patches an issue where the target refuses the connection (issue #97), also creates a way to run against the IP addresses of the hostname instead

This commit is contained in:
ekultek 2017-10-14 07:47:50 -05:00
parent 37f1669596
commit 21398eaf8a
3 changed files with 39 additions and 5 deletions

View file

@ -1,4 +1,5 @@
import json
import socket
import re
import requests
@ -8,6 +9,7 @@ from lib.core.settings import (
proxy_string_to_dict,
logger, set_color,
DEFAULT_USER_AGENT,
replace_http
)
from var.auto_issue.github import request_issue_creation
@ -17,7 +19,7 @@ def __get_auth_headers(target, port=16992, source=None, agent=None, proxy=None):
logger.info(set_color(
"header value not established, attempting to get bypass..."
))
source = requests.get("http://{0}:{1}/index.htm".format(target, port), headers={
source = requests.get("http://{0}:{1}/index.htm".format(target, port), timeout=10, headers={
'connection': 'close', 'user-agent': agent
}, proxies=proxy)
return source
@ -91,9 +93,29 @@ def __get_hardware(target, agent=None, proxy=None):
return json.dumps(data)
def main_intel_amt(url, agent=None, proxy=None):
def main_intel_amt(url, agent=None, proxy=None, **kwargs):
do_ip_address = kwargs.get("do_ip", False)
proxy = proxy_string_to_dict(proxy) or None
agent = agent or DEFAULT_USER_AGENT
if do_ip_address:
logger.warning(set_color(
"running against IP addresses may result in the targets refusing the connection...", level=30
))
logger.info(set_color(
"will run against IP address instead of hostname..."
))
try:
url = replace_http(url)
url = socket.gethostbyname(url)
logger.info(set_color(
"discovered IP address {}...".format(url)
))
except Exception as e:
logger.error(set_color(
"failed to gather IP address from hostname '{}', received an error '{}'. "
"will just run against hostname...".format(url, e), level=40
))
url = url
logger.info(set_color(
"attempting to connect to '{}' and get hardware info...".format(url)
))
@ -111,6 +133,17 @@ def main_intel_amt(url, agent=None, proxy=None):
for item in json_data[key]:
print(" - {}: {}".format(item.capitalize(), json_data[key][item]))
print("-" * 40)
except requests.exceptions.ConnectionError as e:
if "Max retries exceeded with url" in str(e):
logger.error(set_color(
"failed connection, target machine is actively refusing the connection, skipping...", level=40
))
pass
else:
logger.error(set_color(
"failed connection with '{}', skipping...", level=40
))
pass
except Exception as e:
if "Temporary failure in name resolution" in str(e):
logger.error(set_color(

View file

@ -22,7 +22,7 @@ except NameError:
# clone link
CLONE = "https://github.com/ekultek/zeus-scanner.git"
# current version <major.minor.commit.patch ID>
VERSION = "1.0.46"
VERSION = "1.0.47.dcf0"
# colors to output depending on the version
VERSION_TYPE_COLORS = {"dev": 33, "stable": 92, "other": 30}
# version string formatting

View file

@ -100,6 +100,8 @@ if __name__ == "__main__":
help="Show all connections made during the admin panel search")
attacks.add_option("--tamper", dest="tamperXssPayloads", metavar="TAMPER-SCRIPT",
help="Send the XSS payloads through tampering before sending to the target")
attacks.add_option("--run-ip-address", dest="runAgainstIpAddress", action="store_true",
help="Run the Intel ME AMT exploit against the found host IP address instead of the hostname")
attacks.add_option("--thread", dest="threadPanels", action="store_true",
help=optparse.SUPPRESS_HELP)
attacks.add_option("--auto", dest="autoStartSqlmap", action="store_true",
@ -432,7 +434,7 @@ if __name__ == "__main__":
url = get_true_url(url)
return intel_me.main_intel_amt(
url, agent=agent_to_use,
proxy=proxy_to_use
proxy=proxy_to_use, do_ip=opt.runAgainstIpAddress
)
elif admin:
main(
@ -669,7 +671,6 @@ if __name__ == "__main__":
"it seems that your firefox version is not compatible with the geckodriver "
"version. please update firefox and try again...", level=50
))
shutdown()
else:
logger.info(set_color(
"kill off the open sessions of firefox and re-run Zeus..."