forked from p15670423/monkey
Initial PostgreSQL fingerprinting stuff
This commit is contained in:
parent
e2e87dc733
commit
edc1b779d3
|
@ -0,0 +1,67 @@
|
|||
"""
|
||||
Implementation from https://github.com/SecuraBV/CVE-2020-1472
|
||||
"""
|
||||
|
||||
import logging
|
||||
|
||||
import psycopg2
|
||||
|
||||
from infection_monkey.network.HostFinger import HostFinger
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
||||
class PostgreSQLFinger(HostFinger):
|
||||
"""
|
||||
Fingerprints PostgreSQL databases, only on port 5432
|
||||
"""
|
||||
# Class related consts
|
||||
_SCANNED_SERVICE = 'PostgreSQL'
|
||||
POSTGRESQL_DEFAULT_PORT = 5432
|
||||
CREDS = {'username': 'monkeySaysHello',
|
||||
'password': 'monkeySaysXXX'}
|
||||
|
||||
def get_host_fingerprint(self, host):
|
||||
try:
|
||||
connection = psycopg2.connect(host=host.ip_addr,
|
||||
port=self.POSTGRESQL_DEFAULT_PORT,
|
||||
user=self.CREDS['username'],
|
||||
password=self.CREDS['password'],
|
||||
sslmode='prefer') # don't need to worry about DB name; creds are wrong, won't check
|
||||
|
||||
except psycopg2.OperationalError as ex: # try block will throw an OperationalError since the credentials are wrong
|
||||
exception_string = str(ex)
|
||||
relevant_ex_substrings = ["password authentication failed",
|
||||
"entry for host"] # "no pg_hba.conf entry for host" but filename may be diff
|
||||
|
||||
if not any(substr in exception_string for substr in relevant_ex_substrings):
|
||||
# OperationalError due to some other reason
|
||||
return False
|
||||
|
||||
self.init_service(host.services, self._SCANNED_SERVICE, self.POSTGRESQL_DEFAULT_PORT)
|
||||
|
||||
"""
|
||||
---> split exception_string by \n
|
||||
|
||||
if len == 1: ssl_conf_on_server = False
|
||||
if "password authentication failed" is present: ssl_forced = False
|
||||
elif "entry for host" is present: ssl_forced = True
|
||||
if len == 2: ssl_conf_on_server = True
|
||||
// for [0]
|
||||
if "password authentication failed" is present: ssl_all = True
|
||||
elif "entry for host" is present: ssl_forced = False
|
||||
// for [1]
|
||||
if "password authentication failed" is present: nossl_all = True
|
||||
elif "entry for host" is present: nossl_forced = False
|
||||
|
||||
---> def is_ssl_configured():
|
||||
// check length after splitting
|
||||
---> def is_ssl_exists():
|
||||
if is_ssl_configured(): // checks twice - once for SSL entry, once for no SSL entry
|
||||
koi_function() for [0]th // kisi function mein if-elif waala daal do upar jo likha hai
|
||||
koi_function() for [-1]th
|
||||
|
||||
// how do i make deriving the results simpler and shorter?!
|
||||
"""
|
||||
|
||||
# LOG.info(f'Exception: {ex}')
|
Loading…
Reference in New Issue