socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0IGD MPT Interface daemon 1.0\0'), srcpeername) elif data.startswith('AA\0\0AAAA$GetVersion\0'): print("Netis backdoor $GetVersion command received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\0\0{}'.format(VERSION_TEXT)), srcpeername) elif data.startswith('AA\0\0AAAA$Help\0'): print("Netis backdoor $Help command received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0{}'.format(HELP_TEXT)), srcpeername) elif data.startswith('AA\0\0AAAA'): print("\nNetis backdoor execute command received:") command = tee_received_text(data[8:].strip()) print("") outstream = StringIO.StringIO() outstream.send = outstream.write # HACK process_commandline(outstream, command) output = tee_sent_text(outstream.getvalue()) print("\nAssembled reply packets:") marker = 'B' while len(output) > 0: curr_block = output[:1991] output = output[1991:] socket.sendto(tee_sent_bin('AA\0\4A{}AA{}'.format(marker, curr_block)), srcpeername) marker = chr(1 + ord(marker)) socket.sendto(tee_sent_bin('AA\0\5A{}AA\0\0\0\0'.format(marker)), srcpeername) else: print("Unknown Netis backdoor command") if __name__ == "__main__": testrun.run_udp(53413, 53413, handle_udp_netis_backdoor)
#!/usr/bin/env python2 # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import testrun from termcolor import colored from utils import tee_received_bin def handle_udp_hexdump(socket, data, srcpeername, dstport): tee_received_bin(data) if __name__ == "__main__": testrun.run_udp(8888, 8888, handle_udp_hexdump)
print("Pretending {} is a good user".format(headers['To'])) resp = 'SIP/2.0 200 OK\n' # http://kb.smartvox.co.uk/asterisk/friendlyscanner-gets-aggressive/ rheaders = { 'From': headers['From'], 'To': headers['To'], 'Call-ID': headers['Call-ID'], 'CSeq': headers['CSeq'] } rheaders['Via'] = '{};received={}'.format(headers['Via'].replace(';rport', ''), srcpeername[0]) rheaders['User-Agent'] = USER_AGENT elif method == 'INVITE': print("The intruder is trying to make a call") # Pretend we don't understand to stop further interactions resp = 'SIP/2.0 501 Not Implemented\n' rheaders = {} to_hdr = headers.get('To', '') from_hdr = headers.get('From', '') ua_hdr = headers.get('User-Agent', '') log_append('udp_sip_invites', srcpeername[0], to_hdr, from_hdr, ua_hdr) elif (method == 'ACK' or method == 'BYE'): resp = 'SIP/2.0 200 OK\n' rheaders = dict(headers) rheaders['User-Agent'] = USER_AGENT else: resp = 'SIP/2.0 501 Not Implemented\n' rheaders = {} # Assemble response for k in rheaders: resp += '{}: {}\n'.format(k, rheaders[k]) socket.sendto(tee_sent_text('{}\n'.format(resp)), srcpeername) if __name__ == "__main__": testrun.run_udp(5060, 5060, handle_udp_sip)