コード例 #1
0
	def testUpdateExploits(self):
		manager = AttackManager(self.conf,None,True,False)
		manager.start()
		
		manager.cmd(AttackManager.UPDATE_EXPLOITS)
		exploit_set = manager.test(AttackManager.TEST_GET_EXPLOITS)

		self.assertTrue("Succesful.py" in exploit_set)
		self.assertTrue("Forever.py" in exploit_set)
		self.assertTrue("Timeout.py" in exploit_set)
コード例 #2
0
	def testLaunchExploit(self):
		manager = AttackManager(self.conf,None,True,False)
		manager.start()
		
		manager.cmd(AttackManager.UPDATE_EXPLOITS)
		manager.cmd(AttackManager.LAUNCH_EXPLOIT,"Succesful.py")
		time.sleep(1)

		manager.cmd(AttackManager.PROCESS_OUTPUT)
		time.sleep(1)
		manager.cmd(AttackManager.GATHER_FLAGS)
		time.sleep(1)
		results = manager.getFlags()
		
		self.assertEquals(len(results),2)

		r1 = results[0]
		r2 = results[1]
		
		self.assertEquals(r1[0],0)
		self.assertEquals(r2[0],1)
		self.assertEquals(r1[2],['foobarbaz'])
		self.assertEquals(r2[2],['foobarbaz'])
コード例 #3
0
ファイル: AttackBot.py プロジェクト: RootFu/ctf-scorebot
class AttackBot(Process):

	def __init__(self,conf,init=False,auto_restart=True):
		Process.__init__(self)
		self.conf = conf
		self.comm = None
		self.init = init
		self.logger = conf.buildLogger("AttackBot")
		self.attack_manager = AttackManager(conf,self.logger,init,auto_restart)
		self.auto_restart = auto_restart

		self.attack_conf = self.conf.getSection("ATTACK_BOT")
		self.round_time = self.attack_conf.roundInterval()
		
	def run(self):
		self.attack_manager.start()		
		
		server_info = self.conf.getGameStateServerInfo()
		self.comm = BotCommClient(
			server_info.host,
			server_info.port,
			server_info.key,
			server_info.iv,
			"ATTACK_BOT")

		self.comm.start()

		if(self.auto_restart == True):
			self.logger.info("Starting (AUTO Logic)")
			self.__mainLoopAuto()
		else:
			self.logger.info("Starting (WAIT Logic)")
			self.__mainLoopWait()

	def __mainLoopWait(self):
		while(True):
			msg = self.comm.receive()
			self.logger.debug("Wait logic processing msg: %s (%s)" % (msg.type,str(msg.data)))

			if(msg.type == "EXECUTE_EXPLOITS"):
				exploits = msg.data
				for exploit in exploits:
					self.attack_manager.cmd(AttackManager.LAUNCH_EXPLOIT,exploit)

			elif(msg.type == "UPDATE_EXPLOITS"):
				self.attack_manager.cmd(AttackManager.UPDATE_EXPLOITS)
				

			elif(msg.type == "PROCESS_OUTPUT"):
				self.attack_manager.cmd(AttackManager.PROCESS_OUTPUT)

			elif(msg.type == "GATHER_FLAGS"):
				self.attack_manager.cmd(AttackManager.GATHER_FLAGS)
				collected = []
				while(True):
					try:
						collected.append(
							self.attack_manager.collected_flags.get(True,1))
					except Queue.Empty:
						break

				self.comm.send(BotMessage("COLLECTED_FLAGS",collected))

			elif(msg.type == "STOP_EXPLOITS"):
				self.attack_manager.cmd(AttackManager.STOP_ALL)

			elif(msg.type == "TERMINATE"):
				self.comm.kill()
				break

			else:
				assert(False),"Invalid msg type received"

	def __mainLoopAuto(self):
		while(True):
			msg = self.comm.receive(True,1)

			if(msg != None):				
				if(msg.type == "TERMINATE"):
					self.comm.kill()
					break

				elif(msg.type == "NEW_EXPLOIT"):
					self.__newExploit(msg.data[0],msg.data[1])

				elif(msg.type == "LIST_EXPLOITS"):
					exploits = self.__listExploits()
					self.comm.sendResponse(msg,BotMessage("LIST_EXPLOITS_RESULT",exploits))	
	
				elif(msg.type.startswith("GET_LOG:")):
					payload = msg.type[8:]
					(exploit, lines) = payload.split("|")
					lines = int(lines)
					log_data = self.__getLog(exploit,lines)
					self.comm.sendResponse(msg,BotMessage("GET_LOG_RESULT:%s" % exploit, log_data))		
	
				elif(msg.type.startswith("GET_EXPLOIT:")):
					exploit = msg.type[12:]
					data = self.__getExploit(exploit)
					self.comm.sendResponse(msg,BotMessage("GET_EXPLOIT_RESULT:%s" % exploit, data))	

				elif(msg.type.startswith("TOGGLE_EXPLOIT:")):
					exploit = msg.type[15:]
					self.__toggleExploit(exploit)
			else:
				flags = self.attack_manager.getFlags()
				if(len(flags) != 0):
					self.comm.send(BotMessage("COLLECTED_FLAGS",flags))

	def __newExploit(self,filename,filedata):
		self.logger.info("New exploit uploaded: %s" % filename)
		exploit_dir = self.attack_conf.exploitDir()
		path = os.path.join(exploit_dir,filename)
		exploit_file = open(path,"w")
		exploit_file.write(filedata)
		exploit_file.close()
		os.chmod(path,stat.S_IRWXU | stat.S_IRWXO | stat.S_IRWXG)

	def __toggleExploit(self,exploit):
		exploit_dir = self.attack_conf.exploitDir()
		exploit_path = os.path.join(exploit_dir,exploit)

		if(	exploit.endswith(".bin") or
			exploit.endswith(".dat")):
			self.logger.warn("Tried to toggled data file %s" % exploit)

		elif(os.path.exists(exploit_path) and not os.path.isdir(exploit_path)):
			if(os.access(exploit_path,os.X_OK)):
				self.logger.info("Toggled %s off" % exploit)
				os.chmod(exploit_path,
					stat.S_IRUSR | stat.S_IWUSR | 
					stat.S_IRGRP | stat.S_IWGRP |
					stat.S_IROTH | stat.S_IWOTH )
			else:
				self.logger.info("Toggled %s on" % exploit)
				os.chmod(exploit_path,stat.S_IRWXU | stat.S_IRWXO | stat.S_IRWXG)
		else:
			self.logger.warn("Tried to toggle unknown exploit: %s" % exploit)

	def __listExploits(self):
		exploit_dir = self.attack_conf.exploitDir()
		exploits = []

		for file in os.listdir(exploit_dir):	
			path = os.path.join(exploit_dir,file)

			if(	os.path.isdir(path) == True or
				path.endswith(".bin") or
				path.endswith(".dat")):
				continue

			if(os.access(path,os.X_OK)):
				exploits.append((file,True))
			else:
				exploits.append((file,False))

		return exploits

	def __getExploit(self, exploit):
		try:
			exploit_dir = self.attack_conf.exploitDir()
			path = os.path.join(exploit_dir,exploit)
			file = open(path,"r")
			data = file.read()

			return data
		except:
			return None


	def __getLog(self, exploit, nLines):
		try:
			log = os.path.join(self.conf.log_dir,"Exploit-%s.log"%exploit)
			file = open(log,"r")
			file.seek(0,os.SEEK_END)
			fsize = file.tell()
			file.seek(max(fsize-65536,0),0)
			lines = file.readlines()
	
			if len(lines) > nLines:
				lines = lines[-nLines:]

			return lines
		except Exception as e:
			self.logger.error("Error getting exploit log: %s" % e)
		return []
コード例 #4
0
ファイル: AttackBot.py プロジェクト: fabio-d/ctf-scorebot
class AttackBot(Process):
    def __init__(self, conf, init=False, auto_restart=True):
        Process.__init__(self)
        self.conf = conf
        self.comm = None
        self.init = init
        self.logger = conf.buildLogger("AttackBot")
        self.attack_manager = AttackManager(conf, self.logger, init,
                                            auto_restart)
        self.auto_restart = auto_restart

        self.attack_conf = self.conf.getSection("ATTACK_BOT")
        self.round_time = self.attack_conf.roundInterval()

    def run(self):
        self.attack_manager.start()

        server_info = self.conf.getGameStateServerInfo()
        self.comm = BotCommClient(server_info.host, server_info.port,
                                  server_info.key, server_info.iv,
                                  "ATTACK_BOT")

        self.comm.start()

        if (self.auto_restart == True):
            self.logger.info("Starting (AUTO Logic)")
            self.__mainLoopAuto()
        else:
            self.logger.info("Starting (WAIT Logic)")
            self.__mainLoopWait()

    def __mainLoopWait(self):
        while (True):
            msg = self.comm.receive()
            self.logger.debug("Wait logic processing msg: %s (%s)" %
                              (msg.type, str(msg.data)))

            if (msg.type == "EXECUTE_EXPLOITS"):
                exploits = msg.data
                for exploit in exploits:
                    self.attack_manager.cmd(AttackManager.LAUNCH_EXPLOIT,
                                            exploit)

            elif (msg.type == "UPDATE_EXPLOITS"):
                self.attack_manager.cmd(AttackManager.UPDATE_EXPLOITS)

            elif (msg.type == "PROCESS_OUTPUT"):
                self.attack_manager.cmd(AttackManager.PROCESS_OUTPUT)

            elif (msg.type == "GATHER_FLAGS"):
                self.attack_manager.cmd(AttackManager.GATHER_FLAGS)
                collected = []
                while (True):
                    try:
                        collected.append(
                            self.attack_manager.collected_flags.get(True, 1))
                    except Queue.Empty:
                        break

                self.comm.send(BotMessage("COLLECTED_FLAGS", collected))

            elif (msg.type == "STOP_EXPLOITS"):
                self.attack_manager.cmd(AttackManager.STOP_ALL)

            elif (msg.type == "TERMINATE"):
                self.comm.kill()
                break

            else:
                assert (False), "Invalid msg type received"

    def __mainLoopAuto(self):
        while (True):
            msg = self.comm.receive(True, 1)

            if (msg != None):
                if (msg.type == "TERMINATE"):
                    self.comm.kill()
                    break

                elif (msg.type == "NEW_EXPLOIT"):
                    self.__newExploit(msg.data[0], msg.data[1])

                elif (msg.type == "LIST_EXPLOITS"):
                    exploits = self.__listExploits()
                    self.comm.sendResponse(
                        msg, BotMessage("LIST_EXPLOITS_RESULT", exploits))

                elif (msg.type.startswith("GET_LOG:")):
                    payload = msg.type[8:]
                    (exploit, lines) = payload.split("|")
                    lines = int(lines)
                    log_data = self.__getLog(exploit, lines)
                    self.comm.sendResponse(
                        msg, BotMessage("GET_LOG_RESULT:%s" % exploit,
                                        log_data))

                elif (msg.type.startswith("GET_EXPLOIT:")):
                    exploit = msg.type[12:]
                    data = self.__getExploit(exploit)
                    self.comm.sendResponse(
                        msg, BotMessage("GET_EXPLOIT_RESULT:%s" % exploit,
                                        data))

                elif (msg.type.startswith("TOGGLE_EXPLOIT:")):
                    exploit = msg.type[15:]
                    self.__toggleExploit(exploit)
            else:
                flags = self.attack_manager.getFlags()
                if (len(flags) != 0):
                    self.comm.send(BotMessage("COLLECTED_FLAGS", flags))

    def __newExploit(self, filename, filedata):
        self.logger.info("New exploit uploaded: %s" % filename)
        exploit_dir = self.attack_conf.exploitDir()
        path = os.path.join(exploit_dir, filename)
        exploit_file = open(path, "w")
        exploit_file.write(filedata)
        exploit_file.close()
        os.chmod(path, stat.S_IRWXU | stat.S_IRWXO | stat.S_IRWXG)

    def __toggleExploit(self, exploit):
        exploit_dir = self.attack_conf.exploitDir()
        exploit_path = os.path.join(exploit_dir, exploit)

        if (exploit.endswith(".bin") or exploit.endswith(".dat")):
            self.logger.warn("Tried to toggled data file %s" % exploit)

        elif (os.path.exists(exploit_path)
              and not os.path.isdir(exploit_path)):
            if (os.access(exploit_path, os.X_OK)):
                self.logger.info("Toggled %s off" % exploit)
                os.chmod(
                    exploit_path, stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP
                    | stat.S_IWGRP | stat.S_IROTH | stat.S_IWOTH)
            else:
                self.logger.info("Toggled %s on" % exploit)
                os.chmod(exploit_path,
                         stat.S_IRWXU | stat.S_IRWXO | stat.S_IRWXG)
        else:
            self.logger.warn("Tried to toggle unknown exploit: %s" % exploit)

    def __listExploits(self):
        exploit_dir = self.attack_conf.exploitDir()
        exploits = []

        for file in os.listdir(exploit_dir):
            path = os.path.join(exploit_dir, file)

            if (os.path.isdir(path) == True or path.endswith(".bin")
                    or path.endswith(".dat")):
                continue

            if (os.access(path, os.X_OK)):
                exploits.append((file, True))
            else:
                exploits.append((file, False))

        return exploits

    def __getExploit(self, exploit):
        try:
            exploit_dir = self.attack_conf.exploitDir()
            path = os.path.join(exploit_dir, exploit)
            file = open(path, "r")
            data = file.read()

            return data
        except:
            return None

    def __getLog(self, exploit, nLines):
        try:
            log = os.path.join(self.conf.log_dir, "Exploit-%s.log" % exploit)
            file = open(log, "r")
            file.seek(0, os.SEEK_END)
            fsize = file.tell()
            file.seek(max(fsize - 65536, 0), 0)
            lines = file.readlines()

            if len(lines) > nLines:
                lines = lines[-nLines:]

            return lines
        except Exception as e:
            self.logger.error("Error getting exploit log: %s" % e)
        return []