def pktCallback(self, srcaddr, pkt): """ FOOD IS SERVED \L/ """ if self.treated(srcaddr): return self._donesrcaddrs.append(srcaddr) metadata = parsePkt(pkt) if metadata is None: return self.logInfo("SIP (UDP) server '%s' at %s:%s" %(metadata['headers']['User-Agent'],srcaddr[0],srcaddr[1])) if self._pcallback: self._pcallback.announceNewTarget(targets.TARGET_SIP_SERVICE(ip=srcaddr[0], port=srcaddr[1], ua=metadata['headers']['User-Agent'],)) if not srcaddr[0] in [target[0] for target in self._donesrcaddrs]: self._pcallback.announceNewTarget(targets.TARGET_IP(ip=srcaddr[0],))
def pktCallback(self, srcaddr, pkt): self._targetisalive = True metadata = parsePkt(pkt) if metadata['code'] == PROXYAUTHREQ: self._targetisproxy = True elif metadata['code'] == AUTHREQ: self._targetisproxy = False if metadata.has_key('auth-header'): if self._realm is None: self._realm = metadata['auth-header']['realm'] if self._digestalgorithm is None: self._digestalgorithm = metadata['auth-header']['algorithm'] if None not in [metadata['auth-header'][key] for key in ['realm', 'nonce']]: if self._reusenonce: if len(self._challenges) > 0: return # nothx new ! else: self._staticnonce = metadata['auth-header']['nonce'] self._staticcallid = metadata['headers']['Call-ID'] self._challenges.append((metadata['auth-header']['nonce'],metadata['headers']['Call-ID'])) elif metadata['code'] == OKAY: self._passwordcracked = True match = re.search('tag=([+\.;:a-zA-Z0-9]*)',metadata['headers']['From']) assert not match is None, "No 'From' tag: Remote SIP UAC 'ate' our tag!" tag = match.group(1) creds = decodeTag(tag, '\xDE\xAD\xBE\xEF').split(':') assert (not creds is None) and 0 < len(creds) < 3, "couln't not decode to tag: %s" %(tag) self.logDebug("'%s' response received" %(metadata['respfirstline'])) if len(creds) > 1: self.logInfo("the password for user/extension '%s' is '%s'" %(creds[0],creds[1])) # XXX report vuln/info else: self.logInfo("user/extension '%s' is passwordless" %creds[0]) # XXX report vuln/info ? elif metadata['code'] == NOTFOUND: self.logWarning("received fatal response '%s' for user/extension '%s'" %(metadata['respfirstline'],self._username)) self._notfound = True elif metadata['code'] == INVALIDPASS: pass elif metadata['code'] == TRYING: pass else: self.logWarning("Got unknown response '%s'" %(metadata['respfirstline'])) self._failed = True
def pktCallback(self, srcaddr, pkt): """ Food is served """ self._targetisalive = True metadata = parsePkt(pkt) if metadata['headers']['To'] is None: # self.logInfo("received failure response: %s" %(metadata['respfirstline'])) return if self._BADUSERCODE is None: """ Perform a test 1st .. to find out what error code is returned for unknown users Quit if weird codes are returned (the SIP UAS must be sick or somethx \L/) """ if metadata['code'] == TRYING \ or metadata['code'] == RINGING \ or metadata['code'] == UNAVAILABLE: pass elif metadata['code'] == OKAY \ or metadata['code'] == NOTALLOWED \ or metadata['code'] == UNSUPPORTED \ or metadata['code'] == NOTIMPLEMENTED \ or metadata['code'] == INEXISTENTTRANSACTION \ or metadata['code'] == NOTACCEPTABLE \ or metadata['code'] == BADREQUEST \ or metadata['code'] == PROXYAUTHREQ \ or metadata['code'] == INVALIDPASS \ or metadata['code'] == AUTHREQ \ or metadata['code'] == TEMPORARILYUNAVAILABLE: self.logWarning("SIP server (fatally) replied test packet with '%s'" %(metadata['respfirstline'])) self.set_currentmethod() else: self.logDebug("ok. server replied test packet with '%s'"%(metadata['respfirstline'])) self._BADUSERCODE = metadata['code'] self.logDebug("setting BADUSERCODE = %s" % self._BADUSERCODE) return match = re.search("^(?P<username>.+?) *?<", metadata['headers']['To']) username = match.group('username').replace('"', '').replace("'", "") if metadata['code'] != self._BADUSERCODE: if username in self._doneusernames: return if (200 <= metadata['code'] < 300) and self._ackenabled: # ACKnowledge all 2XX (success!) responses if metadata['headers']['CSeq'] is None: # self.logDebug("received failure response: %s" %(metadata['firstline'])) return match = re.search("^(?P<cseqnum>[0-9]+?) .+?", metadata['headers']['CSeq']) assert match is not None # XXX dirty cseqnum = match.group('cseqnum') ackpkt = makeRequest('ACK', srcaddr[0], srcaddr[1], self._xternalip, self._localport, extension=username, callid=metadata['headers']['Call-ID'], cseqnum=cseqnum) self.logInfo("received (success) response '%s' for username '%s'" %(metadata['respfirstline'], username)) self.logDebug("sending ACK ..") self.sendto(ackpkt, srcaddr) if metadata['code'] == OKAY \ or metadata['code'] == AUTHREQ \ or metadata['code'] == PROXYAUTHREQ \ or metadata['code'] == INVALIDPASS \ or metadata['code'] == TEMPORARILYUNAVAILABLE: self._doneusernames.append(username) authentication = 'reqauth' if metadata['code'] == OKAY: authentication = 'noauth' self.logInfo("cracked username: %s (response to '%s' request was '%s')" %(username,self._currentmethod,metadata['respfirstline'])) if self._pcallback: self._pcallback.announceNewTarget(targets.TARGET_SIP_USER(ip=srcaddr[0], port=srcaddr[1], ua=metadata['headers']['User-Agent'], user=username, auth=authentication)) else: self.logInfo("received '%s' for username '%s'" %(metadata['respfirstline'], username)) else: self.logInfo("received failure response '%s' for username '%s'" %(metadata['respfirstline'], username)) pass