コード例 #1
0
ファイル: router_portfw.py プロジェクト: jcmuniz/pysap
    def route(self, server):
        print "[*] Routing to %s:%d !" % (self.options.target_host,
                                          self.options.target_port)

        # Build the Route request packet
        router_string = [SAPRouterRouteHop(hostname=self.options.remote_host,
                                           port=self.options.remote_port),
                         SAPRouterRouteHop(hostname=self.options.target_host,
                                           port=self.options.target_port,
                                           password=self.options.target_pass)]
        router_string_lens = map(len, map(str, router_string))
        p = SAPRouter(type=SAPRouter.SAPROUTER_ROUTE,
                      route_entries=len(router_string),
                      route_talk_mode=1,
                      route_rest_nodes=1,
                      route_length=sum(router_string_lens),
                      route_offset=router_string_lens[0],
                      route_string=router_string)

        if self.options.verbose:
            p.show2()

        # Send the request and grab the response
        response = server.sr(p)

        if SAPRouter in response:
            response = response[SAPRouter]
            if router_is_pong(response):
                print "[*] Route request accepted !"
                self.routed = True
            elif router_is_error(response) and response.return_code == -94:
                print "[*] Route request not accepted !"
                print response.err_text_value
                raise RouteException("Route request not accepted")
            else:
                print "[*] Router send error"
                print response.err_text_value
                raise Exception("Router error: %s", response.err_text_value)
        else:
            print "[*] Wrong response received !"
            raise Exception("Wrong response received")
コード例 #2
0
def try_password(options, password, output=None, k=0):

    p = SAPRouter(type=SAPRouter.SAPROUTER_ADMIN, version=options.router_version)
    p.adm_command = 2
    p.adm_password = password
    p = str(SAPNI() / p)

    fau_timer.init()
    fau_timer.send_request(options.remote_host, options.remote_port, p, len(p))
    fau_timer.calculate_time()
    cpu_peed = fau_timer.get_speed()
    cpu_ticks = fau_timer.get_cpu_ticks()
    time = fau_timer.get_time()

    if options.verbose:
        print("Request time: CPU Speed: %s Hz CPU Ticks: %s Time: %s nanosec" % (cpu_peed, cpu_ticks, time))

    # Write the time to the output file
    if output:
        output.write("%i,%s,%s\n" % (k, password, time))

    return time
コード例 #3
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    response = False

    p = SAPRouter(type=SAPRouter.SAPROUTER_ADMIN)

    if options.stop:
        p.adm_command = 5
        print("[*] Requesting stop of the remote SAP Router")

    elif options.soft:
        p.adm_command = 9
        print("[*] Requesting a soft shutdown of the remote SAP Router")
        response = True

    elif options.info:
        p.adm_command = 2
        if options.info_password:
            if len(options.info_password) > 19:
                print("[*] Password too long, truncated at 19 characters")
            p.adm_password = options.info_password
            print("[*] Requesting info using password %s" % p.adm_password)
        else:
            print("[*] Requesting info")
        response = True

    elif options.new_route:
        p.adm_command = 3
        print("[*] Requesting a refresh of the router table")

    elif options.trace:
        p.adm_command = 4
        print("[*] Requesting a toggle on the trace settings")

    elif options.cancel:
        p.adm_command = 6
        p.adm_client_ids = list(map(int, options.cancel.split(",")))
        print("[*] Requesting a cancel of the route(s) with client id(s) %s" % p.adm_client_ids)
        response = True

    elif options.dump:
        p.adm_command = 7
        print("[*] Requesting a dump of the buffers")

    elif options.flush:
        p.adm_command = 8
        print("[*] Requesting a flush of the buffers")

    elif options.hide:
        p.adm_command = 14
        print("[*] Requesting a hide on the errors to clients")
        response = True

    elif options.set_peer:
        p.adm_command = 10
        p.adm_address_mask = options.set_peer
        print("[*] Request a set peer trace for the address mask %s" % p.adm_address_mask)
        response = True

    elif options.clear_peer:
        p.adm_command = 11
        p.adm_address_mask = options.clear_peer
        print("[*] Request a clear peer trace for the address mask %s" % p.adm_address_mask)
        response = True

    elif options.trace_conn:
        p.adm_command = 12
        p.adm_client_ids = list(map(int, options.trace_conn.split(",")))
        print("[*] Requesting a connection trace with client id(s) %s" % p.adm_client_ids)
        response = True

    else:
        print("[*] No command specified !")
        return

    # Initiate the connection
    conn = SAPNIStreamSocket.get_nisocket(options.remote_host, options.remote_port)
    print("[*] Connected to the SAP Router %s:%d" % (options.remote_host, options.remote_port))

    # Retrieve the router version used by the server if not specified
    if options.router_version:
        p.version = options.router_version
    else:
        p.version = get_router_version(conn) or p.version
    print("[*] Using SAP Router version %d" % p.version)

    # Send the router admin request
    print("[*] Sending Router Admin packet")
    if options.verbose:
        p.show2()
    conn.send(p)

    # Grab the response if required
    if response:

        # Some responses has no SAPRouter's packet format and are raw strings,
        # we need to get the SAP NI layer first and then check if we could go
        # down to the SAPRouter layer.
        raw_response = conn.recv()[SAPNI]
        if SAPRouter in raw_response:
            router_response = raw_response[SAPRouter]

        # If the response was null, just return
        elif raw_response.length == 0:
            return

        # If the response is an error, print and exit
        if router_is_error(router_response):
            print("[*] Error requesting info:")
            if options.verbose:
                router_response.show2()
            else:
                print(router_response.err_text_value.error)

        # Otherwise, print the packets sent by the SAP Router
        else:
            print("[*] Response:\n")

            if options.info:
                # Decode the first packet as a list of info client
                raw_response.decode_payload_as(SAPRouterInfoClients)

                clients = []
                clients.append("\t".join(["ID", "Client", "Partner", "Service", "Connected on"]))
                clients.append("-" * 60)
                for client in raw_response.clients:

                    # If the trace flag is set, add a mark
                    flag = "(*)" if client.flag_traced else "(+)" if client.flag_routed else ""

                    fields = [str(client.id),
                              client.address,
                              "%s%s" % (flag, client.partner) if client.flag_routed else "(no partner)",
                              client.service if client.flag_routed else "",
                              datetime.fromtimestamp(client.connected_on).ctime()]
                    clients.append("\t".join(fields))

                # Decode the second packet as server info
                raw_response = conn.recv()
                raw_response.decode_payload_as(SAPRouterInfoServer)

                print("SAP Network Interface Router running on port %d (PID = %d)\n"
                      "Started on: %s\n"
                      "Parent process: PID = %d, port = %d\n" % (raw_response.port, raw_response.pid,
                                                                 datetime.fromtimestamp(raw_response.started_on).ctime(),
                                                                 raw_response.ppid, raw_response.pport))

                print("\n".join(clients))
                print("(*) Connections being traced")

            # Show the plain packets returned
            try:
                raw_response = conn.recv()
                while raw_response:
                    print(raw_response.payload)
                    raw_response = conn.recv()
            except error:
                pass
コード例 #4
0
ファイル: router_admin.py プロジェクト: jcmuniz/pysap
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    response = False

    p = SAPRouter(type=SAPRouter.SAPROUTER_ADMIN)

    if options.stop:
        p.adm_command = 5
        print "[*] Requesting stop of the remote SAP Router"

    elif options.soft:
        p.adm_command = 9
        print "[*] Requesting a soft shutdown of the remote SAP Router"
        response = True

    elif options.info:
        p.adm_command = 2
        if options.info_password:
            if len(options.info_password) > 19:
                print "[*] Password too long, truncated at 19 characters"
            p.adm_password = options.info_password
            print "[*] Requesting info using password", p.adm_password
        else:
            print "[*] Requesting info"
        response = True

    elif options.new_route:
        p.adm_command = 3
        print "[*] Requesting a refresh of the router table"

    elif options.trace:
        p.adm_command = 4
        print "[*] Requesting a toggle on the trace settings"

    elif options.cancel:
        p.adm_command = 6
        p.adm_client_ids = map(int, options.cancel.split(","))
        print "[*] Requesting a cancel of the route(s) with client id(s) %s" % p.adm_client_ids
        response = True

    elif options.dump:
        p.adm_command = 7
        print "[*] Requesting a dump of the buffers"

    elif options.flush:
        p.adm_command = 8
        print "[*] Requesting a flush of the buffers"

    elif options.hide:
        p.adm_command = 14
        print "[*] Requesting a hide on the errors to clients"
        response = True

    elif options.set_peer:
        p.adm_command = 10
        p.adm_address_mask = options.set_peer
        print "[*] Request a set peer trace for the address mask %s" % p.adm_address_mask
        response = True

    elif options.clear_peer:
        p.adm_command = 11
        p.adm_address_mask = options.clear_peer
        print "[*] Request a clear peer trace for the address mask %s" % p.adm_address_mask
        response = True

    elif options.trace_conn:
        p.adm_command = 12
        p.adm_client_ids = map(int, options.trace_conn.split(","))
        print "[*] Requesting a connection trace with client id(s) %s" % p.adm_client_ids
        response = True

    else:
        print "[*] No command specified !"
        return

    # Initiate the connection
    conn = SAPNIStreamSocket.get_nisocket(options.remote_host, options.remote_port)
    print "[*] Connected to the SAP Router %s:%d" % (options.remote_host, options.remote_port)

    # Retrieve the router version used by the server if not specified
    if options.router_version:
        p.version = options.router_version
    else:
        p.version = get_router_version(conn) or p.version
    print "[*] Using SAP Router version %d" % p.version

    # Send the router admin request
    print "[*] Sending Router Admin packet"
    if options.verbose:
        p.show2()
    conn.send(p)

    # Grab the response if required
    if response:

        # Some responses has no SAPRouter's packet format and are raw strings,
        # we need to get the SAP NI layer first and then check if we could go
        # down to the SAPRouter layer.
        response = conn.recv()[SAPNI]
        if SAPRouter in response and response[SAPRouter].payload:
            response = response[SAPRouter]

        # If the response is an error, print and exit
        if router_is_error(response):
            print "[*] Error requesting info:"
            if options.verbose:
                response.show2()
            else:
                print response.err_text_value

        # Otherwise, print all the packets sent by the SAP Router
        else:
            print "[*] Response:"
            try:
                while (response):
                    print response.payload
                    response = conn.recv()
            except:
                pass