socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0IGD MPT Interface daemon 1.0\0'), srcpeername)
elif data.startswith('AA\0\0AAAA$GetVersion\0'):
print("Netis backdoor $GetVersion command received")
socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\0\0{}'.format(VERSION_TEXT)), srcpeername)
elif data.startswith('AA\0\0AAAA$Help\0'):
print("Netis backdoor $Help command received")
socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0{}'.format(HELP_TEXT)), srcpeername)
elif data.startswith('AA\0\0AAAA'):
print("\nNetis backdoor execute command received:")
command = tee_received_text(data[8:].strip())
print("")
outstream = StringIO.StringIO()
outstream.send = outstream.write # HACK
process_commandline(outstream, command)
output = tee_sent_text(outstream.getvalue())
print("\nAssembled reply packets:")
marker = 'B'
while len(output) > 0:
curr_block = output[:1991]
output = output[1991:]
socket.sendto(tee_sent_bin('AA\0\4A{}AA{}'.format(marker, curr_block)), srcpeername)
marker = chr(1 + ord(marker))
socket.sendto(tee_sent_bin('AA\0\5A{}AA\0\0\0\0'.format(marker)), srcpeername)
else:
print("Unknown Netis backdoor command")
if __name__ == "__main__":
testrun.run_udp(53413, 53413, handle_udp_netis_backdoor)
#!/usr/bin/env python2 # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. import testrun from termcolor import colored from utils import tee_received_bin def handle_udp_hexdump(socket, data, srcpeername, dstport): tee_received_bin(data) if __name__ == "__main__": testrun.run_udp(8888, 8888, handle_udp_hexdump)
print("Pretending {} is a good user".format(headers['To']))
resp = 'SIP/2.0 200 OK\n'
# http://kb.smartvox.co.uk/asterisk/friendlyscanner-gets-aggressive/
rheaders = { 'From': headers['From'], 'To': headers['To'], 'Call-ID': headers['Call-ID'], 'CSeq': headers['CSeq'] }
rheaders['Via'] = '{};received={}'.format(headers['Via'].replace(';rport', ''), srcpeername[0])
rheaders['User-Agent'] = USER_AGENT
elif method == 'INVITE':
print("The intruder is trying to make a call")
# Pretend we don't understand to stop further interactions
resp = 'SIP/2.0 501 Not Implemented\n'
rheaders = {}
to_hdr = headers.get('To', '')
from_hdr = headers.get('From', '')
ua_hdr = headers.get('User-Agent', '')
log_append('udp_sip_invites', srcpeername[0], to_hdr, from_hdr, ua_hdr)
elif (method == 'ACK' or method == 'BYE'):
resp = 'SIP/2.0 200 OK\n'
rheaders = dict(headers)
rheaders['User-Agent'] = USER_AGENT
else:
resp = 'SIP/2.0 501 Not Implemented\n'
rheaders = {}
# Assemble response
for k in rheaders:
resp += '{}: {}\n'.format(k, rheaders[k])
socket.sendto(tee_sent_text('{}\n'.format(resp)), srcpeername)
if __name__ == "__main__":
testrun.run_udp(5060, 5060, handle_udp_sip)
