if 'root' in username:
ps1a = 'root@localhost:~# '
ps1b = 'sh-4.3# '
else:
ps1a = '{}@localhost:~$ '.format(username)
ps1b = 'sh-4.3$ '
socket.send("Password: "******"\n\nSuccessfully logged in. Log in successful.\n")
socket.send("Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n")
socket.send("Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a))
process_commandline(socket, readline(socket, True, 10).strip())
interactive_shell(socket, ps1b, 10)
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- TELNET TRANSPORT CLOSED --")
socket.close()
except:
pass
if __name__ == "__main__":
testrun.run_tcp(2323, 23, handle_tcp_telnet)
return True
def handle_tcp_ssh(socket, dstport):
try:
t = paramiko.Transport(socket)
t.local_version = 'SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2'
t.load_server_moduli() # It can be safely commented out if it does not work on your system
t.add_server_key(host_key_rsa)
t.add_server_key(host_key_dss)
server = Server(socket.getpeername())
t.start_server(server=server)
t.join()
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- SSH TRANSPORT CLOSED --")
t.close()
except:
pass
socket.close()
if __name__ == "__main__":
testrun.run_tcp(2200, 22, handle_tcp_ssh)
yield buff
def handle_tcp_hexdump(socket, dstport):
FILTER = ''.join([(len(repr(chr(x))) == 3) and chr(x) or '.' for x in range(256)])
length = 16
c = 0
for chars in recv_and_split_blocks(socket, length):
hexstr = ' '.join(["%02x" % ord(x) for x in chars])
printable = ''.join(["%s" % ((ord(x) <= 127 and FILTER[ord(x)]) or '.') for x in chars])
print colored("%04x %-*s %-*s" % (c, length*3, hexstr, length, printable), 'red', 'on_yellow')
c += len(chars)
print colored("%04x" % c, 'red', 'on_yellow')
try:
print("-- TCP TRANSPORT CLOSED --")
socket.close()
except:
pass
def handle_tcp_hexdump_ssl(socket, dstport):
socket = switchtossl(socket)
if socket:
handle_tcp_hexdump(socket, dstport)
else:
print("SSL handshake failed")
if __name__ == "__main__":
#testrun.run_tcp(8888, 8888, handle_tcp_hexdump)
testrun.run_tcp(8889, 8889, handle_tcp_hexdump_ssl)
elif header.upper().startswith('USER-AGENT: '):
user_agent = header[len('USER-AGENT: '):]
session_token = uuid.uuid4().hex
log_append('tcp_http_requests', socket.getpeername()[0], dstport, verb, url, user_agent, session_token)
socket.send("HTTP/1.0 200 OK\nServer: microhttpd (MontaVista/2.4, i386-uClibc)\nSet-Cookie: sessionToken={}; Expires={}\nContent-Type: text/html\nContent-Length: 38\nConnection: {}\n\nmicrohttpd on Linux 2.4, it works!\n\n".format(session_token, __getexpdate(5 * 365 * 24 * 60 * 60), "keep-alive" if keep_alive else "close"))
except ssl.SSLError as err:
print("SSL error: {}".format(err.reason))
pass
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- HTTP TRANSPORT CLOSED --")
socket.close()
except:
pass
def handle_tcp_https(socket, dstport):
plaintext_socket = switchtossl(socket)
if plaintext_socket:
handle_tcp_http(plaintext_socket, dstport)
else:
socket.close()
if __name__ == "__main__":
#testrun.run_tcp(8080, 80, handle_tcp_http)
testrun.run_tcp(8443, 443, handle_tcp_https)
else:
ps1a = '{}@localhost:~$ '.format(username)
ps1b = 'sh-4.3$ '
socket.send("Password: "******"\n\nSuccessfully logged in. Log in successful.\n")
socket.send(
"Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n")
socket.send(
"Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a))
process_commandline(socket, readline(socket, True, 10).strip())
interactive_shell(socket, ps1b, 10)
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- TELNET TRANSPORT CLOSED --")
socket.close()
except:
pass
if __name__ == "__main__":
testrun.run_tcp(2323, 23, handle_tcp_telnet)
msg_contents = receive_data(socket)
msg_id = uuid.uuid4().hex
store_email(plaintext_socket.getpeername()[0], msg_id,
msg_contents, msg_from, msg_to)
socket.send(
"250 Message received: {}@localhost\n".format(msg_id))
elif cmdupper.startswith('MAIL FROM:') or cmdupper.startswith(
'SEND FROM:') or cmdupper.startswith(
'SOML FROM:') or cmdupper.startswith('SAML FROM:'):
msg_from = cmd[len('MAIL FROM:'):].strip()
socket.send("250 Sender: {} Ok\n".format(msg_from))
elif cmdupper.startswith('RCPT TO:'):
recipient = cmd[len('RCPT TO:'):].strip()
msg_to.append(recipient)
socket.send("250 Recipient: {} Ok\n".format(recipient))
else:
socket.send("502 Command not implemented\n")
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- SMTP TRANSPORT CLOSED --")
socket.close()
except:
pass
if __name__ == "__main__":
testrun.run_tcp(2525, 25, handle_tcp_smtp)
socket.send(
"HTTP/1.0 200 Connection established\nProxy-agent: Netscape-Proxy/1.1\n\n"
)
else:
socket.send(
"HTTP/1.0 407 Proxy authentication required\nProxy-agent: Netscape-Proxy/1.1\n\n"
)
port_num = None
except Exception as err:
#print(traceback.format_exc())
port_num = None
if port_num:
print("Forwarding intruder to fake port {}/tcp".format(port_num))
tcp_handler(origsocket, port_num)
else:
socket.close()
print("-- HTTP TRANSPORT CLOSED --")
return handle_tcp_httpproxy
if __name__ == "__main__":
def dummy_tcp_handler(socket, dstport):
TextChannel(socket).send("Request for port {}/tcp\n".format(dstport))
socket.close()
testrun.run_tcp(8118, 8118, make_tcp_httpproxy_handler(dummy_tcp_handler))
c = 0
for chars in recv_and_split_blocks(socket, length):
hexstr = ' '.join(["%02x" % ord(x) for x in chars])
printable = ''.join([
"%s" % ((ord(x) <= 127 and FILTER[ord(x)]) or '.') for x in chars
])
print colored(
"%04x %-*s %-*s" % (c, length * 3, hexstr, length, printable),
'red', 'on_yellow')
c += len(chars)
print colored("%04x" % c, 'red', 'on_yellow')
try:
print("-- TCP TRANSPORT CLOSED --")
socket.close()
except:
pass
def handle_tcp_hexdump_ssl(socket, dstport):
socket = switchtossl(socket)
if socket:
handle_tcp_hexdump(socket, dstport)
else:
print("SSL handshake failed")
if __name__ == "__main__":
#testrun.run_tcp(8888, 8888, handle_tcp_hexdump)
testrun.run_tcp(8889, 8889, handle_tcp_hexdump_ssl)
msg_from = ''
msg_to = []
socket.send("250 Reset Ok\n")
elif cmdupper.startswith('DATA'):
socket.send("354 Ok Send data ending with <CRLF>.<CRLF>\n")
msg_contents = receive_data(socket)
msg_id = uuid.uuid4().hex
store_email(plaintext_socket.getpeername()[0], msg_id, msg_contents, msg_from, msg_to)
socket.send("250 Message received: {}@localhost\n".format(msg_id))
elif cmdupper.startswith('MAIL FROM:') or cmdupper.startswith('SEND FROM:') or cmdupper.startswith('SOML FROM:') or cmdupper.startswith('SAML FROM:'):
msg_from = cmd[len('MAIL FROM:'):].strip()
socket.send("250 Sender: {} Ok\n".format(msg_from))
elif cmdupper.startswith('RCPT TO:'):
recipient = cmd[len('RCPT TO:'):].strip()
msg_to.append(recipient)
socket.send("250 Recipient: {} Ok\n".format(recipient))
else:
socket.send("502 Command not implemented\n")
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- SMTP TRANSPORT CLOSED --")
socket.close()
except:
pass
if __name__ == "__main__":
testrun.run_tcp(2525, 25, handle_tcp_smtp)
# Skip headers
while readline(socket).strip() != '':
pass
log_append('tcp_httpproxy_connections', target, *origsocket.getpeername())
if port_num not in HTTP_CONNECT_FORBIDDEN_PORTS:
socket.send("HTTP/1.0 200 Connection established\nProxy-agent: Netscape-Proxy/1.1\n\n")
else:
socket.send("HTTP/1.0 407 Proxy authentication required\nProxy-agent: Netscape-Proxy/1.1\n\n")
port_num = None
except Exception as err:
#print(traceback.format_exc())
port_num = None
if port_num:
print("Forwarding intruder to fake port {}/tcp".format(port_num))
tcp_handler(origsocket, port_num)
else:
socket.close()
print("-- HTTP TRANSPORT CLOSED --")
return handle_tcp_httpproxy
if __name__ == "__main__":
def dummy_tcp_handler(socket, dstport):
TextChannel(socket).send("Request for port {}/tcp\n".format(dstport))
socket.close()
testrun.run_tcp(8118, 8118, make_tcp_httpproxy_handler(dummy_tcp_handler))
socket.send(
"HTTP/1.0 200 OK\nServer: microhttpd (MontaVista/2.4, i386-uClibc)\nSet-Cookie: sessionToken={}; Expires={}\nContent-Type: text/html\nContent-Length: 38\nConnection: {}\n\nmicrohttpd on Linux 2.4, it works!\n\n"
.format(session_token, __getexpdate(5 * 365 * 24 * 60 * 60),
"keep-alive" if keep_alive else "close"))
except ssl.SSLError as err:
print("SSL error: {}".format(err.reason))
pass
except Exception as err:
#print(traceback.format_exc())
pass
try:
print("-- HTTP TRANSPORT CLOSED --")
socket.close()
except:
pass
def handle_tcp_https(socket, dstport):
plaintext_socket = switchtossl(socket)
if plaintext_socket:
handle_tcp_http(plaintext_socket, dstport)
else:
socket.close()
if __name__ == "__main__":
#testrun.run_tcp(8080, 80, handle_tcp_http)
testrun.run_tcp(8443, 443, handle_tcp_https)
