def initialize(self, *args):
''' One time initialization, gathers system information '''
success = False
logging.info(
"Preforming weapon system initialization, please wait ... ")
ssh_keyfile = NamedTemporaryFile()
ssh_keyfile.write(self.ssh_key)
ssh_keyfile.seek(0)
try:
logging.info("Connectiong to remote ssh server at %s:%s" %
(self.ip_address, self.ssh_port))
ssh_context = SshContext(self.ip_address,
user=self.ssh_user, keyfile=ssh_keyfile.name)
rpc_connection = rpyc.ssh_connect(ssh_context, self.service_port)
capabilities = rpc_connection.root.exposed_get_capabilities()
self.lm_capable = 'LM' in capabilities
self.ntlm_capable = 'NTLM' in capabilities
self.md5_capable = 'MD5' in capabilities
self.cpu_count = rpc_connection.root.exposed_cpu_count()
self.initialized = True
dbsession.add(self)
dbsession.flush()
success = True
except ValueError:
logging.exception(
"Failed to initialize weapon system, check parameters")
except EOFError:
logging.exception(
"Failed to initialize weapon system, check parameters")
finally:
ssh_keyfile.close()
return success
def __crack__(self, job, weapon_system):
'''
Does the actual password cracking, before calling this function you should
ensure the weapon system is online and not busy
'''
results = None
user = User.by_id(job.user_id)
if user is None:
logging.error(
"Invalid job passed to dispatcher (no user with id %d)." %
(job.user_id, ))
elif job == None:
logging.error("Invalid job passed to dispatcher (job is None).")
else:
job.started = datetime.now()
algorithm = Algorithm.by_id(job.algorithm_id)
try:
ssh_keyfile = NamedTemporaryFile()
ssh_keyfile.write(weapon_system.ssh_key)
ssh_keyfile.seek(0)
ssh_context = SshContext(
weapon_system.ip_address,
user=weapon_system.ssh_user,
keyfile=ssh_keyfile.name,
)
rpc_connection = rpyc.ssh_connect(
ssh_context,
weapon_system.service_port,
)
hashes = job.to_list()
logging.info("Sending %s job to %s for cracking." % (
job.job_name,
weapon_system.weapon_system_name,
))
job.status = u"IN_PROGRESS"
dbsession.add(job)
dbsession.flush()
results = rpc_connection.root.exposed_crack_list(
job.id,
job.to_list(),
algorithm.algorithm_name,
)
except:
logging.exception(
"Connection to remote weapon system failed, check parameters."
)
finally:
ssh_keyfile.close()
if results is not None:
job.save_results(results)
else:
logging.warn("No results returned from weapon system.")
job.status = u"COMPLETED"
job.finished = datetime.now()
dbsession.add(job)
dbsession.flush()
self.__next__()
def __crack__(self, job, weapon_system):
'''
Does the actual password cracking, before calling this function you should
ensure the weapon system is online and not busy
'''
results = None
user = User.by_id(job.user_id)
if user is None:
logging.error("Invalid job passed to dispatcher (no user with id %d)." % (
job.user_id,
))
elif job == None:
logging.error("Invalid job passed to dispatcher (job is None).")
else:
job.started = datetime.now()
algorithm = Algorithm.by_id(job.algorithm_id)
try:
ssh_keyfile = NamedTemporaryFile()
ssh_keyfile.write(weapon_system.ssh_key)
ssh_keyfile.seek(0)
ssh_context = SshContext(
weapon_system.ip_address,
user=weapon_system.ssh_user,
keyfile=ssh_keyfile.name,
)
rpc_connection = rpyc.ssh_connect(
ssh_context,
weapon_system.service_port,
)
hashes = job.to_list()
logging.info("Sending %s job to %s for cracking." % (
job.job_name,
weapon_system.weapon_system_name,
))
job.status = u"IN_PROGRESS"
dbsession.add(job)
dbsession.flush()
results = rpc_connection.root.exposed_crack_list(
job.id,
job.to_list(),
algorithm.algorithm_name,
)
except:
logging.exception("Connection to remote weapon system failed, check parameters.")
finally:
ssh_keyfile.close()
if results is not None:
job.save_results(results)
else:
logging.warn("No results returned from weapon system.")
job.status = u"COMPLETED"
job.finished = datetime.now()
dbsession.add(job)
dbsession.flush()
self.__next__()
def __connect__(self):
'''
Creates an ssh connection and returns the rpc_connection object
The ssh keyfile is destroyed when the object is garbage collected.
'''
try:
self.ssh_keyfile = NamedTemporaryFile()
self.ssh_keyfile.write(self.ssh_key)
self.ssh_keyfile.seek(0)
ssh_context = SshContext(self.ip_address,
user=self.ssh_user,
keyfile=self.ssh_keyfile.name)
return rpyc.ssh_connect(ssh_context, self.service_port)
except:
logging.exception("Connection to remote weapon system failed")
def __connect__(self):
'''
Creates an ssh connection and returns the rpc_connection object
The ssh keyfile is destroyed when the object is garbage collected.
'''
try:
self.ssh_keyfile = NamedTemporaryFile()
self.ssh_keyfile.write(self.ssh_key)
self.ssh_keyfile.seek(0)
ssh_context = SshContext(self.ip_address,
user=self.ssh_user,
keyfile=self.ssh_keyfile.name
)
return rpyc.ssh_connect(ssh_context, self.service_port)
except:
logging.exception("Connection to remote weapon system failed")
def is_busy(self):
''' Checks to see if a remote system is busy returns bool or None '''
try:
ssh_keyfile = NamedTemporaryFile()
ssh_keyfile.write(self.ssh_key)
ssh_keyfile.seek(0)
ssh_context = SshContext(self.ip_address,
user=self.ssh_user, keyfile=ssh_keyfile.name)
rpc_connection = rpyc.ssh_connect(ssh_context, self.service_port)
busy = rpc_connection.root.exposed_is_busy()
except:
logging.exception(
"Connection to remote weapon system failed, check parameters")
finally:
ssh_keyfile.close()
return busy
def is_online(self):
''' Checks if a system is online '''
success = False
try:
ssh_keyfile = NamedTemporaryFile()
ssh_keyfile.write(self.ssh_key)
ssh_keyfile.seek(0)
ssh_context = SshContext(self.ip_address,
user=self.ssh_user, keyfile=ssh_keyfile.name)
rpc_connection = rpyc.ssh_connect(ssh_context, self.service_port)
success = rpc_connection.root.exposed_ping() == "PONG"
except:
logging.exception(
"Connection to remote weapon system failed, check parameters")
finally:
ssh_keyfile.close()
return success
def setUpClass(cls):
if sys.platform == "win32":
cls.server = None
os.environ["HOME"] = os.path.expanduser("~")
else:
# assume "ssh localhost" is configured to run without asking for password
# `.ssh/config`
# Host localhost
# HostName 127.0.0.1
# User <username>
# IdentityFile <id_rsa>
cls.server = ThreadedServer(SlaveService,
hostname="localhost",
ipv6=False,
port=18888,
auto_register=False)
cls.server._start_in_thread()
cls.remote_machine = SshMachine("localhost")
cls.conn = rpyc.classic.ssh_connect(cls.remote_machine, 18888)
cls.conn2 = rpyc.ssh_connect(cls.remote_machine,
18888,
service=MasterService)
def connect(self, done_callback=None):
self.error = "connecting..."
self.local = (self.ip == get_routed_ip())
if not self.local:
# only connect if it's a separate machine
try:
# -oBatchMode=yes to disable password auth and just fail if key auth fails
self._tunnel = plumbum.SshMachine(self.ip,
user=self.user,
ssh_opts=['-oBatchMode=yes'])
except (plumbum.machines.session.SSHCommsChannel2Error,
plumbum.machines.session.SSHCommsError):
self.error = "SSH connection failure"
self._tunnel = None
return
self._rpc = rpyc.ssh_connect(self._tunnel, self.port)
else:
self._rpc = rpyc.connect("localhost", self.port)
self.error = None
if done_callback is not None:
done_callback(self.name)
def test_connect(self):
conn2 = rpyc.ssh_connect(self.remote_machine, 18888, service=MasterService)
conn2.modules.sys.stdout.write("hello through rpyc.ssh_connect()\n")
conn2.modules.sys.stdout.flush()
def test_connect(self):
conn2 = rpyc.ssh_connect(self.remote_machine,
18888,
service=MasterService)
conn2.modules.sys.stdout.write("hello through rpyc.ssh_connect()\n")
conn2.modules.sys.stdout.flush()
def test_connect(self):
conn2 = rpyc.ssh_connect(self.sshctx, self.server.port,
service=SlaveService)
conn2.modules.sys.stdout.write("hello through rpyc.ssh_connect()\n")
conn2.modules.sys.stdout.flush()
import rpyc
import plumbum
import sys
import random
import time
addressMap = [1,3,5,7,9,11,15,17,19,21,23,25]
with plumbum.SshMachine(sys.argv[1], sys.argv[2]) as sshmachine, rpyc.ssh_connect(sshmachine, int(sys.argv[3])) as conn:
lrk = conn.root
lrk.setRetry(0,0)
packets = 0
resent = 0
lost = 0
place = 0
timestamp = 0
row = int(sys.argv[4]) % 256
c = [0,0,0,0,0,0]
cc = [0,0,0,0,0,0]
while True:
cc = list(map(lambda x: random.randint(-1,1), cc))
packets = 0
resent = 0
lost = 0
place = 0
timestamp = time.time()
for _ in range(12):
packets += 1
if (not(lrk.do(row, addressMap[place], abs(c[0])%256,abs(c[1])%256,abs(c[2])%256,abs(c[3])%256,abs(c[4])%256,abs(c[5])%256))):
lost += 1
resendReg = lrk.readReg(8,1)[0]
