Archives
/
patator
mirror of https://github.com/lanjelot/patator
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix #192 #196

Browse Source
master
lanjelot 7 months ago
parent 97a694f17d
commit 85fc30104e
No known key found for this signature in database
GPG Key ID: 87DE33D13B2E287A
6 changed files with 136 additions and 92 deletions
Show Stats Download Patch File Download Diff File

70
Dockerfile
Unescape Escape View File

@ -1,25 +1,25 @@
FROM ubuntu:18.04
MAINTAINER Sebastien Macke <lanjelot@gmail.com>
FROM ubuntu:22.04
ENV DEBIAN_FRONTEND=noninteractive
# dependencies
RUN apt-get update \
&& apt-get install -y \
build-essential python3-setuptools \
libcurl4-openssl-dev python3-dev libssl-dev \
ldap-utils \
libmariadbclient-dev \
libpq-dev \
ike-scan unzip default-jdk \
libsqlite3-dev libsqlcipher-dev \
python3-pip python-pip \
&& rm -rf /var/lib/apt/lists/*
# cx_oracle
&& apt-get install -y --no-install-recommends \
build-essential python3-setuptools \
libcurl4-openssl-dev python3-dev libssl-dev \
ldap-utils \
libmysqlclient-dev \
libpq-dev \
ike-scan unzip default-jdk \
libsqlite3-dev \
libsqlcipher-dev \
python3-pip \
&& rm -rf /var/lib/apt/lists/*
## cx_oracle
RUN apt-get update \
&& apt-get install -y libaio1 wget unzip git \
&& rm -rf /var/lib/apt/lists/*
&& apt-get install -y --no-install-recommends libaio1 wget unzip git \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt/oracle
RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip \
@ -33,28 +33,38 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
&& echo /opt/oracle/instantclient_* > /etc/ld.so.conf.d/oracle-instantclient.conf \
&& ldconfig
RUN git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
&& cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
# xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
&& apt-get install -y libavutil-dev libavcodec-dev libavresample-dev \
&& rm -rf /var/lib/apt/lists/*
## xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
WORKDIR /opt/FreeRDP
RUN git clone https://github.com/FreeRDP/FreeRDP/ .
RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake --build . --target install
RUN apt-get update \
&& apt-get install -y --no-install-recommends ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev libsdl2-dev libcjson-dev libpkcs11-helper1-dev \
&& apt-get install -y --no-install-recommends libavutil-dev libavcodec-dev libswresample-dev \
&& rm -rf /var/lib/apt/lists/* \
&& git clone https://github.com/FreeRDP/FreeRDP/ . \
&& cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_CLIENT_SDL=OFF -DWITH_KRB5=OFF -DWITH_SWSCALE=OFF -DWITTH_SSE2=ON -DWITH_FUSE=OFF . \
&& cmake --build . \
&& cmake --build . --target install \
&& cmake --build . --target clean \
&& rm -rf /opt/FreeRDP
# patator
WORKDIR /opt/patator
COPY ./requirements.txt ./
RUN python3 -m pip install --upgrade pip \
&& python3 -m pip install -r requirements.txt
RUN sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin
# uncomment for python2
# RUN apt-get update \
# && apt-get install -y --no-install-recommends python-pip ipython \
# && rm -rf /var/lib/apt/lists/* \
# && sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin \
# && git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
# && cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
# utils
RUN apt-get update && apt-get install -y ipython3 ipython iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
&& rm -rf /var/lib/apt/lists/*
RUN echo 'set bg=dark' > /root/.vimrc
RUN apt-get update \
&& apt-get install -y --no-install-recommends ipython3 iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'set bg=dark' > /root/.vimrc
COPY ./patator.py ./
ENTRYPOINT ["python3", "./patator.py"]

31
patator.py
Unescape Escape View File

@ -2754,6 +2754,7 @@ class SMTP_Base(TCP_Cache):
resp = fp.helo(name)
if not starttls == '0':
fp._host = host
resp = fp.starttls()
return TCP_Connection(fp, resp)
@ -3569,7 +3570,11 @@ class MySQL_query(TCP_Cache):
Response = Response_Base
def connect(self, host, port, user, password):
fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password) # db=db
if PY3:
fp = _mysql.connect(host=host, port=int(port), user=user, password=password) # db=db
else:
fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password)
return TCP_Connection(fp)
def execute(self, host, port='3306', user='', password='', query='select @@version'):
@ -4231,20 +4236,22 @@ class RDP_login:
def execute(self, host, port='3389', user=None, password=None):
cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla', '/log-level:error']
cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/tls:seclevel:0', '+auth-only', '/sec:nla', '/log-level:error']
with Timing() as timing:
p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = map(B, p.communicate())
code = p.returncode
mesg = []
m = re.search(' Authentication only, exit status (\d+)', err)
if m:
mesg.append(('exit', m.group(1)))
m = re.search(' (ERR.+?) ', err)
if m:
err = m.group(1)
elif 'Authentication only, exit status 0' in err:
err = 'OK'
mesg.append(('err', m.group(1)))
mesg = (out + err).strip()
mesg = ', '.join([f'{k}: {v}' for k, v in mesg])
trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
return self.Response(code, mesg, timing, trace)
@ -4690,8 +4697,10 @@ class DNS_reverse:
with Timing() as timing:
response = dns_query(server, int(timeout), protocol, dns.reversename.from_address(host), qtype='PTR', qclass='IN')
code = response.rcode()
status = dns.rcode.to_text(code)
rcode = response.rcode()
code = int(rcode)
status = dns.rcode.to_text(rcode)
rrs = [[host, c, t, d] for _, _, c, t, d in [rr.to_text().split(' ', 4) for rr in response.answer]]
mesg = '%s %s' % (status, ''.join('[%s]' % ' '.join(rr) for rr in rrs))
@ -4732,8 +4741,10 @@ class DNS_forward:
with Timing() as timing:
response = dns_query(server, int(timeout), protocol, name, qtype=qtype, qclass=qclass)
code = response.rcode()
status = dns.rcode.to_text(code)
rcode = response.rcode()
code = int(rcode)
status = dns.rcode.to_text(rcode)
rrs = [[n, c, t, d] for n, _, c, t, d in [rr.to_text().split(' ', 4) for rr in response.answer + response.additional + response.authority]]
mesg = '%s %s' % (status, ''.join('[%s]' % ' '.join(rr) for rr in rrs))

2
release.sh
Unescape Escape View File

@ -10,7 +10,7 @@ git clone -b master $GIT_REPO $TMP_COPY
cd $TMP_COPY
VERSION=$(echo `git tag|sort -V|tail -1`-`git rev-parse --verify HEAD|cut -b -7`)
sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," patator.py
docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest
docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest
docker login
docker push $DOCKER_IMAGE

4
requirements.txt
Unescape Escape View File

@ -9,6 +9,6 @@ psycopg2-binary
pycryptodomex
dnspython
IPy
pysnmp
pyasn1
pysnmp==4.4.12
pyasn1==0.4.8
pysqlcipher3

19
run-tests.sh
Unescape Escape View File

@ -1,28 +1,25 @@
#!/bin/bash
if ! type docker-compose &>/dev/null; then
echo 'docker-compose is required'
if ! docker compose version &>/dev/null; then
echo 'docker compose is required'
exit 1
fi
docker compose up -d --build
case "$1" in
python2|python3)
PYTHON=$1
;;
*)
docker-compose up -d --build
$0 python3
$0 python2
exit 0
PYTHON='python3'
;;
esac
UNIX='unix'
ORACLE='oracle'
MSSQL='mssql'
WIN10='' # vagrant add senglin/win-7-enterprise
WIN10='' # 192.168.1.5 # vagrant add senglin/win-7-enterprise
VPN='' #
LOGS='-l ./asdf -y --hits ./hits.txt'
@ -31,7 +28,7 @@ run()
{
echo
echo "$ $@"
docker-compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
docker compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
}
echo
@ -70,7 +67,7 @@ if [[ ! -z $WIN10 ]]; then
run dcom_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
xhost +si:localuser:root
run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
xhost -si:localuser:root
fi

102
testing/unix/Dockerfile
Unescape Escape View File

@ -1,21 +1,41 @@
FROM ubuntu:18.04
FROM ubuntu:22.04
MAINTAINER Sebastien Macke <lanjelot@gmail.com>
ENV DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN { for i in {3..5}; do useradd -m -s /bin/bash user$i; echo -e "Password$i\nPassword$i" | passwd user$i; done; } \
&& useradd -m user9 && echo -e 'p\x1fssw\x09rd\np\x1fssw\x09rd' | passwd user9
ENV DEBIAN_FRONTEND=noninteractive
# utils
RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
&& apt-get update \
&& apt-get install -y --no-install-recommends man manpages-posix iproute2 mlocate lsof sudo vim less telnet finger rsh-client smbclient \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'set bg=dark' > /root/.vimrc \
&& usermod -aG sudo user3
RUN apt-get update && apt-get install -y vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat
# services
RUN apt-get update \
&& apt-get install -y --no-install-recommends vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat \
&& rm -rf /var/lib/apt/lists/* \
&& echo 'background=YES' >> /etc/vsftpd.conf \
&& sed -i -e 's,start-stop-daemon --start --background,start-stop-daemon --start,' /etc/init.d/vsftpd
RUN { echo "postfix postfix/mailname string ubuntu-bionic"; \
RUN { echo "postfix postfix/mailname string ubuntu-blah"; \
echo "postfix postfix/main_mailer_type string 'Internet Site'"; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y postfix mail-stack-delivery \
&& postconf -e 'smtpd_sasl_exceptions_networks='
&& apt-get update && apt-get install -y --no-install-recommends postfix dovecot-pop3d dovecot-imapd \
&& rm -rf /var/lib/apt/lists/* \
&& postconf 'smtpd_sasl_exceptions_networks=' 'smtpd_sasl_auth_enable=yes' 'smtpd_sasl_type=dovecot' 'smtpd_sasl_path=private/dovecot-auth' \
&& echo -e 'auth_mechanisms = plain login\n\
service auth {\n\
unix_listener /var/spool/postfix/private/dovecot-auth {\n\
mode = 0660\n\
user = postfix\n\
group = postfix\n\
}\n\
}\n' > /etc/dovecot/conf.d/99-blah.conf
RUN echo 'ServerName localhost' >> /etc/apache2/apache2.conf \
&& mkdir /var/www/html/{wp,pma,bak} && echo secret > /var/www/html/key
@ -29,36 +49,40 @@ RUN LDAPPW=Password1; \
echo slapd slapd/domain string example.com; \
echo slapd shared/organization string example.com; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y slapd ldap-utils
&& apt-get update && apt-get install -y --no-install-recommends slapd ldap-utils \
&& rm -rf /var/lib/apt/lists/*
RUN MYSRP=Password1; \
{ echo "mysql-server mysql-server/root_password password $MYSRP"; \
echo "mysql-server mysql-server/root_password_again password $MYSRP"; \
} | debconf-set-selections \
&& apt-get update && apt-get install -y mysql-server \
&& apt-get update && apt-get install -y --no-install-recommends mysql-server \
&& rm -rf /var/lib/apt/lists/* \
&& sed -i "s/bind-address.*/bind-address = 0.0.0.0/" /etc/mysql/mysql.conf.d/mysqld.cnf \
&& echo secure_file_priv= >> /etc/mysql/mysql.conf.d/mysqld.cnf \
&& Q1="GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '$MYSRP' WITH GRANT OPTION;" \
&& Q2="FLUSH PRIVILEGES;" \
&& SQL="${Q1}${Q2}" \
&& rm -f /etc/apparmor.d/usr.sbin.mysqld \
&& service mysql start \
&& Q1="CREATE USER 'root'@'%' identified by 'Password1';" \
&& Q2="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';" \
&& Q3="FLUSH PRIVILEGES;" \
&& SQL="${Q1}${Q2}${Q3}" \
&& mysql -uroot -p"$MYSRP" -e "$SQL"
RUN PGPW=Password1 \
&& apt-get update && apt-get install -y postgresql \
&& sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/10/main/pg_hba.conf \
&& sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/10/main/postgresql.conf \
&& apt-get update && apt-get install -y --no-install-recommends postgresql \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/14/main/pg_hba.conf \
&& sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/14/main/postgresql.conf \
&& service postgresql start \
&& su - postgres -c "psql -c \"ALTER USER postgres WITH PASSWORD '$PGPW';\" -c '\\q'" \
&& su - postgres -c "PGPASSWORD='$PGPW' psql -d postgres -w --no-password -h localhost -p 5432 -t -c 'SELECT version()'"
RUN apt-get update && apt-get install -y tomcat9 tomcat9-admin \
&& TOMCATPW=Password1 \
RUN apt-get update && apt-get install -y --no-install-recommends tomcat9 tomcat9-admin \
&& rm -rf /var/lib/apt/lists/* \
&& echo '<?xml version="1.0" encoding="UTF-8"?><tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"><user username="tomcat" password="Password1" roles="manager-gui"/></tomcat-users>' > /etc/tomcat9/tomcat-users.xml \
&& sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />,' /etc/tomcat9/server.xml \
&& sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector protocol="AJP/1.3" address="0.0.0.0" port="8009" redirectPort="8443" secretRequired="false"/>,' /etc/tomcat9/server.xml \
&& sed -ie 's,catalina.realm.LockOutRealm",catalina.realm.LockOutRealm" lockOutTime="0",' /etc/tomcat9/server.xml \
&& echo -e "#!/bin/bash\n\
&& echo -e "#!/bin/sh\n\
export CATALINA_HOME=/usr/share/tomcat9\n\
export CATALINA_BASE=/var/lib/tomcat9\n\
export CATALINA_TMPDIR=/tmp\n\
@ -67,37 +91,39 @@ export JAVA_OPTS=-Djava.awt.headless=true\n\
/usr/libexec/tomcat9/tomcat-update-policy.sh\n\
/usr/libexec/tomcat9/tomcat-start.sh &\n" > /usr/local/sbin/start-tomcat.sh
RUN apt-get update && apt-get install -y dovecot-imapd dovecot-pop3d poppassd \
RUN apt-get update && apt-get install -y --no-install-recommends dovecot-imapd dovecot-pop3d poppassd \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,^#login_trusted_networks = *$,login_trusted_networks = 0.0.0.0/0,' /etc/dovecot/dovecot.conf
RUN apt-get update && apt-get install -y p7zip-full \
RUN apt-get update && apt-get install -y --no-install-recommends p7zip-full \
&& rm -rf /var/lib/apt/lists/* \
&& 7za a -pPassword1 /root/enc.zip /etc/passwd
RUN apt-get update && apt-get install -y openjdk-11-jre-headless \
&& keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f"
RUN apt-get update && apt-get install -y --no-install-recommends openjdk-18-jre-headless \
&& rm -rf /var/lib/apt/lists/* \
&& keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f" -keyalg RSA
RUN apt-get update && apt-get install -y sqlcipher \
RUN apt-get update && apt-get install -y --no-install-recommends sqlcipher \
&& rm -rf /var/lib/apt/lists/* \
&& sqlcipher /root/enc.db "PRAGMA key = 'Password1';create table a(id int);"
RUN echo -e 'user1:kW+7AlKMnSZQIRluNxwJOMiohAw=\nuser2:oBk37hmkFgZdZ247+g6c0Ay6Vw8=\nuser3:kW+7AlKMnSZQIRluNxwJOMiohAw=' > /root/umbraco_users.pw
RUN apt-get update && apt-get install -y tightvncserver \
RUN apt-get update && apt-get install -y --no-install-recommends tightvncserver xfonts-base \
&& rm -rf /var/lib/apt/lists/* \
&& useradd -m vncuser && mkdir ~vncuser/.vnc && echo Password | vncpasswd -f > ~vncuser/.vnc/passwd \
&& chmod 400 ~vncuser/.vnc/passwd && chown -R vncuser:vncuser ~vncuser/.vnc
# utils
RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
&& apt-get update && apt-get install -y man manpages-posix iproute2 mlocate lsof sudo vim less \
telnet finger rsh-client smbclient \
&& echo 'set bg=dark' > /root/.vimrc \
&& usermod -aG sudo user3
RUN apt-get update && apt-get install -y samba \
RUN apt-get update \
&& apt-get install -y --no-install-recommends samba \
&& rm -rf /var/lib/apt/lists/* \
&& { for i in {3..5}; do echo -e "Password$i\nPassword$i" | smbpasswd -a "user$i"; done; } \
&& sed -ie 's,map to guest =,#map to guest =,' /etc/samba/smb.conf
RUN apt-get update && apt-get install -y snmpd snmp \
&& sed -ie 's,agentAddress udp:127.0.0.1:161,agentAddress udp:161,' /etc/snmp/snmpd.conf \
RUN apt-get update \
&& apt-get install -y --no-install-recommends snmpd snmp \
&& rm -rf /var/lib/apt/lists/* \
&& sed -ie 's,^agentaddress .*$,agentaddress udp:161,' /etc/snmp/snmpd.conf \
&& echo 'createUser user3 SHA authPass AES privPass' >> /var/lib/snmp/snmpd.conf \
&& echo 'rouser user3 priv .1' >> /etc/snmp/snmpd.conf
@ -108,10 +134,10 @@ service ssh start\n\
service postfix start\n\
service dovecot start\n\
service apache2 start\n\
service slapd start\n\
ulimit -n 1024; service slapd start\n\
service mysql start\n\
service postgresql start\n\
bash /usr/local/sbin/start-tomcat.sh\n\
sh /usr/local/sbin/start-tomcat.sh\n\
socat tcp-l:106,fork,reuseaddr exec:/usr/sbin/poppassd &\n\
socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
@ -120,4 +146,4 @@ service smbd start\n\
service snmpd start\n\
tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
CMD ["bash", "/usr/local/sbin/start-all-services.sh"]
CMD ["sh", "/usr/local/sbin/start-all-services.sh"]
Write Preview
Loading…
Cancel
Save