def process_loot_files(loot_list=[]):
"""
Processes locally stored (to web2py) MSF password loot files into the
account database.
Args:
loot_list: an array of [filename, settings.password_file_types, port, host_id]
Returns:
An array of [filename, result text]
"""
from skaldship.passwords.utils import process_password_file, insert_or_update_acct
#import os
db = current.globalenv['db']
data = []
for loot in loot_list:
if isinstance(loot, []):
(filename, file_type, port) = loot
else:
log("Invalid loot sent: %s" % loot, logging.ERROR)
continue
try:
(proto, number) = port.split('/')
except AttributeError as e:
log("Invalid port sent: %s", port, logging.ERROR)
try:
pw_data = open(filename, "rb").readlines().split('\n')
except IOError as e:
log("Error opening %s: %s" % (filename, e), logging.ERROR)
accounts = process_password_file(
pw_data=pw_data,
file_type=file_type,
source='Metasploit',
)
# find the info/0 service id for the host
host = get_host_record(loot['host'])
query = (db.t_services.f_number == number)
query &= (db.t_services.f_proto == proto)
query &= (db.t_services.f_hosts_id == host.id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto=proto,
f_number=number,
f_hosts_id=host.id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
log("Added loot accounts for host: %s" % host.f_ipaddr)
data.append({loot['host']: resp_text})
def accounts_import_file(filename=None, service=['info', '0'], f_type=None, f_source=None):
"""
Processes an Imported password file to the accounts table
"""
print("Processing password file: %s" % (filename))
from skaldship.passwords.utils import process_password_file, insert_or_update_acct
account_data = process_password_file(pw_file=filename, file_type=f_type, source=f_source)
resp_text = insert_or_update_acct(service, account_data)
print(resp_text)
return True
def accounts_import_file(filename=None, service=['info', '0'], f_type=None, f_source=None):
"""
Processes an Imported password file to the accounts table
"""
print("Processing password file: %s" % (filename))
from skaldship.passwords.utils import process_password_file, insert_or_update_acct
account_data = process_password_file(pw_file=filename, file_type=f_type, source=f_source)
resp_text = insert_or_update_acct(service, account_data)
print(resp_text)
return True
def process_pwdump_loot(loot_list=[], msf=None):
"""
Takes an array of loot records in loot_list, downloads the pwdump file and
adds the users.
"""
from skaldship.passwords.utils import process_password_file, insert_or_update_acct
db = current.globalenv['db']
#cache = current.globalenv['cache']
data = []
for loot_id in loot_list:
loot = msf.loot_download(loot_id)
if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
log("Loot is not a pwdump, it is a %s" % loot['ltype'],
logging.ERROR)
continue
else:
# process the pwdump file
pw_data = loot['data'].split('\n')
accounts = process_password_file(
pw_data=pw_data,
file_type='PWDUMP',
source='Metasploit',
)
# find the info/0 service id for the host
host = get_host_record(loot['host'])
query = (db.t_services.f_number == '0') & (
db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id
== host.id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto="info",
f_number="0",
f_status="info",
f_hosts_id=host.id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
log("Added pwdump records for host: %s" % host.f_ipaddr)
data.append({loot['host']: resp_text})
return data
def process_pwdump_loot(loot_list=[], msf=None):
"""
Takes an array of loot records in loot_list, downloads the pwdump file and
adds the users.
"""
from skaldship.passwords.utils import process_password_file, insert_or_update_acct
db = current.globalenv['db']
#cache = current.globalenv['cache']
data = []
for loot_id in loot_list:
loot = msf.loot_download(loot_id)
if loot['ltype'] not in ['host.windows.pwdump', 'windows.hashes']:
log("Loot is not a pwdump, it is a %s" % loot['ltype'], logging.ERROR)
continue
else:
# process the pwdump file
pw_data = loot['data'].split('\n')
accounts = process_password_file(
pw_data=pw_data,
file_type='PWDUMP',
source='Metasploit',
)
# find the info/0 service id for the host
host = get_host_record(loot['host'])
query = (db.t_services.f_number == '0') & (db.t_services.f_proto == 'info') & (db.t_services.f_hosts_id == host.id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto="info", f_number="0", f_status="info", f_hosts_id=host.id)
db.commit()
# insert or update the account records
resp_text = insert_or_update_acct(svc_id.id, accounts)
log("Added pwdump records for host: %s" % host.f_ipaddr)
data.append({loot['host']: resp_text})
return data
def paste():
"""
Import and parse password pasted to a textbox into t_accounts
"""
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url=URL('accounts', 'paste')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
url = URL('accounts', 'paste', vars={'service_id':request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL('accounts', 'paste', vars={'host_id':request.vars.host_id})
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram,30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
form = SQLFORM.factory(
Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field('f_pwtext', 'text', label=T('Password text')),
Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')),
buttons=buttons, _action=url, _id='accounts_paste_form'
#_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
from gluon.utils import web2py_uuid
host_id = db.t_services[form.vars.f_service].f_hosts_id
pwd_file_dir = os.path.join(request.folder, 'data', 'passwords', 'other')
if not os.path.exists(pwd_file_dir):
from gluon.fileutils import mktree
mktree(pwd_file_dir)
filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
full_file_path = os.path.join(request.folder, 'data/passwords/other', filename)
of = open(full_file_path, "w")
of.write(form.vars.f_pwtext)
of.close()
logger.debug("Processing password file: %s" % (full_file_path))
account_data = process_password_file(pw_file=full_file_path, file_type=request.vars.f_type, source=request.vars.f_source)
response.headers['web2py-component-command'] = 'accounttable.fnReloadAjax();'
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(full_file_path, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (full_file_path, e))
resp_text += "Error opening %s: %s\n" % (full_file_path, e)
db.t_evidence.insert( f_hosts_id = host_id,
f_type = 'Password File',
f_text = form.vars.f_type,
f_filename = filename,
f_evidence = filename,
f_data = pwdata)
resp_text += "\n%s added to evidence\n" % (filename)
db.commit()
def import_file():
"""
Import and parse password file into t_accounts
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url=URL('accounts', 'import_file')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
url = URL('accounts', 'import_file', vars={'service_id':request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(db.t_services.f_hosts_id == host_record.id).select(cache=(cache.ram, 30))
url = URL('accounts', 'import_file', vars={'host_id':request.vars.host_id})
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram,30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" % (host_title_maker(db.t_hosts[record.f_hosts_id]), record.f_proto, record.f_number)))
if request.extension == "load":
buttons=[]
else:
buttons=['submit']
form = SQLFORM.factory(
Field('f_service', 'string', label=T('Host / Service'), requires=IS_IN_SET(svc_set), default=svc_set[0][0]),
Field('f_filename', 'upload', uploadfolder=os.path.join(request.folder, settings.password_upload_dir), label=T('Password file')),
Field('f_type', 'string', label=T('File type'), default='PWDUMP', requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')),
Field('f_taskit', type='boolean', default=True, label=T('Run in background task')),
buttons=buttons, _action=url, _id='accounts_import_form'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if form.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir, form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
accounts_import_file,
pvars=dict(
filename=filename,
service=form.vars.f_service,
f_type=form.vars.f_type,
f_source=form.vars.f_source
),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout
)
if task.id:
resp_text = "Submitted file for processing: %s" % (A("task " + str(task.id), _href=URL(c='tasks', f='status', args=task.id)).xml())
else:
resp_text = "Error submitting job: %s" % (task.errors)
else:
logger.info("Processing password file: %s" % (filename))
account_data = process_password_file(
pw_file=filename,
file_type=request.vars.f_type,
source=request.vars.f_source
)
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
logger.info(resp_text)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(filename, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (filename, e))
db.t_evidence.insert( f_hosts_id = db.t_services[form.vars.f_service].f_hosts_id,
f_type = 'Password File',
f_text = form.vars.f_type,
f_filename = orig_filename,
f_evidence = form.vars.f_filename,
f_data = pwdata)
db.commit()
log("Invalid loot sent: %s" % loot, logging.ERROR)
continue
try:
(proto, number) = port.split('/')
except AttributeError, e:
log("Invalid port sent: %s", port, logging.ERROR)
try:
pw_data = open(filename, "rb").readlines().split('\n')
except IOError, e:
log("Error opening %s: %s" % (filename, e), logging.ERROR)
accounts = process_password_file(
pw_data=pw_data,
file_type=file_type,
source='Metasploit',
)
# find the info/0 service id for the host
host = get_host_record(loot['host'])
query = (db.t_services.f_number == number)
query &= (db.t_services.f_proto == proto)
query &= (db.t_services.f_hosts_id == host.id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto=proto, f_number=number, f_hosts_id=host.id)
db.commit()
def import_file():
"""
Import and parse password file into t_accounts
"""
import os
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL('accounts', 'import_file')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
url = URL('accounts',
'import_file',
vars={'service_id': request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(
db.t_services.f_hosts_id == host_record.id).select(
cache=(cache.ram, 30))
url = URL('accounts',
'import_file',
vars={'host_id': request.vars.host_id})
for record in svc_records:
svc_set.append(
(record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
if request.extension == "load":
buttons = []
else:
buttons = ['submit']
form = SQLFORM.factory(
Field('f_service',
'string',
label=T('Host / Service'),
requires=IS_IN_SET(svc_set),
default=svc_set[0][0]),
Field('f_filename',
'upload',
uploadfolder=os.path.join(request.folder,
settings.password_upload_dir),
label=T('Password file')),
Field('f_type',
'string',
label=T('File type'),
default='PWDUMP',
requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add Evidence')),
Field('f_taskit',
type='boolean',
default=True,
label=T('Run in background task')),
buttons=buttons,
_action=url,
_id='accounts_import_form')
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
if form.vars.f_filename is not None:
orig_filename = request.vars.f_filename.filename
filename = os.path.join(request.folder, settings.password_upload_dir,
form.vars.f_filename)
if form.vars.f_taskit:
task = scheduler.queue_task(
accounts_import_file,
pvars=dict(filename=filename,
service=form.vars.f_service,
f_type=form.vars.f_type,
f_source=form.vars.f_source),
group_name=settings.scheduler_group_name,
sync_output=5,
timeout=settings.scheduler_timeout)
if task.id:
resp_text = "Submitted file for processing: %s" % (A(
"task " + str(task.id),
_href=URL(c='tasks', f='status', args=task.id)).xml())
else:
resp_text = "Error submitting job: %s" % (task.errors)
else:
logger.info("Processing password file: %s" % (filename))
account_data = process_password_file(pw_file=filename,
file_type=request.vars.f_type,
source=request.vars.f_source)
resp_text = insert_or_update_acct(form.vars.f_service,
account_data)
logger.info(resp_text)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(filename, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (filename, e))
db.t_evidence.insert(
f_hosts_id=db.t_services[form.vars.f_service].f_hosts_id,
f_type='Password File',
f_text=form.vars.f_type,
f_filename=orig_filename,
f_evidence=form.vars.f_filename,
f_data=pwdata)
db.commit()
def paste():
"""
Import and parse password pasted to a textbox into t_accounts
"""
from skaldship.general import check_datadir
check_datadir(request.folder)
# Service_id is primary, host_id is secondary, if none then list
# all the services
svc_set = []
url = URL('accounts', 'paste')
if request.vars.has_key('service_id'):
try:
record = db.t_services[request.vars.service_id]
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
url = URL('accounts',
'paste',
vars={'service_id': request.vars.service_id})
except:
pass
elif request.vars.has_key('host_id'):
try:
host_record = get_host_record(request.vars.host_id)
svc_records = db(
db.t_services.f_hosts_id == host_record.id).select(
cache=(cache.ram, 30))
url = URL('accounts',
'paste',
vars={'host_id': request.vars.host_id})
for record in svc_records:
svc_set.append(
(record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
except:
pass
if len(svc_set) == 0:
# all services
svc_records = db(db.t_services).select(cache=(cache.ram, 30))
svc_set = []
for record in svc_records:
svc_set.append((record.id, "%s :: %s/%s" %
(host_title_maker(db.t_hosts[record.f_hosts_id]),
record.f_proto, record.f_number)))
if request.extension == "load":
buttons = []
else:
buttons = ['submit']
form = SQLFORM.factory(
Field('f_service',
'string',
label=T('Host / Service'),
requires=IS_IN_SET(svc_set),
default=svc_set[0][0]),
Field('f_pwtext', 'text', label=T('Password text')),
Field('f_type',
'string',
label=T('File type'),
default='PWDUMP',
requires=IS_IN_SET(settings.password_file_types)),
Field('f_source', 'string', label=T('Source (if necessary)')),
Field('f_add_to_evidence', 'boolean', label=T('Add file to Evidence')),
buttons=buttons,
_action=url,
_id='accounts_paste_form'
#_action=url, _id='accounts_paste_form', formstyle='bootstrap_modal'
)
resp_text = ""
accounts_added = []
accounts_updated = []
if form.errors:
response.flash = 'Error in form'
return TABLE(*[TR(k, v) for k, v in form.errors.items()])
elif form.accepts(request.vars, session):
from gluon.utils import web2py_uuid
host_id = db.t_services[form.vars.f_service].f_hosts_id
pwd_file_dir = os.path.join(request.folder, 'data', 'passwords',
'other')
if not os.path.exists(pwd_file_dir):
from gluon.fileutils import mktree
mktree(pwd_file_dir)
filename = "%s-pwfile-%s" % (host_id, web2py_uuid())
full_file_path = os.path.join(request.folder, 'data/passwords/other',
filename)
of = open(full_file_path, "w")
of.write(form.vars.f_pwtext)
of.close()
logger.debug("Processing password file: %s" % (full_file_path))
account_data = process_password_file(pw_file=full_file_path,
file_type=request.vars.f_type,
source=request.vars.f_source)
response.headers[
'web2py-component-command'] = 'accounttable.fnReloadAjax();'
resp_text = insert_or_update_acct(form.vars.f_service, account_data)
if form.vars.f_add_to_evidence is True:
# add the password file to evidence
try:
pwdata = open(full_file_path, "r").readlines()
except Exception, e:
logger.error("Error opening %s: %s" % (full_file_path, e))
resp_text += "Error opening %s: %s\n" % (full_file_path, e)
db.t_evidence.insert(f_hosts_id=host_id,
f_type='Password File',
f_text=form.vars.f_type,
f_filename=filename,
f_evidence=filename,
f_data=pwdata)
resp_text += "\n%s added to evidence\n" % (filename)
db.commit()
log("Invalid loot sent: %s" % loot, logging.ERROR)
continue
try:
(proto, number) = port.split('/')
except AttributeError, e:
log("Invalid port sent: %s", port, logging.ERROR)
try:
pw_data = open(filename, "rb").readlines().split('\n')
except IOError, e:
log("Error opening %s: %s" % (filename, e), logging.ERROR)
accounts = process_password_file(
pw_data=pw_data,
file_type=file_type,
source='Metasploit',
)
# find the info/0 service id for the host
host = get_host_record(loot['host'])
query = (db.t_services.f_number == number)
query &= (db.t_services.f_proto == proto)
query &= (db.t_services.f_hosts_id == host.id)
svc_id = db(query).select().first()
if svc_id is None:
# info/0 not found.. add it!
svc_id = db.t_services.insert(f_proto=proto,
f_number=number,
f_hosts_id=host.id)