Example #1
0
 def pktCallback(self, srcaddr, pkt):
     """
     FOOD IS SERVED \L/
     """
     if self.treated(srcaddr):
         return
     self._donesrcaddrs.append(srcaddr)
     
     metadata = parsePkt(pkt)
     if metadata is None:
         return
     
     self.logInfo("SIP (UDP) server '%s' at %s:%s" %(metadata['headers']['User-Agent'],srcaddr[0],srcaddr[1]))
     if self._pcallback:
         self._pcallback.announceNewTarget(targets.TARGET_SIP_SERVICE(ip=srcaddr[0], 
                                                                      port=srcaddr[1], 
                                                                      ua=metadata['headers']['User-Agent'],))
         if not srcaddr[0] in [target[0] for target in self._donesrcaddrs]:
             self._pcallback.announceNewTarget(targets.TARGET_IP(ip=srcaddr[0],))
Example #2
0
 def pktCallback(self, srcaddr, pkt):
     self._targetisalive = True
     metadata = parsePkt(pkt)
     if metadata['code'] == PROXYAUTHREQ:
         self._targetisproxy = True
     elif metadata['code'] == AUTHREQ:
         self._targetisproxy = False
     if metadata.has_key('auth-header'):
         if self._realm is None:
             self._realm = metadata['auth-header']['realm']
         if self._digestalgorithm is None:
             self._digestalgorithm = metadata['auth-header']['algorithm']
         if None not in [metadata['auth-header'][key] for key in ['realm', 'nonce']]:
             if self._reusenonce:
                 if len(self._challenges) > 0:
                     return # nothx new !
                 else:
                     self._staticnonce = metadata['auth-header']['nonce']
                     self._staticcallid = metadata['headers']['Call-ID']
             self._challenges.append((metadata['auth-header']['nonce'],metadata['headers']['Call-ID']))
     elif metadata['code'] == OKAY:
         self._passwordcracked = True
         match = re.search('tag=([+\.;:a-zA-Z0-9]*)',metadata['headers']['From'])
         assert not match is None, "No 'From' tag: Remote SIP UAC 'ate' our tag!"
         tag = match.group(1)
         creds = decodeTag(tag, '\xDE\xAD\xBE\xEF').split(':')
         assert (not creds is None) and 0 < len(creds) < 3, "couln't not decode to tag: %s" %(tag)
         self.logDebug("'%s' response received" %(metadata['respfirstline']))
         if len(creds) > 1:
             self.logInfo("the password for user/extension '%s' is '%s'" %(creds[0],creds[1])) # XXX report vuln/info
         else:
             self.logInfo("user/extension '%s' is passwordless" %creds[0]) # XXX report vuln/info ?
     elif metadata['code'] == NOTFOUND:
         self.logWarning("received fatal response '%s' for user/extension '%s'" %(metadata['respfirstline'],self._username))
         self._notfound = True
     elif metadata['code'] == INVALIDPASS:
         pass
     elif metadata['code'] == TRYING:
         pass
     else:
         self.logWarning("Got unknown response '%s'" %(metadata['respfirstline']))
         self._failed = True
Example #3
0
 def pktCallback(self, srcaddr, pkt):
     """
     Food is served
     """
     self._targetisalive = True
     metadata = parsePkt(pkt)
     if metadata['headers']['To'] is None:
         # self.logInfo("received failure response: %s" %(metadata['respfirstline']))
         return
     if self._BADUSERCODE is None:
         """
         Perform a test 1st .. to find out what error code is returned for unknown users
         Quit if weird codes are returned (the SIP UAS must be sick or somethx \L/)
         """
         if metadata['code'] == TRYING \
                 or metadata['code'] == RINGING \
                 or metadata['code'] == UNAVAILABLE:
             pass
         elif metadata['code'] == OKAY \
                 or metadata['code'] == NOTALLOWED \
                 or metadata['code'] == UNSUPPORTED \
                 or metadata['code'] == NOTIMPLEMENTED \
                 or metadata['code'] == INEXISTENTTRANSACTION \
                 or metadata['code'] == NOTACCEPTABLE \
                 or metadata['code'] == BADREQUEST \
                 or metadata['code'] == PROXYAUTHREQ \
                 or metadata['code'] == INVALIDPASS \
                 or metadata['code'] == AUTHREQ \
                 or metadata['code'] == TEMPORARILYUNAVAILABLE:
             self.logWarning("SIP server (fatally) replied test packet with '%s'" %(metadata['respfirstline']))
             self.set_currentmethod()
         else:
             self.logDebug("ok. server replied test packet with '%s'"%(metadata['respfirstline']))
             self._BADUSERCODE = metadata['code']
             self.logDebug("setting BADUSERCODE = %s" % self._BADUSERCODE)
         return
     match = re.search("^(?P<username>.+?) *?<", metadata['headers']['To'])
     username = match.group('username').replace('"', '').replace("'", "")
     if metadata['code'] != self._BADUSERCODE:
         if username in self._doneusernames:
             return
         if (200 <= metadata['code'] < 300) and self._ackenabled: # ACKnowledge all 2XX (success!) responses
             if metadata['headers']['CSeq'] is None:
                 # self.logDebug("received failure response: %s" %(metadata['firstline']))
                 return
             match = re.search("^(?P<cseqnum>[0-9]+?) .+?", metadata['headers']['CSeq'])
             assert match is not None # XXX dirty
             cseqnum = match.group('cseqnum')
             ackpkt = makeRequest('ACK',
                                  srcaddr[0],
                                  srcaddr[1],
                                  self._xternalip,
                                  self._localport,
                                  extension=username,
                                  callid=metadata['headers']['Call-ID'],
                                  cseqnum=cseqnum)
             self.logInfo("received (success) response '%s' for username '%s'" %(metadata['respfirstline'], username))
             self.logDebug("sending ACK ..")
             self.sendto(ackpkt, srcaddr)
         if metadata['code'] == OKAY \
                 or metadata['code'] == AUTHREQ \
                 or metadata['code'] == PROXYAUTHREQ \
                 or metadata['code'] == INVALIDPASS \
                 or metadata['code'] == TEMPORARILYUNAVAILABLE:
             self._doneusernames.append(username)
             authentication = 'reqauth'
             if metadata['code'] == OKAY:
                 authentication = 'noauth'
             self.logInfo("cracked username: %s (response to '%s' request was '%s')" %(username,self._currentmethod,metadata['respfirstline']))
             if self._pcallback:
                 self._pcallback.announceNewTarget(targets.TARGET_SIP_USER(ip=srcaddr[0], 
                                                                           port=srcaddr[1],
                                                                           ua=metadata['headers']['User-Agent'],
                                                                           user=username,
                                                                           auth=authentication))
         else:
             self.logInfo("received '%s' for username '%s'" %(metadata['respfirstline'], username))
     else:
         self.logInfo("received failure response '%s' for username '%s'" %(metadata['respfirstline'], username))
         pass