Initial PostgreSQL fingerprinting stuff

2020-11-17 18:39:19 +05:30 · 2020-11-17 18:39:19 +05:30 · edc1b779d3
parent e2e87dc733
commit edc1b779d3
1 changed files with 67 additions and 0 deletions
--- a/monkey/infection_monkey/network/postgresql_fingerprint.py
+++ b/monkey/infection_monkey/network/postgresql_fingerprint.py
@ -0,0 +1,67 @@
+"""
+Implementation from https://github.com/SecuraBV/CVE-2020-1472
+"""
+
+import logging
+
+import psycopg2
+
+from infection_monkey.network.HostFinger import HostFinger
+
+LOG = logging.getLogger(__name__)
+
+
+class PostgreSQLFinger(HostFinger):
+    """
+    Fingerprints PostgreSQL databases, only on port 5432
+    """
+    # Class related consts
+    _SCANNED_SERVICE = 'PostgreSQL'
+    POSTGRESQL_DEFAULT_PORT = 5432
+    CREDS = {'username': 'monkeySaysHello',
+             'password': 'monkeySaysXXX'}
+
+    def get_host_fingerprint(self, host):
+        try:
+            connection = psycopg2.connect(host=host.ip_addr,
+                                          port=self.POSTGRESQL_DEFAULT_PORT,
+                                          user=self.CREDS['username'],
+                                          password=self.CREDS['password'],
+                                          sslmode='prefer')  # don't need to worry about DB name; creds are wrong, won't check
+
+        except psycopg2.OperationalError as ex:  # try block will throw an OperationalError since the credentials are wrong
+            exception_string = str(ex)
+            relevant_ex_substrings = ["password authentication failed",
+                                      "entry for host"]  # "no pg_hba.conf entry for host" but filename may be diff
+
+            if not any(substr in exception_string for substr in relevant_ex_substrings):
+                # OperationalError due to some other reason
+                return False
+
+            self.init_service(host.services, self._SCANNED_SERVICE, self.POSTGRESQL_DEFAULT_PORT)
+
+            """
+                ---> split exception_string by \n
+
+                if len == 1: ssl_conf_on_server = False
+                    if "password authentication failed" is present: ssl_forced = False
+                    elif "entry for host" is present: ssl_forced = True
+                if len == 2: ssl_conf_on_server = True
+                    // for [0]
+                    if "password authentication failed" is present: ssl_all = True
+                    elif "entry for host" is present: ssl_forced = False
+                    // for [1]
+                    if "password authentication failed" is present: nossl_all = True
+                    elif "entry for host" is present: nossl_forced = False
+
+                ---> def is_ssl_configured():
+                        // check length after splitting
+                ---> def is_ssl_exists():
+                        if is_ssl_configured(): // checks twice - once for SSL entry, once for no SSL entry
+                            koi_function() for [0]th // kisi function mein if-elif waala daal do upar jo likha hai
+                        koi_function() for [-1]th
+
+                // how do i make deriving the results simpler and shorter?!
+            """
+
+            # LOG.info(f'Exception: {ex}')