folder, "data/passwords/other", filename)
of = open(full_file_path, "w")
of.write(form.vars.f_pwtext)
of.close()
logger.debug("Processing password file: %s" % (full_file_path))
account_data = process_password_file(
pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source
)
response.headers["web2py-component-command"] = "accounttable.fnReloadAjax();"
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(full_file_path, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (full_file_path, e))
resp_text += "Error opening %s: %s\n" % (full_file_path, e)
db.t_evidence.insert(
f_hosts_id=host_id,
f_type="Password File",
f_text=form.vars.f_type,
f_filename=filename,
f_evidence=filename,
f_data=pwdata,
)
resp_text += "\n%s added to evidence\n" % (filename)
db.commit()
