0001-Rename-to-check tcp-udp port-and-refactor

This commit is contained in:
Daniel Goldberg 2017-11-11 20:32:12 +02:00
parent ab0f0aefef
commit 0bc6668242
8 changed files with 30 additions and 28 deletions

View File

@ -13,7 +13,7 @@ from exploit import HostExploiter
from exploit.tools import HTTPTools, get_monkey_depth from exploit.tools import HTTPTools, get_monkey_depth
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from network.tools import check_port_tcp from network.tools import check_tcp_port
from tools import build_monkey_commandline from tools import build_monkey_commandline
__author__ = 'hoffer' __author__ = 'hoffer'
@ -245,7 +245,7 @@ class RdpExploiter(HostExploiter):
return True return True
if not self.host.os.get('type'): if not self.host.os.get('type'):
is_open, _ = check_port_tcp(self.host.ip_addr, RDP_PORT) is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
if is_open: if is_open:
self.host.os['type'] = 'windows' self.host.os['type'] = 'windows'
return True return True
@ -254,7 +254,7 @@ class RdpExploiter(HostExploiter):
def exploit_host(self): def exploit_host(self):
global g_reactor global g_reactor
is_open, _ = check_port_tcp(self.host.ip_addr, RDP_PORT) is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
if not is_open: if not is_open:
LOG.info("RDP port is closed on %r, skipping", self.host) LOG.info("RDP port is closed on %r, skipping", self.host)
return False return False

View File

@ -7,7 +7,7 @@ from exploit import HostExploiter
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
from model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS from model import MONKEY_CMDLINE_DETACHED_WINDOWS, DROPPER_CMDLINE_DETACHED_WINDOWS
from network import SMBFinger from network import SMBFinger
from network.tools import check_port_tcp from network.tools import check_tcp_port
from tools import build_monkey_commandline from tools import build_monkey_commandline
LOG = getLogger(__name__) LOG = getLogger(__name__)
@ -31,12 +31,12 @@ class SmbExploiter(HostExploiter):
return True return True
if not self.host.os.get('type'): if not self.host.os.get('type'):
is_smb_open, _ = check_port_tcp(self.host.ip_addr, 445) is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
if is_smb_open: if is_smb_open:
smb_finger = SMBFinger() smb_finger = SMBFinger()
smb_finger.get_host_fingerprint(self.host) smb_finger.get_host_fingerprint(self.host)
else: else:
is_nb_open, _ = check_port_tcp(self.host.ip_addr, 139) is_nb_open, _ = check_tcp_port(self.host.ip_addr, 139)
if is_nb_open: if is_nb_open:
self.host.os['type'] = 'windows' self.host.os['type'] = 'windows'
return self.host.os.get('type') in self._TARGET_OS_TYPE return self.host.os.get('type') in self._TARGET_OS_TYPE

View File

@ -7,7 +7,7 @@ import monkeyfs
from exploit import HostExploiter from exploit import HostExploiter
from exploit.tools import get_target_monkey, get_monkey_depth from exploit.tools import get_target_monkey, get_monkey_depth
from model import MONKEY_ARG from model import MONKEY_ARG
from network.tools import check_port_tcp from network.tools import check_tcp_port
from tools import build_monkey_commandline from tools import build_monkey_commandline
__author__ = 'hoffer' __author__ = 'hoffer'
@ -41,7 +41,7 @@ class SSHExploiter(HostExploiter):
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'): if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
port = int(servkey.replace('tcp-', '')) port = int(servkey.replace('tcp-', ''))
is_open, _ = check_port_tcp(self.host.ip_addr, port) is_open, _ = check_tcp_port(self.host.ip_addr, port)
if not is_open: if not is_open:
LOG.info("SSH port is closed on %r, skipping", self.host) LOG.info("SSH port is closed on %r, skipping", self.host)
return False return False

View File

@ -17,7 +17,7 @@ from impacket.dcerpc.v5 import transport
from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth from exploit.tools import SmbTools, get_target_monkey, get_monkey_depth
from model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS from model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
from network import SMBFinger from network import SMBFinger
from network.tools import check_port_tcp from network.tools import check_tcp_port
from tools import build_monkey_commandline from tools import build_monkey_commandline
from . import HostExploiter from . import HostExploiter
@ -168,7 +168,7 @@ class Ms08_067_Exploiter(HostExploiter):
if not self.host.os.get('type') or ( if not self.host.os.get('type') or (
self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')): self.host.os.get('type') in self._TARGET_OS_TYPE and not self.host.os.get('version')):
is_smb_open, _ = check_port_tcp(self.host.ip_addr, 445) is_smb_open, _ = check_tcp_port(self.host.ip_addr, 445)
if is_smb_open: if is_smb_open:
smb_finger = SMBFinger() smb_finger = SMBFinger()
if smb_finger.get_host_fingerprint(self.host): if smb_finger.get_host_fingerprint(self.host):

View File

@ -1,7 +1,8 @@
import re import re
from network import HostFinger
from network.tools import check_port_tcp
from model.host import VictimHost from model.host import VictimHost
from network import HostFinger
from network.tools import check_tcp_port
SSH_PORT = 22 SSH_PORT = 22
SSH_SERVICE_DEFAULT = 'tcp-22' SSH_SERVICE_DEFAULT = 'tcp-22'
@ -38,7 +39,7 @@ class SSHFinger(HostFinger):
self._banner_match(name, host, banner) self._banner_match(name, host, banner)
return return
is_open, banner = check_port_tcp(host.ip_addr, SSH_PORT, TIMEOUT, True) is_open, banner = check_tcp_port(host.ip_addr, SSH_PORT, TIMEOUT, True)
if is_open: if is_open:
host.services[SSH_SERVICE_DEFAULT] = {} host.services[SSH_SERVICE_DEFAULT] = {}

View File

@ -1,8 +1,9 @@
import time import time
from random import shuffle from random import shuffle
from network import HostScanner, HostFinger
from model.host import VictimHost from model.host import VictimHost
from network.tools import check_port_tcp from network import HostScanner, HostFinger
from network.tools import check_tcp_port
__author__ = 'itamar' __author__ = 'itamar'
@ -26,7 +27,7 @@ class TcpScanner(HostScanner, HostFinger):
for target_port in target_ports: for target_port in target_ports:
is_open, banner = check_port_tcp(host.ip_addr, is_open, banner = check_tcp_port(host.ip_addr,
target_port, target_port,
self._config.tcp_scan_timeout / 1000.0, self._config.tcp_scan_timeout / 1000.0,
self._config.tcp_scan_get_banner) self._config.tcp_scan_get_banner)

View File

@ -1,6 +1,6 @@
import socket
import select
import logging import logging
import select
import socket
import struct import struct
DEFAULT_TIMEOUT = 10 DEFAULT_TIMEOUT = 10
@ -32,10 +32,10 @@ def struct_unpack_tracker_string(data, index):
""" """
ascii_len = data[index:].find('\0') ascii_len = data[index:].find('\0')
fmt = "%ds" % ascii_len fmt = "%ds" % ascii_len
return struct_unpack_tracker(data,index,fmt) return struct_unpack_tracker(data, index, fmt)
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False): def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout) sock.settimeout(timeout)
@ -43,7 +43,7 @@ def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
sock.connect((ip, port)) sock.connect((ip, port))
except socket.timeout: except socket.timeout:
return False, None return False, None
except socket.error, exc: except socket.error as exc:
LOG.debug("Check port: %s:%s, Exception: %s", ip, port, exc) LOG.debug("Check port: %s:%s, Exception: %s", ip, port, exc)
return False, None return False, None
@ -56,23 +56,23 @@ def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
banner = sock.recv(BANNER_READ) banner = sock.recv(BANNER_READ)
except: except:
pass pass
sock.close() sock.close()
return True, banner return True, banner
def check_port_udp(ip, port, timeout=DEFAULT_TIMEOUT): def check_udp_port(ip, port, timeout=DEFAULT_TIMEOUT):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(timeout) sock.settimeout(timeout)
data = None data = None
is_open = False is_open = False
try: try:
sock.sendto("-", (ip, port)) sock.sendto("-", (ip, port))
data, _ = sock.recvfrom(BANNER_READ) data, _ = sock.recvfrom(BANNER_READ)
is_open = True is_open = True
except: except socket.error:
pass pass
sock.close() sock.close()

View File

@ -8,7 +8,7 @@ from threading import Thread
from model import VictimHost from model import VictimHost
from network.firewall import app as firewall from network.firewall import app as firewall
from network.info import local_ips, get_free_tcp_port from network.info import local_ips, get_free_tcp_port
from network.tools import check_port_tcp from network.tools import check_tcp_port
from transport.base import get_last_serve_time from transport.base import get_last_serve_time
__author__ = 'hoffer' __author__ = 'hoffer'
@ -40,7 +40,7 @@ def _check_tunnel(address, port, existing_sock=None):
sock = existing_sock sock = existing_sock
LOG.debug("Checking tunnel %s:%s", address, port) LOG.debug("Checking tunnel %s:%s", address, port)
is_open, _ = check_port_tcp(address, int(port)) is_open, _ = check_tcp_port(address, int(port))
if not is_open: if not is_open:
LOG.debug("Could not connect to %s:%s", address, port) LOG.debug("Could not connect to %s:%s", address, port)
if not existing_sock: if not existing_sock: