swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
NetExec/nxc/protocols/ssh.py

187 lines
6.7 KiB
Python
Raw Normal View History

Adding shebang and encoding utf-8 for all python files
2022-07-18 23:59:14 +00:00
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
import logging
Adding shebang and encoding utf-8 for all python files
2022-07-18 23:59:14 +00:00
fix(ssh): add imports to ssh from connection
2023-05-01 13:56:03 +00:00
from io import StringIO
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
import paramiko
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
rename folders, files, functions, classes, etc to NetExec/nxc
2023-09-14 21:07:15 +00:00
from nxc.config import process_secret
from nxc.connection import *
from nxc.logger import NXCAdapter
black formating
2023-05-02 15:17:59 +00:00
from paramiko.ssh_exception import (
AuthenticationException,
NoValidConnectionsError,
SSHException,
)
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
Added WINRM support, NMap XML and .Nessus parsing - Added the WINRM protocol, CME now supports executing commands through WinRM (Powershell Remoting) - Added support for NMap XML and .Nessus files if given as targets - Fixed a bug in the MSSQL protocol which caused it to not retrieve host info - Version Bump
2017-10-25 02:08:19 +00:00
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
class ssh(connection):
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
def __init__(self, args, db, host):
feat(ssh): add ability to properly use SSH keys via -cred
2023-04-30 21:23:29 +00:00
self.protocol = "SSH"
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
self.remote_version = None
self.server_os = None
feat(ssh): add ability to properly use SSH keys via -cred
2023-04-30 21:23:29 +00:00
super().__init__(args, db, host)
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
def proto_logger(self):
rename folders, files, functions, classes, etc to NetExec/nxc
2023-09-14 21:07:15 +00:00
self.logger = NXCAdapter(
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
extra={
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
"protocol": "SSH",
"host": self.host,
"port": self.args.port,
black formating
2023-05-02 15:17:59 +00:00
"hostname": self.hostname,
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
}
)
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
logging.getLogger("paramiko").setLevel(logging.WARNING)
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
def print_host_info(self):
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
self.logger.display(self.remote_version)
Improve laps core function
2021-11-17 12:37:14 +00:00
return True
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
def enum_host_info(self):
self.remote_version = self.conn._transport.remote_version
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
self.logger.debug(f"Remote version: {self.remote_version}")
self.server_os = ""
if self.args.remote_enum:
stdin, stdout, stderr = self.conn.exec_command("uname -r")
self.server_os = stdout.read().decode("utf-8")
self.logger.debug(f"OS retrieved: {self.server_os}")
self.db.add_host(self.host, self.args.port, self.remote_version, os=self.server_os)
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
def create_conn_obj(self):
self.conn = paramiko.SSHClient()
self.conn.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
self.conn.connect(self.host, port=self.args.port)
except AuthenticationException:
return True
except SSHException:
return True
except NoValidConnectionsError:
return False
Updated Submodules
2017-10-21 23:24:09 +00:00
except socket.error:
return False
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
Fix ssh connection #351
2020-04-28 10:11:16 +00:00
def client_close(self):
self.conn.close()
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
def check_if_admin(self):
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
# we could add in another method to check by piping in the password to sudo
# but that might be too much of an opsec concern - maybe add in a flag to do more checks?
convert format() to f-string, update single quote to double, and some PEP8 fixes
2023-04-12 04:25:38 +00:00
stdin, stdout, stderr = self.conn.exec_command("id")
if stdout.read().decode("utf-8").find("uid=0(root)") != -1:
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
self.logger.info(f"Determined user is root via `id` command")
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
self.admin_privs = True
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
return True
stdin, stdout, stderr = self.conn.exec_command("sudo -ln | grep 'NOPASSWD: ALL'")
black formating
2023-05-02 15:17:59 +00:00
if stdout.read().decode("utf-8").find("NOPASSWD: ALL") != -1:
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
self.logger.info(f"Determined user is root via `sudo -ln` command")
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
self.admin_privs = True
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
return True
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
feat(ssh): add ability to properly use SSH keys via -cred
2023-04-30 21:23:29 +00:00
def plaintext_login(self, username, password, private_key=None):
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
try:
fix(ssh): read in keyfile and pass it to paramiko due to bug in paramiko looping through key types on failure; closes #454
2023-05-01 01:49:45 +00:00
if self.args.key_file or private_key:
if private_key:
pkey = paramiko.RSAKey.from_private_key(StringIO(private_key))
else:
pkey = paramiko.RSAKey.from_private_key_file(self.args.key_file)
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
fix(ssh): read in keyfile and pass it to paramiko due to bug in paramiko looping through key types on failure; closes #454
2023-05-01 01:49:45 +00:00
self.logger.debug(f"Logging in with key")
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
self.conn.connect(
self.host,
port=self.args.port,
username=username,
feat(ssh): add ability to properly use SSH keys via -cred
2023-04-30 21:23:29 +00:00
passphrase=password if password != "" else None,
fix(ssh): read in keyfile and pass it to paramiko due to bug in paramiko looping through key types on failure; closes #454
2023-05-01 01:49:45 +00:00
pkey=pkey,
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
look_for_keys=False,
black formating
2023-05-02 15:17:59 +00:00
allow_agent=False,
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
)
fix(ssh): read in keyfile and pass it to paramiko due to bug in paramiko looping through key types on failure; closes #454
2023-05-01 01:49:45 +00:00
if private_key:
black formating
2023-05-02 15:17:59 +00:00
cred_id = self.db.add_credential(
"key",
username,
password if password != "" else "",
key=private_key,
)
fix(ssh): read in keyfile and pass it to paramiko due to bug in paramiko looping through key types on failure; closes #454
2023-05-01 01:49:45 +00:00
else:
with open(self.args.key_file, "r") as f:
key_data = f.read()
black formating
2023-05-02 15:17:59 +00:00
cred_id = self.db.add_credential(
"key",
username,
password if password != "" else "",
key=key_data,
)
feat(ssh): Add support for publickey authentication.
2019-11-18 17:39:17 +00:00
else:
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
self.logger.debug(f"Logging in with password")
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
self.conn.connect(
self.host,
port=self.args.port,
username=username,
password=password,
look_for_keys=False,
black formating
2023-05-02 15:17:59 +00:00
allow_agent=False,
feat(console): complete log overhaul, allowing more granular debug messages, and logging to console
2023-03-30 03:59:22 +00:00
)
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
cred_id = self.db.add_credential("plaintext", username, password)
feat(ssh): display if there is shell access for ssh logins
2023-04-27 00:36:36 +00:00
shell_access = False
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
host_id = self.db.get_hosts(self.host)[0].id
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
if self.check_if_admin():
feat(ssh): display if there is shell access for ssh logins
2023-04-27 00:36:36 +00:00
shell_access = True
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
self.logger.debug(f"User {username} logged in successfully and is root!")
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
if self.args.key_file:
self.db.add_admin_user("key", username, password, host_id=host_id, cred_id=cred_id)
else:
black formating
2023-05-02 15:17:59 +00:00
self.db.add_admin_user(
"plaintext",
username,
password,
host_id=host_id,
cred_id=cred_id,
)
feat(ssh): display if there is shell access for ssh logins
2023-04-27 00:36:36 +00:00
else:
stdin, stdout, stderr = self.conn.exec_command("id")
output = stdout.read().decode("utf-8")
if not output:
self.logger.debug(f"User cannot get a shell")
shell_access = False
else:
shell_access = True
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
feat(ssh): add shell access tracking to DB and display it in cmedb
2023-04-29 20:33:16 +00:00
self.db.add_loggedin_relation(cred_id, host_id, shell=shell_access)
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
if self.args.key_file:
password = f"{password} (keyfile: {self.args.key_file})"
feat(ssh): display if there is shell access for ssh logins
2023-04-27 00:36:36 +00:00
display_shell_access = f" - shell access!" if shell_access else ""
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
black v2 formating
2023-05-08 18:39:36 +00:00
self.logger.success(f"{username}:{process_secret(password)} {self.mark_pwned()}{highlight(display_shell_access)}")
Remove self.args.continue_on_success from connection protocols and formating
2023-04-23 11:45:16 +00:00
return True
black formating
2023-05-02 15:17:59 +00:00
except (
AuthenticationException,
NoValidConnectionsError,
ConnectionResetError,
) as e:
self.logger.fail(f"{username}:{process_secret(password)} {e}")
Fix ssh connection #351
2020-04-28 10:11:16 +00:00
self.client_close()
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
return False
feat(ssh): add additional check for root level access after login and update formatting
2023-04-25 23:45:56 +00:00
except Exception as e:
self.logger.exception(e)
self.client_close()
return False
Takes care of issue #190 and #191, initial SSH protocol implementation - Passing --ntds will automatically use the drsuapi method (DCSync) - Initial implementation of the SSH protocol and the mimipenguin module (This is very much still not finished, lots of stuff missing) - Added check to make sure existing config file is in the 4.x format - Added splinter and paramiko to dep requirements - Updated Impacket to latest commit - HTTP protocol now also returns server version in output
2017-07-10 05:44:58 +00:00
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
def execute(self, payload=None, output=False):
Fix ssh connection #351
2020-04-28 10:11:16 +00:00
try:
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
command = payload if payload is not None else self.args.execute
stdin, stdout, stderr = self.conn.exec_command(command)
Fix ssh connection #351
2020-04-28 10:11:16 +00:00
except AttributeError:
convert format() to f-string, update single quote to double, and some PEP8 fixes
2023-04-12 04:25:38 +00:00
return ""
feat(ssh): update SSH protocol to use the CMEDB and add some additional functionality for determining total logins for SSH users
2023-04-26 15:43:49 +00:00
if output:
self.logger.success("Executed command")
for line in stdout:
self.logger.highlight(line.strip())
return stdout