Example #1
0
def accounts_import_file(filename=None, service=['info', '0'], f_type=None, f_source=None):
    """
    Processes an Imported password file to the accounts table
    """

    print("Processing password file: %s" % (filename))
    from skaldship.passwords import process_password_file, insert_or_update_acct
    account_data = process_password_file(pw_file=filename, file_type=f_type, source=f_source)
    resp_text = insert_or_update_acct(service, account_data)
    print(resp_text)
    return True
Example #2
0
def accounts_import_file(filename=None,
                         service=['info', '0'],
                         f_type=None,
                         f_source=None):
    """
    Processes an Imported password file to the accounts table
    """

    print("Processing password file: %s" % (filename))
    from skaldship.passwords import process_password_file, insert_or_update_acct

    account_data = process_password_file(pw_file=filename,
                                         file_type=f_type,
                                         source=f_source)
    resp_text = insert_or_update_acct(service, account_data)
    print(resp_text)
    return True
Example #3
0
def process_pwdump_loot(loot_list=[], msf=None):
    """
    Takes an array of loot records in loot_list, downloads the pwdump file and
    adds the users.
    """
    from skaldship.passwords import process_password_file, insert_or_update_acct

    db = current.globalenv['db']
    cache = current.globalenv['cache']

    logging.debug('loot_list = %s' % (loot_list))
    data = []
    for loot_id in loot_list:
        loot = msf.loot_download(loot_id)
        if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
            logging.error("Loot is not a pwdump, it is a %s" % loot['ltype'])
            continue
        else:
            # process the pwdump file
            pw_data = loot['data'].split('\n')
            accounts = process_password_file(
                pw_data=pw_data,
                file_type='PWDUMP',
                source='Metasploit',
            )

            # find the info/0 service id for the host
            host_id = get_host_record(loot['host'])
            query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host_id)
            svc_id = db(query).select().first()
            if svc_id is None:
                # info/0 not found.. add it!
                svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host_id)
                db.commit()

            # insert or update the account records
            resp_text = insert_or_update_acct(svc_id.id, accounts)
            logging.info("Added pwdump records for host: %s" % (loot['host']))
            data.append({ loot['host']: resp_text })

    return data
Example #4
0
def process_pwdump_loot(loot_list=[], msf=None):
    """
    Takes an array of loot records in loot_list, downloads the pwdump file and
    adds the users.
    """
    from skaldship.passwords import process_password_file, insert_or_update_acct

    db = current.globalenv['db']
    cache = current.globalenv['cache']

    logging.debug('loot_list = %s' % (loot_list))
    data = []
    for loot_id in loot_list:
        loot = msf.loot_download(loot_id)
        if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
            logging.error("Loot is not a pwdump, it is a %s" % loot['ltype'])
            continue
        else:
            # process the pwdump file
            pw_data = loot['data'].split('\n')
            accounts = process_password_file(
                pw_data=pw_data,
                file_type='PWDUMP',
                source='Metasploit',
            )

            # find the info/0 service id for the host
            host_id = get_host_record(loot['host'])
            query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host_id)
            svc_id = db(query).select().first()
            if svc_id is None:
                # info/0 not found.. add it!
                svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host_id)
                db.commit()

            # insert or update the account records
            resp_text = insert_or_update_acct(svc_id.id, accounts)
            logging.info("Added pwdump records for host: %s" % (loot['host']))
            data.append({ loot['host']: resp_text })

    return data
Example #5
0
            pw_data=pw_data,
            file_type=file_type,
            source='Metasploit',
        )

        # find the info/0 service id for the host
        host_id = get_host_record(loot['host'])
        query = (db.t_services.f_number == number) & (db.t_services.f_proto == proto) & (db.t_services.f_hosts_id == host_id)
        svc_id = db(query).select().first()
        if svc_id is None:
            # info/0 not found.. add it!
            svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host_id)
            db.commit()

        # insert or update the account records
        resp_text = insert_or_update_acct(svc_id.id, accounts)
        logging.info("Added loot accounts for host: %s" % ())
        data.append({ loot['host']: resp_text })

##-------------------------------------------------------------------------

def process_report_xml(
    filename=None,
    ip_ignore_list=None,
    ip_include_list=None,
    engineer=1,
    asset_group="Metasploit Import",
    update_hosts=True,
    ):
    """
    Processes a Metasploit XML Export for the following data and adds to the db:
Example #6
0
def import_file():
    """
    Import and parse password file into t_accounts
    """
    import os
    from skaldship.general import check_datadir
    check_datadir(request.folder)

    # Service_id is primary, host_id is secondary, if none then list
    # all the services
    svc_set = []
    url = URL('accounts', 'import_file')
    if request.vars.has_key('service_id'):
        try:
            record = db.t_services[request.vars.service_id]
            svc_set.append((record.id, "%s :: %s/%s" %
                            (host_title_maker(db.t_hosts[record.f_hosts_id]),
                             record.f_proto, record.f_number)))
            url = URL('accounts',
                      'import_file',
                      vars={'service_id': request.vars.service_id})
        except:
            pass
    elif request.vars.has_key('host_id'):
        try:
            host_record = get_host_record(request.vars.host_id)
            svc_records = db(
                db.t_services.f_hosts_id == host_record.id).select(
                    cache=(cache.ram, 30))
            url = URL('accounts',
                      'import_file',
                      vars={'host_id': request.vars.host_id})
            for record in svc_records:
                svc_set.append(
                    (record.id, "%s :: %s/%s" %
                     (host_title_maker(db.t_hosts[record.f_hosts_id]),
                      record.f_proto, record.f_number)))
        except:
            pass

    if len(svc_set) == 0:
        # all services
        svc_records = db(db.t_services).select(cache=(cache.ram, 30))
        svc_set = []
        for record in svc_records:
            svc_set.append((record.id, "%s :: %s/%s" %
                            (host_title_maker(db.t_hosts[record.f_hosts_id]),
                             record.f_proto, record.f_number)))

    if request.extension == "load":
        buttons = []
    else:
        buttons = ['submit']

    form = SQLFORM.factory(
        Field('f_service',
              'string',
              label=T('Host / Service'),
              requires=IS_IN_SET(svc_set),
              default=svc_set[0][0]),
        Field('f_filename',
              'upload',
              uploadfolder=os.path.join(request.folder,
                                        settings.password_upload_dir),
              label=T('Password file')),
        Field('f_type',
              'string',
              label=T('File type'),
              default='PWDUMP',
              requires=IS_IN_SET(settings.password_file_types)),
        Field('f_source', 'string', label=T('Source (if necessary)')),
        Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')),
        Field('f_taskit',
              type='boolean',
              default=True,
              label=T('Run in background task')),
        buttons=buttons,
        _action=url,
        _id='accounts_import_form')

    resp_text = ""
    accounts_added = []
    accounts_updated = []
    if form.errors:
        response.flash = 'Error in form'
        return TABLE(*[TR(k, v) for k, v in form.errors.items()])
    elif form.accepts(request.vars, session):
        if form.vars.f_filename is not None:
            orig_filename = request.vars.f_filename.filename
        filename = os.path.join(request.folder, settings.password_upload_dir,
                                form.vars.f_filename)
        if form.vars.f_taskit:
            task = scheduler.queue_task(
                accounts_import_file,
                pvars=dict(filename=filename,
                           service=form.vars.f_service,
                           f_type=form.vars.f_type,
                           f_source=form.vars.f_source),
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=300  # 5 minutes
            )
            if task.id:
                resp_text = "Submitted file for processing: %s" % (A(
                    "task " + str(task.id),
                    _href=URL(c='tasks', f='status', args=task.id)).xml())
            else:
                resp_text = "Error submitting job: %s" % (task.errors)
        else:
            logger.info("Processing password file: %s" % (filename))
            account_data = process_password_file(pw_file=filename,
                                                 file_type=request.vars.f_type,
                                                 source=request.vars.f_source)
            resp_text = insert_or_update_acct(form.vars.f_service,
                                              account_data)
            logger.info(resp_text)

        if form.vars.f_add_to_evidence is True:
            # add the password file to evidence
            try:
                pwdata = open(filename, "r").readlines()
            except Exception, e:
                logger.error("Error opening %s: %s" % (filename, e))

            db.t_evidence.insert(
                f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id,
                f_type='Password File',
                f_text=form.vars.f_type,
                f_filename=orig_filename,
                f_evidence=form.vars.f_filename,
                f_data=pwdata)
            db.commit()
Example #7
0
def paste():
    """
    Import and parse password pasted to a textbox into t_accounts
    """
    from skaldship.general import check_datadir
    check_datadir(request.folder)

    # Service_id is primary, host_id is secondary, if none then list
    # all the services
    svc_set = []
    url = URL('accounts', 'paste')
    if request.vars.has_key('service_id'):
        try:
            record = db.t_services[request.vars.service_id]
            svc_set.append((record.id, "%s :: %s/%s" %
                            (host_title_maker(db.t_hosts[record.f_hosts_id]),
                             record.f_proto, record.f_number)))
            url = URL('accounts',
                      'paste',
                      vars={'service_id': request.vars.service_id})
        except:
            pass
    elif request.vars.has_key('host_id'):
        try:
            host_record = get_host_record(request.vars.host_id)
            svc_records = db(
                db.t_services.f_hosts_id == host_record.id).select(
                    cache=(cache.ram, 30))
            url = URL('accounts',
                      'paste',
                      vars={'host_id': request.vars.host_id})
            for record in svc_records:
                svc_set.append(
                    (record.id, "%s :: %s/%s" %
                     (host_title_maker(db.t_hosts[record.f_hosts_id]),
                      record.f_proto, record.f_number)))
        except:
            pass

    if len(svc_set) == 0:
        # all services
        svc_records = db(db.t_services).select(cache=(cache.ram, 30))
        svc_set = []
        for record in svc_records:
            svc_set.append((record.id, "%s :: %s/%s" %
                            (host_title_maker(db.t_hosts[record.f_hosts_id]),
                             record.f_proto, record.f_number)))

    if request.extension == "load":
        buttons = []
    else:
        buttons = ['submit']

    form = SQLFORM.factory(
        Field('f_service',
              'string',
              label=T('Host / Service'),
              requires=IS_IN_SET(svc_set),
              default=svc_set[0][0]),
        Field('f_pwtext', 'text', label=T('Password text')),
        Field('f_type',
              'string',
              label=T('File type'),
              default='PWDUMP',
              requires=IS_IN_SET(settings.password_file_types)),
        Field('f_source', 'string', label=T('Source (if necessary)')),
        Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')),
        buttons=buttons,
        _action=url,
        _id='accounts_paste_form'
        #_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
    )

    resp_text = ""
    accounts_added = []
    accounts_updated = []
    if form.errors:
        response.flash = 'Error in form'
        return TABLE(*[TR(k, v) for k, v in form.errors.items()])
    elif form.accepts(request.vars, session):
        from utils import web2py_uuid
        host_id = db.t_services[form.vars.f_service].f_hosts_id
        pwd_file_dir = os.path.join(request.folder, 'data', 'passwords',
                                    'other')
        if not os.path.exists(pwd_file_dir):
            from gluon.fileutils import mktree
            mktree(pwd_file_dir)
        filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
        full_file_path = os.path.join(request.folder, 'data/passwords/other',
                                      filename)
        of = open(full_file_path, "w")
        of.write(form.vars.f_pwtext)
        of.close()

        logger.debug("Processing password file: %s" % (full_file_path))
        account_data = process_password_file(pw_file=full_file_path,
                                             file_type=request.vars.f_type,
                                             source=request.vars.f_source)
        response.headers[
            'web2py-component-command'] = 'accounttable.fnReloadAjax();'
        resp_text = insert_or_update_acct(form.vars.f_service, account_data)

        if form.vars.f_add_to_evidence is True:
            # add the password file to evidence
            try:
                pwdata = open(full_file_path, "r").readlines()
            except Exception, e:
                logger.error("Error opening %s: %s" % (full_file_path, e))
                resp_text += "Error opening %s: %s\n" % (full_file_path, e)

            db.t_evidence.insert(f_hosts_id=host_id,
                                 f_type='Password File',
                                 f_text=form.vars.f_type,
                                 f_filename=filename,
                                 f_evidence=filename,
                                 f_data=pwdata)
            resp_text += "\n%s added to evidence\n" % (filename)
            db.commit()
Example #8
0
            pw_data=pw_data,
            file_type=file_type,
            source='Metasploit',
        )

        # find the info/0 service id for the host
        host_id = get_host_record(loot['host'])
        query = (db.t_services.f_number == number) & (db.t_services.f_proto == proto) & (db.t_services.f_hosts_id == host_id)
        svc_id = db(query).select().first()
        if svc_id is None:
            # info/0 not found.. add it!
            svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host_id)
            db.commit()

        # insert or update the account records
        resp_text = insert_or_update_acct(svc_id.id, accounts)
        logging.info("Added loot accounts for host: %s" % ())
        data.append({ loot['host']: resp_text })

##-------------------------------------------------------------------------

def process_report_xml(
    filename=None,
    ip_ignore_list=None,
    ip_include_list=None,
    engineer=1,
    asset_group="Metasploit Import",
    update_hosts=True,
    ):
    """
    Processes a Metasploit XML Export for the following data and adds to the db:
Example #9
0
def import_file():
    """
    Import and parse password file into t_accounts
    """
    import os
    from skaldship.general import check_datadir

    check_datadir(request.folder)

    # Service_id is primary, host_id is secondary, if none then list
    # all the services
    svc_set = []
    url = URL("accounts", "import_file")
    if request.vars.has_key("service_id"):
        try:
            record = db.t_services[request.vars.service_id]
            svc_set.append(
                (
                    record.id,
                    "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                )
            )
            url = URL("accounts", "import_file", vars={"service_id": request.vars.service_id})
        except:
            pass
    elif request.vars.has_key("host_id"):
        try:
            host_record = get_host_record(request.vars.host_id)
            svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
            url = URL("accounts", "import_file", vars={"host_id": request.vars.host_id})
            for record in svc_records:
                svc_set.append(
                    (
                        record.id,
                        "%s :: %s/%s"
                        % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                    )
                )
        except:
            pass

    if len(svc_set) == 0:
        # all services
        svc_records = db(db.t_services).select(cache=(cache.ram, 30))
        svc_set = []
        for record in svc_records:
            svc_set.append(
                (
                    record.id,
                    "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                )
            )

    if request.extension == "load":
        buttons = []
    else:
        buttons = ["submit"]

    form = SQLFORM.factory(
        Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
        Field(
            "f_filename",
            "upload",
            uploadfolder=os.path.join(request.folder, settings.password_upload_dir),
            label=T("Password file"),
        ),
        Field(
            "f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types)
        ),
        Field("f_source", "string", label=T("Source (if necessary)")),
        Field("f_add_to_evidence", "boolean", label=T("Add Evidence")),
        Field("f_taskit", type="boolean", default=True, label=T("Run in background task")),
        buttons=buttons,
        _action=url,
        _id="accounts_import_form",
    )

    resp_text = ""
    accounts_added = []
    accounts_updated = []
    if form.errors:
        response.flash = "Error in form"
        return TABLE(*[TR(k, v) for k, v in form.errors.items()])
    elif form.accepts(request.vars, session):
        if form.vars.f_filename is not None:
            orig_filename = request.vars.f_filename.filename
        filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
        if form.vars.f_taskit:
            task = scheduler.queue_task(
                accounts_import_file,
                pvars=dict(
                    filename=filename, service=form.vars.f_service, f_type=form.vars.f_type, f_source=form.vars.f_source
                ),
                group_name=settings.scheduler_group_name,
                sync_output=5,
                timeout=300,  # 5 minutes
            )
            if task.id:
                resp_text = "Submitted file for processing: %s" % (
                    A("task " + str(task.id), _href=URL(c="tasks", f="status", args=task.id)).xml()
                )
            else:
                resp_text = "Error submitting job: %s" % (task.errors)
        else:
            logger.info("Processing password file: %s" % (filename))
            account_data = process_password_file(
                pw_file=filename, file_type=request.vars.f_type, source=request.vars.f_source
            )
            resp_text = insert_or_update_acct(form.vars.f_service, account_data)
            logger.info(resp_text)

        if form.vars.f_add_to_evidence is True:
            # add the password file to evidence
            try:
                pwdata = open(filename, "r").readlines()
            except Exception, e:
                logger.error("Error opening %s: %s" % (filename, e))

            db.t_evidence.insert(
                f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id,
                f_type="Password File",
                f_text=form.vars.f_type,
                f_filename=orig_filename,
                f_evidence=form.vars.f_filename,
                f_data=pwdata,
            )
            db.commit()
Example #10
0
def paste():
    """
    Import and parse password pasted to a textbox into t_accounts
    """
    from skaldship.general import check_datadir

    check_datadir(request.folder)

    # Service_id is primary, host_id is secondary, if none then list
    # all the services
    svc_set = []
    url = URL("accounts", "paste")
    if request.vars.has_key("service_id"):
        try:
            record = db.t_services[request.vars.service_id]
            svc_set.append(
                (
                    record.id,
                    "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                )
            )
            url = URL("accounts", "paste", vars={"service_id": request.vars.service_id})
        except:
            pass
    elif request.vars.has_key("host_id"):
        try:
            host_record = get_host_record(request.vars.host_id)
            svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
            url = URL("accounts", "paste", vars={"host_id": request.vars.host_id})
            for record in svc_records:
                svc_set.append(
                    (
                        record.id,
                        "%s :: %s/%s"
                        % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                    )
                )
        except:
            pass

    if len(svc_set) == 0:
        # all services
        svc_records = db(db.t_services).select(cache=(cache.ram, 30))
        svc_set = []
        for record in svc_records:
            svc_set.append(
                (
                    record.id,
                    "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number),
                )
            )

    if request.extension == "load":
        buttons = []
    else:
        buttons = ["submit"]

    form = SQLFORM.factory(
        Field("f_service", "string", label=T("Host / Service"), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
        Field("f_pwtext", "text", label=T("Password text")),
        Field(
            "f_type", "string", label=T("File type"), default="PWDUMP", requires=IS_IN_SET(settings.password_file_types)
        ),
        Field("f_source", "string", label=T("Source (if necessary)")),
        Field("f_add_to_evidence", "boolean", label=T("Add file to Evidence")),
        buttons=buttons,
        _action=url,
        _id="accounts_paste_form"
        # _action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
    )

    resp_text = ""
    accounts_added = []
    accounts_updated = []
    if form.errors:
        response.flash = "Error in form"
        return TABLE(*[TR(k, v) for k, v in form.errors.items()])
    elif form.accepts(request.vars, session):
        from utils import web2py_uuid

        host_id = db.t_services[form.vars.f_service].f_hosts_id
        pwd_file_dir = os.path.join(request.folder, "data", "passwords", "other")
        if not os.path.exists(pwd_file_dir):
            from gluon.fileutils import mktree

            mktree(pwd_file_dir)
        filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
        full_file_path = os.path.join(request.folder, "data/passwords/other", filename)
        of = open(full_file_path, "w")
        of.write(form.vars.f_pwtext)
        of.close()

        logger.debug("Processing password file: %s" % (full_file_path))
        account_data = process_password_file(
            pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source
        )
        response.headers["web2py-component-command"] = "accounttable.fnReloadAjax();"
        resp_text = insert_or_update_acct(form.vars.f_service, account_data)

        if form.vars.f_add_to_evidence is True:
            # add the password file to evidence
            try:
                pwdata = open(full_file_path, "r").readlines()
            except Exception, e:
                logger.error("Error opening %s: %s" % (full_file_path, e))
                resp_text += "Error opening %s: %s\n" % (full_file_path, e)

            db.t_evidence.insert(
                f_hosts_id=host_id,
                f_type="Password File",
                f_text=form.vars.f_type,
                f_filename=filename,
                f_evidence=filename,
                f_data=pwdata,
            )
            resp_text += "\n%s added to evidence\n" % (filename)
            db.commit()