def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
auth_detail = self.__parse_client_data(sep=sep)
auth_result = self.__parse_server_data()
auth_detail.reverse()
auth_result.reverse()
if auth_detail and auth_result:
# 账号密码同时传输
if len(auth_detail) == len(auth_result):
while auth_result and auth_detail:
crack_result = auth_result.pop()
crack_detail = auth_detail.pop()
if crack_detail:
pcci = PassWdCrackOb(service="mysql",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci.toDict()
else:
logging.error("[MYSQL_ODD_DATA]: %s" % repr(self.data_tuple))
def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
auth_detail = self.__parse_client_data()
auth_result = self.__parse_server_data()
auth_detail.reverse()
auth_result.reverse()
if auth_detail and auth_result:
if len(auth_detail) == len(auth_result):
while auth_result and auth_detail:
timetag = "%s-%s" % (self.ts_start, self.ts_end)
crack_detail = "%s%s%s%s%s%s" % (sep, auth_detail.pop(), sep, auth_result.pop(), sep, timetag)
pcci = PassWdCrackOb(service="ssh",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=-1,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci.toDict()
else:
logging.error("[SSH_ODD_DATA]: %s" % repr(self.data_tuple))
def parse_data(self):
"""
:param sep:
:return:
"""
auth_detail = self.__parse_client_data()
auth_result = self.__parse_server_data()
auth_detail.reverse()
auth_result.reverse()
if auth_detail and auth_result:
if len(auth_result) <= len(auth_detail):
while auth_detail and auth_result:
crack_detail = auth_detail.pop()
crack_result = auth_result.pop()
pcci = PassWdCrackOb(service="redis",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci.toDict()
else:
logging.error("[REDIS_ODD_DATA]: %s" % repr(self.data_tuple))
def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
if not self.data_c2s:
# only check the data_c2s
return
auth_detail = self.__parse_client_data()
auth_detail.reverse()
if auth_detail:
while auth_detail:
timetag = "%s-%s" % (self.ts_start, self.ts_end)
crack_detail = "%s%s%s%s" % (sep, auth_detail.pop(), sep,
timetag)
pcci = PassWdCrackOb(service="rdp",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=-1,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci
else:
# logging.error("[RDP_ODD_DATA]: %s" % repr(self.data_tuple))
pass
def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
auth_detail = self.__parse_client_data()
auth_result = self.__parse_server_data()
if auth_detail and auth_result:
auth_result_dict = {}
len_auth_detail = len(auth_detail)
i = 0
for i in range(i, len_auth_detail, 2):
auth_result_dict[auth_detail[i]] = auth_detail[i + 1]
if len(auth_result) == 1:
crack_detail = "{sep}{user}{sep}{password}{sep}{database}".format(
sep=sep,
user=auth_result_dict.get("user"),
database=auth_result_dict.get("database"),
password=auth_result_dict.get("password"))
if PGSQLAuth.__AUTH_CODE[auth_result[0]] == "Successful":
crack_result = 1
else:
crack_result = 2
pcci = PassWdCrackOb(service="pgsql",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci.toDict()
else:
logging.error("[PGSQL_ODD_DATA]: %s" % repr(self.data_tuple))
def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
auth_detail = self.__parse_client_data()
auth_result = self.__parse_server_data()
auth_detail.reverse()
auth_result.reverse()
if auth_detail and auth_result:
# 账号密码分开传输
len_of_auth_detail = len(auth_detail)
if len_of_auth_detail % 2 == 0 and (2 * len(auth_result)
== len_of_auth_detail):
while auth_result and auth_detail:
crack_result = auth_result.pop()
crack_passwd = auth_detail.pop()
crack_user = auth_detail.pop()
crack_detail = "%s%s%s%s" % (sep, crack_user, sep,
crack_passwd)
pcci = PassWdCrackOb(service="ftp",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci.toDict()
else:
logging.error("[FTP_ODD_DATA]: %s" % repr(self.data_tuple))
def parse_data(self, sep='\x00'):
"""
:param sep:
:return:
"""
if not (self.data_c2s and self.data_s2c):
return
(is_both, auth_detail) = self.__parse_client_data()
auth_result = self.__parse_server_data()
if auth_detail and auth_result:
if is_both == 1:
# 账号密码同时传输
if len(auth_detail) == len(auth_result):
while auth_result and auth_detail:
crack_result = auth_result.pop()
crack_detail = auth_detail.pop()
crack_detail = mills.is_base64(crack_detail)
if crack_detail:
pcci = PassWdCrackOb(service="smtp",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci
if is_both == 0:
# 账号密码分开传输
len_of_auth_detail = len(auth_detail)
if len_of_auth_detail % 2 == 0 and (2 * len(auth_result)
== len_of_auth_detail):
while auth_result and auth_detail:
crack_result = auth_result.pop()
crack_passwd = auth_detail.pop()
crack_user = auth_detail.pop()
crack_passwd = mills.is_base64(crack_passwd)
crack_user = mills.is_base64(crack_user)
crack_detail = "%s%s%s%s" % (sep, crack_user, sep,
crack_passwd)
pcci = PassWdCrackOb(service="smtp",
src_ip=self.src_ip,
src_port=self.src_port,
dst_ip=self.dst_ip,
dst_port=self.dst_port,
crack_result=crack_result,
crack_detail=crack_detail,
ts_start=self.ts_start,
ts_end=self.ts_end)
yield pcci
else:
logging.error("[SMTP_ODD_DATA]: %s" % repr(self.data_tuple))