NetExec/cme/protocols/ssh.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

import paramiko
from cme.connection import *
from cme.helpers.logger import highlight
from cme.logger import CMEAdapter
from paramiko.ssh_exception import AuthenticationException, NoValidConnectionsError, SSHException


class ssh(connection):

    @staticmethod
    def proto_args(parser, std_parser, module_parser):
        ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser])
        ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
        ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key. Treats the password parameter as the key's passphrase.")
        ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")
        ssh_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")

        cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands")
        cgroup.add_argument('--no-output', action='store_true', help='do not retrieve command output')
        cgroup.add_argument("-x", metavar="COMMAND", dest='execute', help="execute the specified command")

        return parser

    def proto_logger(self):
        self.logger = CMEAdapter(
            extra={
                'protocol': 'SSH',
                'host': self.host,
                'port': self.args.port,
                'hostname': self.hostname
            }
        )

    def print_host_info(self):
        self.logger.display(self.remote_version)
        return True

    def enum_host_info(self):
        self.remote_version = self.conn._transport.remote_version

    def create_conn_obj(self):
        self.conn = paramiko.SSHClient()
        self.conn.set_missing_host_key_policy(paramiko.AutoAddPolicy())

        try:
            self.conn.connect(self.host, port=self.args.port)
        except AuthenticationException:
            return True
        except SSHException:
            return True
        except NoValidConnectionsError:
            return False
        except socket.error:
            return False

    def client_close(self):
        self.conn.close()

    def check_if_admin(self):
        stdin, stdout, stderr = self.conn.exec_command("id")
        if stdout.read().decode("utf-8").find("uid=0(root)") != -1:
            self.admin_privs = True

    def plaintext_login(self, username, password):
        try:
            if self.args.key_file:
                passwd = password
                password = f"{passwd} (keyfile: {self.args.key_file})"
                self.conn.connect(
                    self.host,
                    port=self.args.port,
                    username=username,
                    passphrase=passwd,
                    key_filename=self.args.key_file,
                    look_for_keys=False,
                    allow_agent=False
                )
            else:
                self.conn.connect(
                    self.host,
                    port=self.args.port,
                    username=username,
                    password=password,
                    look_for_keys=False,
                    allow_agent=False
                )

            self.check_if_admin()
            self.logger.success(
                u"{}:{} {}".format(
                    username,
                    password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
                    highlight(f'({self.config.get("CME", "pwn3d_label")})' if self.admin_privs else '')
                )
            )
            if not self.args.continue_on_success:
                return True
        except Exception as e:
            self.logger.fail(
                f"{username}:{password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {e}"
            )
            self.client_close()
            return False

    def execute(self, payload=None, get_output=False):
        try:
            stdin, stdout, stderr = self.conn.exec_command(self.args.execute)
        except AttributeError:
            return ""
        self.logger.success("Executed command")
        for line in stdout:
            self.logger.highlight(line.strip())

        return stdout
Adding shebang and encoding utf-8 for all python files 2022-07-18 23:59:14 +00:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`import paramiko`
			`from cme.connection import *`
			`from cme.helpers.logger import highlight`
			`from cme.logger import CMEAdapter`
			`from paramiko.ssh_exception import AuthenticationException, NoValidConnectionsError, SSHException`

Added WINRM support, NMap XML and .Nessus parsing - Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting) - Added support for NMap XML and .Nessus files if given as targets - Fixed a bug in the MSSQL protocol which caused it to not retrieve host info - Version Bump 2017-10-25 02:08:19 +00:00
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`class ssh(connection):`

			`@staticmethod`
			`def proto_args(parser, std_parser, module_parser):`
			`ssh_parser = parser.add_parser('ssh', help="own stuff using SSH", parents=[std_parser, module_parser])`
Fix ssh issue #375 2020-05-09 11:59:53 +00:00			`ssh_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')`
feat(ssh): Add support for publickey authentication. 2019-11-18 17:39:17 +00:00			`ssh_parser.add_argument("--key-file", type=str, help="Authenticate using the specified private key. Treats the password parameter as the key's passphrase.")`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`ssh_parser.add_argument("--port", type=int, default=22, help="SSH port (default: 22)")`
Add option --continue-on-success to smb protocol 2020-06-20 10:10:05 +00:00			`ssh_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
			`cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands")`
			`cgroup.add_argument('--no-output', action='store_true', help='do not retrieve command output')`
			`cgroup.add_argument("-x", metavar="COMMAND", dest='execute', help="execute the specified command")`

			`return parser`

			`def proto_logger(self):`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`self.logger = CMEAdapter(`
			`extra={`
			`'protocol': 'SSH',`
			`'host': self.host,`
			`'port': self.args.port,`
			`'hostname': self.hostname`
			`}`
			`)`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
			`def print_host_info(self):`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`self.logger.display(self.remote_version)`
Improve laps core function 2021-11-17 12:37:14 +00:00			`return True`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
			`def enum_host_info(self):`
			`self.remote_version = self.conn._transport.remote_version`

			`def create_conn_obj(self):`
			`self.conn = paramiko.SSHClient()`
			`self.conn.set_missing_host_key_policy(paramiko.AutoAddPolicy())`

			`try:`
			`self.conn.connect(self.host, port=self.args.port)`
			`except AuthenticationException:`
			`return True`
			`except SSHException:`
			`return True`
			`except NoValidConnectionsError:`
			`return False`
Updated Submodules 2017-10-21 23:24:09 +00:00			`except socket.error:`
			`return False`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
Fix ssh connection #351 2020-04-28 10:11:16 +00:00			`def client_close(self):`
			`self.conn.close()`

Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`def check_if_admin(self):`
convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`stdin, stdout, stderr = self.conn.exec_command("id")`
			`if stdout.read().decode("utf-8").find("uid=0(root)") != -1:`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`self.admin_privs = True`

			`def plaintext_login(self, username, password):`
			`try:`
feat(ssh): Add support for publickey authentication. 2019-11-18 17:39:17 +00:00			`if self.args.key_file:`
			`passwd = password`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`password = f"{passwd} (keyfile: {self.args.key_file})"`
			`self.conn.connect(`
			`self.host,`
			`port=self.args.port,`
			`username=username,`
			`passphrase=passwd,`
			`key_filename=self.args.key_file,`
			`look_for_keys=False,`
			`allow_agent=False`
			`)`
feat(ssh): Add support for publickey authentication. 2019-11-18 17:39:17 +00:00			`else:`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`self.conn.connect(`
			`self.host,`
			`port=self.args.port,`
			`username=username,`
			`password=password,`
			`look_for_keys=False,`
			`allow_agent=False`
			`)`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
feat(ssh): Add support for publickey authentication. 2019-11-18 17:39:17 +00:00			`self.check_if_admin()`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`self.logger.success(`
convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`u"{}:{} {}".format(`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`username,`
			`password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,`
convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`highlight(f'({self.config.get("CME", "pwn3d_label")})' if self.admin_privs else '')`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`)`
			`)`
Add option --continue-on-success to smb protocol 2020-06-20 10:10:05 +00:00			`if not self.args.continue_on_success:`
			`return True`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`except Exception as e:`
core switch to fail instead of error function 2023-04-21 10:20:47 +00:00			`self.logger.fail(`
convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`f"{username}:{password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode') * 8} {e}"`
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console 2023-03-30 03:59:22 +00:00			`)`
Fix ssh connection #351 2020-04-28 10:11:16 +00:00			`self.client_close()`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`return False`

			`def execute(self, payload=None, get_output=False):`
Fix ssh connection #351 2020-04-28 10:11:16 +00:00			`try:`
			`stdin, stdout, stderr = self.conn.exec_command(self.args.execute)`
			`except AttributeError:`
convert format() to f-string, update single quote to double, and some PEP8 fixes 2023-04-12 04:25:38 +00:00			`return ""`
			`self.logger.success("Executed command")`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00			`for line in stdout:`
update python3 2019-11-10 23:12:35 +00:00			`self.logger.highlight(line.strip())`
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output 2017-07-10 05:44:58 +00:00
			`return stdout`