fix bug where socket would not exist and updated ftp/ssh-related tests to include file creds
Marshall Hallenbeck
parent
98edc72394
commit
68a3d21c78
|
|
@ -59,40 +59,44 @@ class ftp(connection):
|
|||
return True
|
||||
|
||||
def plaintext_login(self, username, password):
|
||||
if not self.conn.sock:
|
||||
self.create_conn_obj()
|
||||
try:
|
||||
self.logger.debug(self.conn.sock)
|
||||
resp = self.conn.login(user=username, passwd=password)
|
||||
self.logger.debug(f"Response: {resp}")
|
||||
# 230 is "User logged in, proceed" response, ftplib raises an exception on failed login
|
||||
if "230" in resp:
|
||||
self.logger.debug(f"Host: {self.host} Port: {self.args.port}")
|
||||
self.db.add_host(self.host, self.args.port, self.remote_version)
|
||||
|
||||
cred_id = self.db.add_credential(username, password)
|
||||
|
||||
host_id = self.db.get_hosts(self.host)[0].id
|
||||
self.db.add_loggedin_relation(cred_id, host_id)
|
||||
|
||||
if username in ["anonymous", ""] and password in ["", "-"]:
|
||||
self.logger.success(f"{username}:{process_secret(password)} {highlight('- Anonymous Login!')}")
|
||||
else:
|
||||
self.logger.success(f"{username}:{process_secret(password)}")
|
||||
|
||||
if self.args.ls:
|
||||
files = self.list_directory_full()
|
||||
self.logger.display(f"Directory Listing")
|
||||
for file in files:
|
||||
self.logger.highlight(file)
|
||||
|
||||
if not self.args.continue_on_success:
|
||||
self.conn.close()
|
||||
return True
|
||||
|
||||
self.conn.close()
|
||||
except Exception as e:
|
||||
self.logger.fail(f"{username}:{process_secret(password)} (Response:{e})")
|
||||
self.conn.close()
|
||||
return False
|
||||
|
||||
# 230 is "User logged in, proceed" response, ftplib raises an exception on failed login
|
||||
if "230" in resp:
|
||||
self.logger.debug(f"Host: {self.host} Port: {self.args.port}")
|
||||
self.db.add_host(self.host, self.args.port, self.remote_version)
|
||||
|
||||
cred_id = self.db.add_credential(username, password)
|
||||
|
||||
host_id = self.db.get_hosts(self.host)[0].id
|
||||
self.db.add_loggedin_relation(cred_id, host_id)
|
||||
|
||||
if username in ["anonymous", ""] and password in ["", "-"]:
|
||||
self.logger.success(f"{username}:{process_secret(password)} {highlight('- Anonymous Login!')}")
|
||||
else:
|
||||
self.logger.success(f"{username}:{process_secret(password)}")
|
||||
|
||||
if self.args.ls:
|
||||
files = self.list_directory_full()
|
||||
self.logger.display(f"Directory Listing")
|
||||
for file in files:
|
||||
self.logger.highlight(file)
|
||||
|
||||
if not self.args.continue_on_success:
|
||||
self.conn.close()
|
||||
return True
|
||||
self.conn.close()
|
||||
|
||||
|
||||
def list_directory_full(self):
|
||||
# in the future we can use mlsd/nlst if we want, but this gives a full output like `ls -la`
|
||||
# ftplib's "dir" prints directly to stdout, and "nlst" only returns the folder name, not full details
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEAnuIkESRCbCj5qfJMjt2ZSdZhyyj3H0LjIjVt3+CNJXZessK+eM6Y
|
||||
j2YAqH/r1UJ8nbqtZ5r26BCjf3qVCZg+o65D33QxttoZF/1nv+WysgutgWw4a2fHamXKKf
|
||||
ELvkgaVsXcF/nKrDvlE/6puw/Us2OjmH85E1/jkFXBwW1VFnKYSU23Gz8Cdh2dRRhi1tBY
|
||||
fE5774ddZBQe7EGGAxhoChowXF06hn+if2Nz99bvh0Vcc/Evp3ptTsfww6F7Ywju2ffGIU
|
||||
A3LYnc4//dq9drTwxyMNt2+DEgmDkf0yomKHMAkvp2DKuXI1Eolja2qvsi9kSyCDCmhk9W
|
||||
o2nPkMjpb2l6u2dJDxdlW61Tpt6yBMPwGHzgCIdPAbHp4ZIaAYpVrZpMuFaVEZC4eG4L1f
|
||||
/dUSndOBNbGDbMrXGf9MFyQB3NESmax5f0I4yWdCx/gjIov/D3W5lvSIkiF1d56pRj/d9W
|
||||
3pAaGnGR22CH7V09cBpkVU9pT0OwtxNhpuNyqcvDAAAFkN/MgM7fzIDOAAAAB3NzaC1yc2
|
||||
EAAAGBAJ7iJBEkQmwo+anyTI7dmUnWYcso9x9C4yI1bd/gjSV2XrLCvnjOmI9mAKh/69VC
|
||||
fJ26rWea9ugQo396lQmYPqOuQ990MbbaGRf9Z7/lsrILrYFsOGtnx2plyinxC75IGlbF3B
|
||||
f5yqw75RP+qbsP1LNjo5h/ORNf45BVwcFtVRZymElNtxs/AnYdnUUYYtbQWHxOe++HXWQU
|
||||
HuxBhgMYaAoaMFxdOoZ/on9jc/fW74dFXHPxL6d6bU7H8MOhe2MI7tn3xiFANy2J3OP/3a
|
||||
vXa08McjDbdvgxIJg5H9MqJihzAJL6dgyrlyNRKJY2tqr7IvZEsggwpoZPVqNpz5DI6W9p
|
||||
ertnSQ8XZVutU6besgTD8Bh84AiHTwGx6eGSGgGKVa2aTLhWlRGQuHhuC9X/3VEp3TgTWx
|
||||
g2zK1xn/TBckAdzREpmseX9COMlnQsf4IyKL/w91uZb0iJIhdXeeqUY/3fVt6QGhpxkdtg
|
||||
h+1dPXAaZFVPaU9DsLcTYabjcqnLwwAAAAMBAAEAAAGADfsqX1PIgIoOhjTrJbs8TPIPgv
|
||||
gk3txc7lqzQ3sYEI7dAHAAoNLVO/Em56zyDL8gBiUyMybAyWUFbidUTBbYlEC2ekhYQ5Xn
|
||||
lWPYKFvHIMHET9o9EL5+Hs+8PXqXpPPlVXNtzbJOcl+G5f6H4w0ek3aWI8o2NI1Akifpt+
|
||||
KuFR6aZgDvtvcReWFbwIPH1s1Yq/+gClDoF/FpUzLk3wrbxN/PF6Ggj8tVek4/GzUPuOCS
|
||||
pSU5I0yzp7YSarSgDfPwJSHrdlzOnJYrhiDaNnEsTk8kGrDmtNrHJ/HmQMYYkjhdoh+qW2
|
||||
0uQM6+t4CGBqfXsFz4PTqtUqnKfX91VbTCQAqMEw1jBrnQlAkBpi1Iu6x0NAOyZsd/xvrB
|
||||
YdN5rozDfxmq/MtaiW+mgxPlEv5luabLCPpzzESL1OR3iWLFzVKqrNyuHaRQB/u3Wpp39k
|
||||
rC6e7rE99mblMx1XFkr9/ml58W5yj5gqna78aNdnQ5+yx2UvCPLMyUL6VZMKbcG9rRAAAA
|
||||
wGnwGYZ0gqiqycWaWYcEkyI0jR+9tOfoP5HQD1jnvnc1tnmZQ4Fb/iwROEWMoINi5eIbO8
|
||||
V4zZhLhUkqo0I2M8mws34ZoHrxkK6YZVkzOoUlxkMwOygRZHyylu1Axv24gaRVjjtIZUSO
|
||||
dpEGkyHVgNVxcOKAfVttUF6Zl4AvH1CcRqOXS2x5CR/UKfG/FJpGDJ0kGvazYfWmyDTijZ
|
||||
mWAbNsCs4XlYi8JC5xy0rGwNDZofE3XDYCP2Pd8ug38dRolwAAAMEAuYpswcqVuoCD5KYl
|
||||
U4Nt2cPqNhjVYZqiL5n+XyJz6nIB5yGyaK4BEcqBXBoxBvuFml65J2PQBYv/k8OR6BrLJ9
|
||||
46gEZ/wy84E0NhxZvTHZ5GISreas0uj9Y7D2MYeam67Pr0PfhsVH0pnFG2SNC7ptXV9DCx
|
||||
mqnA+MD29cz/9wytBoCILU16sY7Dpk9ZdGEVHDPiVYIc3yrE2ZERZ6h1Do54m3+nMKOpNm
|
||||
aYUsUDW8AAj7TR39RA5hPvj2Xl8Am5AAAAwQDbOC/xq3o8LfcDrxy+RqPEltyvHl5kUPpQ
|
||||
mpgUQ6cKsPcaaQMSDh0a2RuE5hNqeWgrhyCZSnBBrdkoJ7xA2Lwvcut2gIh7O/j/XZLrps
|
||||
w3ZZd6lmTDa0O2xd8A2CfWsfKyMDAbRKoOs8QB3nJ0ZK3N0U/xTCTR1U8dklKHnpY8y1fn
|
||||
4wwyOHdj4vPFqNTf1yYp+6C631T/mkjLGrM1byGETfWlCh2cXv6iVecJRiEonq9DJTfNYG
|
||||
OZWlH/Vvwoj1sAAAAYbWFyc2hhbGxAdWJ1bnR1MjJkZXNrdG9wAQID
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Passw0rd!
|
||||
None
|
||||
ftp
|
||||
guest
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
Administrator
|
||||
Anonymous
|
||||
ftp
|
||||
guest
|
||||
|
|
@ -133,6 +133,10 @@ crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M zerologon --opt
|
|||
##### SMB Anonymous Auth
|
||||
crackmapexec smb TARGET_HOST -u '' -p '' -M zerologon
|
||||
crackmapexec smb TARGET_HOST -u '' -p '' -M petitpotam
|
||||
##### SMB Auth File
|
||||
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
|
||||
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
|
||||
crackmapexec smb TARGET_HOST -u data/test_users.txt -p test_passwords.txt
|
||||
##### LDAP
|
||||
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --users
|
||||
crackmapexec ldap TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --groups
|
||||
|
|
@ -191,10 +195,16 @@ crackmapexec smb TARGET_HOST -u USERNAME -p PASSWORD KERBEROS -M rdp -o ACTION=e
|
|||
##### RDP
|
||||
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS # need an extra space after this command due to regex
|
||||
crackmapexec rdp TARGET_HOST -u USERNAME -p PASSWORD KERBEROS --nla-screenshot
|
||||
##### SSH - Uncomment these lines to test SSH; requires the private key "test_key" in the local directory
|
||||
##### SSH - Default test passwords and random key; switch these out if you want correct authentication
|
||||
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD
|
||||
#crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD --key-file test_key
|
||||
#crackmapexec ssh TARGET_HOST -u USERNAME --key-file test_key
|
||||
##### FTP
|
||||
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
|
||||
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
|
||||
crackmapexec ssh TARGET_HOST -u data/test_users.txt -p test_passwords.txt
|
||||
crackmapexec ssh TARGET_HOST -u USERNAME -p PASSWORD --key-file data/test_key.priv
|
||||
crackmapexec ssh TARGET_HOST -u USERNAME -p '' --key-file data/test_key.priv
|
||||
##### FTP- Default test passwords and random key; switch these out if you want correct authentication
|
||||
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD
|
||||
#crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD --ls
|
||||
crackmapexec ftp TARGET_HOST -u USERNAME -p PASSWORD --ls
|
||||
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce
|
||||
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt --no-bruteforce --continue-on-success
|
||||
crackmapexec ftp TARGET_HOST -u data/test_users.txt -p test_passwords.txt
|
||||
Loading…
Reference in New Issue