def route_test(rhost, rport, thost, tport): print "[*] Routing connections to %s:%s" % (thost, tport) # Initiate the connection. We don't want the NI Stream Socket to handle # keep-alive messages, as the response to connect requests are NI_PONG conn = SAPNIStreamSocket.get_nisocket(rhost, rport, keep_alive=False) router_string = [SAPRouterRouteHop(hostname=rhost, port=rport), SAPRouterRouteHop(hostname=thost, port=tport)] router_string_lens = map(len, map(str, router_string)) p = SAPRouter(type=SAPRouter.SAPROUTER_ROUTE, route_entries=len(router_string), route_talk_mode=1, route_rest_nodes=1, route_length=sum(router_string_lens), route_offset=router_string_lens[0], route_string=router_string, ) response = conn.sr(p) if router_is_error(response): status = 'error' elif router_is_pong(response): status = 'open' conn.close() return status
def route(self, server): print "[*] Routing to %s:%d !" % (self.options.target_host, self.options.target_port) # Build the Route request packet router_string = [SAPRouterRouteHop(hostname=self.options.remote_host, port=self.options.remote_port), SAPRouterRouteHop(hostname=self.options.target_host, port=self.options.target_port, password=self.options.target_pass)] router_string_lens = map(len, map(str, router_string)) p = SAPRouter(type=SAPRouter.SAPROUTER_ROUTE, route_entries=len(router_string), route_talk_mode=1, route_rest_nodes=1, route_length=sum(router_string_lens), route_offset=router_string_lens[0], route_string=router_string) if self.options.verbose: p.show2() # Send the request and grab the response response = server.sr(p) if SAPRouter in response: response = response[SAPRouter] if router_is_pong(response): print "[*] Route request accepted !" self.routed = True elif router_is_error(response) and response.return_code == -94: print "[*] Route request not accepted !" print response.err_text_value raise RouteException("Route request not accepted") else: print "[*] Router send error" print response.err_text_value raise Exception("Router error: %s", response.err_text_value) else: print "[*] Wrong response received !" raise Exception("Wrong response received")