Add VNC scan + screenshot
mpgn
parent
561c248d6e
commit
7fef784481
|
|
@ -0,0 +1,111 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
import logging
|
||||
import asyncio
|
||||
from cme.connection import *
|
||||
from cme.helpers.logger import highlight
|
||||
from cme.logger import CMEAdapter
|
||||
|
||||
from aardwolf import logger
|
||||
from aardwolf.commons.factory import RDPConnectionFactory
|
||||
from aardwolf.commons.iosettings import RDPIOSettings
|
||||
|
||||
logger.setLevel(logging.CRITICAL)
|
||||
|
||||
class vnc(connection):
|
||||
|
||||
def __init__(self, args, db, host):
|
||||
self.iosettings = RDPIOSettings()
|
||||
self.iosettings.channels = []
|
||||
self.iosettings.video_out_format = VIDEO_FORMAT.RAW
|
||||
self.iosettings.clipboard_use_pyperclip = False
|
||||
self.url = None
|
||||
connection.__init__(self, args, db, host)
|
||||
|
||||
@staticmethod
|
||||
def proto_args(parser, std_parser, module_parser):
|
||||
vnc_parser = parser.add_parser('vnc', help="own stuff using VPN", parents=[std_parser, module_parser])
|
||||
vnc_parser.add_argument("--no-bruteforce", action='store_true', help='No spray when using file for username and password (user1 => password1, user2 => password2')
|
||||
vnc_parser.add_argument("--continue-on-success", action='store_true', help="continues authentication attempts even after successes")
|
||||
vnc_parser.add_argument("--port", type=int, default=5900, help="Custom VNC port")
|
||||
vnc_parser.add_argument("--vnc-sleep", type=int, default=5, help="VNC Sleep on socket connection to avoid rate limit")
|
||||
|
||||
egroup = vnc_parser.add_argument_group("Screenshot", "VNC Server")
|
||||
egroup.add_argument("--screenshot", action="store_true", help="Screenshot VNC if connection success")
|
||||
egroup.add_argument('--screentime', type=int, default=5, help='Time to wait for desktop image')
|
||||
|
||||
return parser
|
||||
|
||||
def proto_flow(self):
|
||||
if self.create_conn_obj():
|
||||
self.proto_logger()
|
||||
self.print_host_info()
|
||||
if self.login():
|
||||
if hasattr(self.args, 'module') and self.args.module:
|
||||
self.call_modules()
|
||||
else:
|
||||
self.call_cmd_args()
|
||||
|
||||
def proto_logger(self):
|
||||
self.logger = CMEAdapter(extra={'protocol': 'VNC',
|
||||
'host': self.host,
|
||||
'port': self.args.port,
|
||||
'hostname': self.hostname})
|
||||
|
||||
def print_host_info(self):
|
||||
self.logger.info(u"VNC connecting to {}".format(self.hostname))
|
||||
|
||||
def create_conn_obj(self):
|
||||
try:
|
||||
self.url = 'vnc+plain://@' + self.host + ':' + str(self.args.port)
|
||||
asyncio.run(self.connect_vnc(self.url, True))
|
||||
except Exception as e:
|
||||
if "Server supports:" not in str(e):
|
||||
return False
|
||||
return True
|
||||
|
||||
async def connect_vnc(self, url, discover=False):
|
||||
connectionfactory = RDPConnectionFactory.from_url(url, self.iosettings)
|
||||
self.conn = connectionfactory.create_connection_newtarget(self.host, self.iosettings)
|
||||
_, err = await self.conn.connect()
|
||||
if err is not None:
|
||||
if not discover:
|
||||
await asyncio.sleep(self.args.vnc_sleep)
|
||||
raise err
|
||||
|
||||
return True
|
||||
|
||||
def plaintext_login(self, username, password):
|
||||
try:
|
||||
if ":" in password:
|
||||
password = ":" + password
|
||||
self.url = 'vnc+plain-password://' + password + '@' + self.host + ':' + str(self.args.port)
|
||||
self.logger.debug(self.url)
|
||||
asyncio.run(self.connect_vnc(self.url))
|
||||
self.admin_privs = True
|
||||
self.logger.success(u'{} {}'.format(password,
|
||||
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')))
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
|
||||
except Exception as e:
|
||||
if "Server supports: 1" in str(e):
|
||||
self.logger.success(u'{} {}'.format("No password seems to be accepted by the server",
|
||||
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')))
|
||||
else:
|
||||
self.logger.error(u'{} {}'.format(password,
|
||||
"Authentication failed"))
|
||||
return False
|
||||
|
||||
async def screen(self):
|
||||
await self.connect_vnc(self.url)
|
||||
await asyncio.sleep(int(self.args.screentime))
|
||||
if self.conn is not None and self.conn.desktop_buffer_has_data is True:
|
||||
buffer = self.conn.get_desktop_buffer(VIDEO_FORMAT.PIL)
|
||||
filename = os.path.expanduser('~/.cme/screenshots/{}_{}_{}.png'.format(self.hostname, self.host, datetime.now().strftime("%Y-%m-%d_%H%M%S")))
|
||||
buffer.save(filename,'png')
|
||||
self.logger.highlight("Screenshot saved {}".format(filename))
|
||||
|
||||
def screenshot(self):
|
||||
asyncio.run(self.screen())
|
||||
|
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
class database:
|
||||
|
||||
def __init__(self, conn):
|
||||
self.conn = conn
|
||||
|
||||
@staticmethod
|
||||
def db_schema(db_conn):
|
||||
db_conn.execute('''CREATE TABLE "credentials" (
|
||||
"id" integer PRIMARY KEY,
|
||||
"username" text,
|
||||
"password" text,
|
||||
"pkey" text
|
||||
)''')
|
||||
|
||||
db_conn.execute('''CREATE TABLE "hosts" (
|
||||
"id" integer PRIMARY KEY,
|
||||
"ip" text,
|
||||
"hostname" text,
|
||||
"port" integer,
|
||||
"server_banner" text
|
||||
)''')
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
#!/usr/bin/env python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
from cme.cmedb import DatabaseNavigator
|
||||
|
||||
|
||||
class navigator(DatabaseNavigator):
|
||||
pass
|
||||
Loading…
Reference in New Issue