示例#1
0
    def _verify(self):
        result = {}
        output = Output(self)

        target_ip = url2ip(self.url)
        url = urlparse.urlparse(self.url)
        port = url.port or 443

        if check_poodle(target_ip, port):
            output.success(result)
        else:
            output.fail('Not support SSLv3 connection. Not Vulnerable')
        return output
示例#2
0
    def _verify(self):
        result = {}
        pr = urlparse(self.url)
        host = url2ip(self.url)
        port = pr.port if pr.port else 22

        if password_auth_bypass_test(host, port):
            result['VerifyInfo'] = {}
            result['VerifyInfo']['Target'] = '{0}:{1}'.format(host, port)
            return self.parse_attack(result)

        if fake_key_bypass_test(host, port):
            result['VerifyInfo'] = {}
            result['VerifyInfo']['Target'] = '{0}:{1}'.format(host, port)

        return self.parse_attack(result)
示例#3
0
    def _verify(self):
        '''verify mode'''
        result = {}
        import socket
        s = socket.socket()
        payload = '\x2a\x31\x0d\x0a\x24\x34\x0d\x0a\x69\x6e\x66\x6f\x0d\x0a'
        socket.setdefaulttimeout(5)
        host = url2ip(self.url)
        port = 6379
        s.connect((host, port))
        s.send(payload)
        recvdata = s.recv(1024)
        if recvdata and 'redis_version' in recvdata:
            result['FileInfo'] = {}
            result['FileInfo']['Filename'] = "redis-unauth"
        s.close()


        return self.parse_output(result)
示例#4
0
 def _verify(self):
     result = {}
     url = url2ip(self.url)  # 自动判断输入格式,并将URL转为IP
     port = 6379  #默认端口6379
     payload = '\x2a\x31\x0d\x0a\x24\x34\x0d\x0a\x69\x6e\x66\x6f\x0d\x0a'
     s = socket.socket()
     s.settimeout(5)
     try:
         if isinstance(url, tuple):
             host = str(url[0])
         else:
             host = str(url)
         s.connect((host, port))
         s.send(payload)
         recvdata = s.recv(1024)
         s.close()
         if recvdata and 'redis_version' in recvdata:
             result['VerifyInfo'] = {}
             result['VerifyInfo']['URL'] = host + ":" + str(port)
     except Exception, e:
         s.close()
示例#5
0
    def _verify(self):
        """verify mode"""
        # Packets
        negotiate_protocol_request = binascii.unhexlify(
            "00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200")
        session_setup_request = binascii.unhexlify(
            "00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000")
        tree_connect_request = binascii.unhexlify(
            "00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00")
        trans2_session_setup = binascii.unhexlify(
            "0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000")
        timeout = 30
        ip = url2ip(self.url)
        result = {}

        # Connect to socket
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        s.settimeout(float(timeout) if timeout else None)
        host = ip
        port = 445
        s.connect((host, port))

        # Send/receive negotiate protocol request
        s.send(negotiate_protocol_request)
        s.recv(1024)

        # Send/receive session setup request
        s.send(session_setup_request)
        session_setup_response = s.recv(1024)

        # Extract user ID from session setup response
        user_id = session_setup_response[32:34]

        # Replace user ID in tree connect request packet
        modified_tree_connect_request = list(tree_connect_request)
        modified_tree_connect_request[32] = user_id[0]
        modified_tree_connect_request[33] = user_id[1]
        modified_tree_connect_request = "".join(modified_tree_connect_request)

        # Send tree connect request
        s.send(modified_tree_connect_request)
        tree_connect_response = s.recv(1024)

        # Extract tree ID from response
        tree_id = tree_connect_response[28:30]

        # Replace tree ID and user ID in trans2 session setup packet
        modified_trans2_session_setup = list(trans2_session_setup)
        modified_trans2_session_setup[28] = tree_id[0]
        modified_trans2_session_setup[29] = tree_id[1]
        modified_trans2_session_setup[32] = user_id[0]
        modified_trans2_session_setup[33] = user_id[1]
        modified_trans2_session_setup = "".join(modified_trans2_session_setup)

        # Send trans2 sessions setup request
        s.send(modified_trans2_session_setup)
        final_response = s.recv(1024)

        s.close()

        # Check for 0x51 response to indicate DOUBLEPULSAR infection
        if final_response[34] == "\x51":
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url

        return self.parse_output(result)
示例#6
0
# coding: utf-8