Archives
/
patator
mirror of https://github.com/lanjelot/patator
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

bug fixed in telnet_login, and --rate-reset

Browse Source
pull/4/merge
Lanjelot 13 years ago
parent 4e0375b4b5
commit 974ad0e1cb
1 changed files with 22 additions and 21 deletions
Show Stats Download Patch File Download Diff File

43
patator.py
Unescape Escape View File

@ -289,16 +289,16 @@ ssh_login ... -x ignore:mesg='Authentication failed.' -x ignore,reset,retry:mesg
* Brute-force authentication. * Brute-force authentication.
(a) Enter login after first prompt is detected, enter password after second prompt. (a) Enter login after first prompt is detected, enter password after second prompt.
(b) Reconnect everytime the server returns a different error message. (b) The regex to detect the login and password prompts.
(c) Do not report these error messages. (c) Reconnect when we get no login prompt back (max number of tries reached or successful login).
------------ (a) ------------ (a)
telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt
-x reset:fgrep!='Login incorrect' -x ignore:egrep='Login incorrect|telnet connection closed' prompt_re='Username:|Password:' -x reset:egrep!='% Login failed!.+Username:'
(b) (c) (b) (c)
NB. If you still get errors like "telnet connection closed", this is because NB. If you get errors like "telnet connection closed", this is because they occur
they occur at TCP connect time, so try decreasing the number of threads, at TCP connect time, so try decreasing the number of threads, the server may
the server may be enforcing a maximum number of concurrent connections. be enforcing a maximum number of concurrent connections.
}}} }}}
{{{ SMTP {{{ SMTP
@ -715,7 +715,7 @@ Syntax:
opt_grp = OptionGroup(parser, 'Optimization') opt_grp = OptionGroup(parser, 'Optimization')
opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between tests (default is 0)') opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between tests (default is 0)')
opt_grp.add_option('--rate-reset', dest='rate_reset', type='int', default=0, metavar='N', help='reset module every N tests (default is 0)') opt_grp.add_option('--rate-reset', dest='rate_reset', type='int', default=0, metavar='N', help='reset module every N tests (default is 0: never reset)')
opt_grp.add_option('--failure-delay', dest='failure_delay', type='float', default=0.5, metavar='N', help='wait N seconds after a failure (default is 0.5)') opt_grp.add_option('--failure-delay', dest='failure_delay', type='float', default=0.5, metavar='N', help='wait N seconds after a failure (default is 0.5)')
opt_grp.add_option('--max-retries', dest='max_retries', type='int', default=5, metavar='N', help='skip payload after N failures (default is 5) (-1 for unlimited)') opt_grp.add_option('--max-retries', dest='max_retries', type='int', default=5, metavar='N', help='skip payload after N failures (default is 5) (-1 for unlimited)')
opt_grp.add_option('-t', '--threads', dest='num_threads', type='int', default=10, metavar='N', help='number of threads (default is 10)') opt_grp.add_option('-t', '--threads', dest='num_threads', type='int', default=10, metavar='N', help='number of threads (default is 10)')
@ -1032,18 +1032,18 @@ Syntax:
sleep(1) sleep(1)
if self.rate_reset > 0: if self.rate_reset > 0:
if rate_count == self.rate_reset: if rate_count >= self.rate_reset:
logger.debug('Reset module') logger.debug('Reset module')
module = self.module() module = self.module()
rate_count = 0 rate_count = 0
else:
rate_count += 1
if self.rate_limit: if self.rate_limit:
sleep(self.rate_limit) sleep(self.rate_limit)
logger.debug('Trying: %s' % payload)
try: try:
logger.debug('Trying: %s' % payload) rate_count += 1
resp = module.execute(**payload) resp = module.execute(**payload)
except: except:
@ -1051,6 +1051,7 @@ Syntax:
resp = '%s, %s' % (e_type, e_value.args) resp = '%s, %s' % (e_type, e_value.args)
logger.debug('except: %s' % resp) logger.debug('except: %s' % resp)
module = self.module() module = self.module()
rate_count = 0
sleep(self.failure_delay) sleep(self.failure_delay)
continue continue
@ -1413,8 +1414,8 @@ class Telnet_login(TCP_Cache):
'''Brute-force Telnet authentication''' '''Brute-force Telnet authentication'''
usage_hints = ( usage_hints = (
"""%prog host=10.0.0.1 inputs='FILE0\\nFILE1' 0=logins.txt 1=passwords.txt""" """%prog host=10.0.0.1 inputs='FILE0\\nFILE1' 0=logins.txt 1=passwords.txt persistent=0"""
""" -x reset:fgrep!='Login incorrect' -x ignore:egrep='Login incorrect|telnet connection closed'""", """ prompt_re='Username:|Password:' -x ignore:egrep='Login incorrect.+Username:'""",
) )
available_options = ( available_options = (
@ -1422,7 +1423,7 @@ class Telnet_login(TCP_Cache):
('port', 'ports to target [23]'), ('port', 'ports to target [23]'),
('inputs', 'list of values to input'), ('inputs', 'list of values to input'),
('prompt_re', 'regular expression to match prompts [\w+]'), ('prompt_re', 'regular expression to match prompts [\w+]'),
('timeout', 'seconds to wait for prompt_re to match received data [10]'), ('timeout', 'seconds to wait for prompt_re to match received data [20]'),
) )
available_options += TCP_Cache.available_options available_options += TCP_Cache.available_options
@ -1433,20 +1434,20 @@ class Telnet_login(TCP_Cache):
self.prompt_count = 0 self.prompt_count = 0
return fp, None return fp, None
def execute(self, host, port=None, inputs=None, prompt_re='\w+:', timeout=10, persistent='1'): def execute(self, host, port=None, inputs=None, prompt_re='\w+:', timeout='20', persistent='1'):
fp, _ = self.get_tcp(persistent, host=host, port=port) fp, _ = self.get_tcp(persistent, host=host, port=port)
trace = '' trace = ''
timeout = int(timeout)
if self.prompt_count == 0: if self.prompt_count == 0:
_, _, raw = fp.expect([prompt_re], timeout=timeout) _, _, raw = fp.expect([prompt_re], timeout=timeout)
raw += fp.read_very_eager()
logger.debug('raw banner: %s' % repr(raw)) logger.debug('raw banner: %s' % repr(raw))
trace += raw trace += raw
self.prompt_count += 1 self.prompt_count += 1
try: try:
for val in inputs.split(r'\n'): for val in inputs.split(r'\n'):
logger.debug('val: %s' % val) logger.debug('input: %s' % val)
cmd = val + '\n' cmd = val + '\n'
fp.write(cmd) fp.write(cmd)
trace += cmd trace += cmd
@ -1459,8 +1460,8 @@ class Telnet_login(TCP_Cache):
mesg = repr(raw)[1:-1] # strip enclosing single quotes mesg = repr(raw)[1:-1] # strip enclosing single quotes
except EOFError as e: except EOFError as e:
logger.debug('EOFError: %s' % e) mesg = 'EOFError: %s' % e
mesg, = e logger.debug(mesg)
return self.Response('0', mesg, trace) return self.Response('0', mesg, trace)

Write Preview
Loading…
Cancel
Save