class ShellHandler(MessageHandlerMixin):
def __init__(self, identity_key, authorized_hosts, secure = True):
self.message_wrapper = MessageWrapper(identity_key, authorized_hosts)
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.rfile = io.BytesIO() # Here, hold this for a moment
self.secure = secure
def _do_handshake(self):
print(f"[+] Authenticating . . .")
challenge = base64.b64decode(self.rfile.readline().strip())
print(f"[+] Got challenge: {challenge}")
self._write_line(self.message_wrapper.get_challenge_response(challenge))
server_response = base64.b64decode(self.rfile.readline().strip())
print(f"[+] Got response: {server_response}")
self.message_wrapper.finalize_handshake(server_response)
print("[+] Authentication successful!")
def connect(self, remote_addr, remote_port):
self.socket.connect((remote_addr, remote_port))
self.rfile = self.socket.makefile()
if self.secure:
self._do_handshake()
else:
print("[+] Insecure flag is set, skipping authentication")
def run(self):
command = ""
while command != "exit":
command = input("> ").lower().strip()
if command:
for packed_message in Message.packed_from_string(self.message_wrapper, command, secure=self.secure):
self._write_line(packed_message)
if command != "exit":
response = self._get_message(self.message_wrapper, secure=self.secure)
try:
# Try to pretty print JSON responses
response = json.loads(response)
response = json.dumps(response, indent=4)
except (ValueError, json.JSONDecodeError):
pass
print(response)
def handle(self):
print("[+] Client connected!")
message_wrapper = MessageWrapper(configuration.identity_file_path, configuration.authorized_keys_folder)
original_timeout = self.server.socket.timeout
self.server.socket.settimeout(configuration.socket_timeout)
self.socket = self.server.socket
try:
if configuration.secure:
print("[+] Sending handshake challenge . . .")
self._write_line(message_wrapper.get_challenge())
challenge_response = base64.b64decode(self.rfile.readline().strip())
# This will throw a permission error if client authorization fails. Not ideal, but I can't reset the handshake yet, so this is the behavior I want for now
print("[+] Validating client response . . .")
server_response = message_wrapper.finalize_handshake(challenge_response)
print(f"[+] Successful authentication from client at {self.client_address[0]}")
self._write_line(server_response)
else:
print("[+] Security is disabled, skipping authentication handshake")
finally:
self.server.socket.settimeout(original_timeout)
self.command_loop(message_wrapper)
print("[+] Session terminated.")
CommandHandlerFactory.get_instance(configuration).unload_all()