Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation on 05/30/23 in all areas

  1. Simple python script to send commands prepared in text files mutated by an example payload string, e.g. multiple A or B letters. Using Fortigate's credentials, a user should be able to use this script to automate a basic fuzzing process for commands available in CLI. c@ubuntu:~/LABS/_SUFLET2$ cat suff.py #!/usr/bin/env python3 # suff.py -- simple universal fortigate fuzzer # # initial idea : xx.10.2022 # finished idea: xx.04.2023 # # special thanks goes to Reykez (https://github.com/Reykez) # # for more details: # https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html # from netmiko import Netmiko import sys,os import time import paramiko def readFile(filename): words = [] fileText = open(filename.strip(), 'r') for line in fileText.readlines(): for word in line.strip().split(): words.append(word.strip()) words.append('\n') return words ## def writeFile(words, filename): text = ''; for word in words: text += word; if word!='\n': text += ' ' ; f = open(filename, 'w') f.write(text) f.close() ## run modified payload: send is as cfg: fpread = open(filename, 'r') lines = fpread.read() command = lines print("DEBUG :::: type of: %s" % type(command) ) print( command ) print("DEBUG :::: eof\n") ## # set up for the target fw_01 = { 'host':'192.168.56.231', 'username':'admin', 'password':'admin', 'device_type':'fortinet' } # connecting to the target host try: net_connect = Netmiko( **fw_01 ) print("+ connected, checking prompt...") except paramiko.ssh_exception.SSHException as e: print(" > connection error: %s" % e) except ConnectionResetError as e: print("> connection error2: %s" % e) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) print("... sleeping 1...") time.sleep(2) print("> sending fuzzed command...") send_init_cfg = net_connect.send_config_set( command ) # init_cfg... print("+ looks like we just sent this command:\n\t%s\n\n" % send_init_cfg ) ## finished fuzzed super-payload attack ## #### def modifyFilename(filename, number): name, extension = os.path.splitext(filename) return "{name}{uid}{extension}".format(name=name, uid=str(number).zfill(2), extension=extension) #### parse and validate command line args, proceed program args = sys.argv[1:] filename = args[0] if 0 in range(len(args)) else input ('Filename?') textToReplace = args[1] if 1 in range(len(args)) else input ('text to replace? ') outputBasename = args[2] if 2 in range(len(args)) else input ('output basename') words = readFile(filename); # reaplce any occurency and print fileIndex = 0 for wordIndex in range(len(words)): if words[wordIndex] == '\n': continue fileIndex += 1 wordsCopy = words.copy() try: wordsCopy[wordIndex] = textToReplace writeFile(wordsCopy, modifyFilename(outputBasename, fileIndex ) ) except UnboundLocalError as e: print("UnboundLocalError: local variable 'net_connect' referenced before assignment") print("> unbound variable error: %s" % e) pass print('Successfully generated', modifyFilename(outputBasename, 1), '-', modifyFilename(outputBasename, fileIndex), ' files!') Source
    1 point
  2. Legat de seo te pot ajuta eu.
    1 point
  3. Cred ca ideal ar fi sa fie decente si din punctul de vedere al calitatii, sa creasca numarul de clienti. Ca idei de promovare, ce ar merge? Instagram?
    1 point
×
×
  • Create New...