Skip to content

Commit

Permalink
Viproy 2.6
Browse files Browse the repository at this point in the history
  • Loading branch information
@fozavci
fozavci committed Feb 11, 2015
1 parent 2b2a462 commit d1bbc4c
Show file tree
Hide file tree
Showing 6 changed files with 261 additions and 193 deletions.
60 changes: 52 additions & 8 deletions lib/msf/core/auxiliary/sip.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ module Msf
module Auxiliary::SIP
attr_accessor :listen_addr, :listen_port, :context, :logfile, :customheaders
attr_accessor :sock, :thread, :dest_addr, :dest_port, :proto, :vendor, :macaddress
attr_accessor :prxclient_port, :prxclient_ip, :client_port, :client_ip
attr_accessor :prxclient_port, :prxclient_ip, :client_port, :client_ip, :expire
attr_accessor :prxserver_port, :prxserver_ip, :server_port, :server_ip

include Msf::Auxiliary::Report
Expand All @@ -27,6 +27,7 @@ def sipsocket_start(sockinfo)
self.dest_addr = sockinfo["dest_addr"]
self.dest_port = sockinfo["dest_port"].to_i || 5060
self.proto = sockinfo["proto"].downcase
self.expire = 3600
if vendor
self.vendor = sockinfo["vendor"].downcase
else
Expand Down Expand Up @@ -114,7 +115,7 @@ def sipsocket_stop
#
def printresults(results,context={})

return if results["rdata"] == nil
return if results.nil? or results["rdata"].nil?
status = results["status"]
rdata = results["rdata"]
rdebug = results["rdebug"]
Expand All @@ -128,6 +129,7 @@ def printresults(results,context={})
report << "\tWarning \t: #{rdata['warning']}\n" if rdata['warning']
report << "\tUser-Agent \t: #{rdata['agent']}\n" if rdata['agent']
report << "\tRealm \t\t: #{rdata['digest']['realm']}\n" if rdata['digest']
report << "\tContact\t\t: #{rdata['contact']}\n" if rdata['resp_msg'].split(" ")[1] == "301"

printdebug(results) if datastore["DEBUG"] == true

Expand Down Expand Up @@ -217,6 +219,8 @@ def convert_error(err)
return "User is Busy"
when :succeed
return "Request Succeed"
when :moved
return "Moved Permanently"
when :not_found
return "Not Found"
when :failed
Expand All @@ -243,6 +247,7 @@ def convert_error(err)
#
def send_register(req_options={})
login = req_options["login"] || false
self.expire = req_options["expire"] || 3600
results=generic_request("REGISTER",req_options)
if results["status"] == :received and results["rdata"] != nil
case results["rdata"]["resp"]
Expand All @@ -264,6 +269,8 @@ def send_register(req_options={})
end
when /^60/
results["status"]=:decline_error
when /^301/
results["status"]=:moved
else
results["status"]=:protocol_error
end
Expand Down Expand Up @@ -443,6 +450,8 @@ def parse_rescode(rdata)
result=:ringing
when "100"
result=:trying
when "301"
result=:moved
when /^404/
result=:not_found
when /^40/
Expand Down Expand Up @@ -525,10 +534,14 @@ def auth(method,req_options,results)
results["status"] = :succeed
when "/^48/"
results["status"] = :succeed
when "/^183/"
results["status"] = :trying
when "/^18/"
results["status"] = :succeed
when /^40/
results["status"] = :failed
when /^301/
results["status"] = :failed
else
results["status"] = :authorization_error
end
Expand Down Expand Up @@ -564,7 +577,7 @@ def recv_data
# Response Check
#
def resp_get(method,rdebug=[])
possible= /^18|^20|^40|^48|^60|^50/
possible= /^18|^20|^30|^40|^48|^60|^50/
rdata,rawdata=recv_data
rdebug << rdata

Expand Down Expand Up @@ -775,7 +788,7 @@ def create_req(req_type,req_options)
if self.vendor != 'mslync'
data << "Supported: 100rel,replaces\r\n" if req_type != "OPTIONS"
data << "Allow: PRACK, INVITE ,ACK, BYE, CANCEL, UPDATE, SUBSCRIBE,NOTIFY, REFER, MESSAGE, OPTIONS\r\n"
data << "Expires: 3600\r\n"
data << "Expires: #{self.expire}\r\n"
end
end

Expand Down Expand Up @@ -935,6 +948,39 @@ def getcustomheaders
end


# Parse the authentication
def parse_auth(data)
result={}
str=""
var = nil
quote = 0
data.each_char { |c|
quote += 1 if c == '"'
if c == "="
var = str
val = nil
str = ""
else
case quote
when 0
if c != ","
str << c
else
result[var]=str
var = nil
str = ""
end
when 1
str << c if c != '"'
when 2
quote = 0
end
end
}
return result
end


#
# Parse Response
#
Expand Down Expand Up @@ -982,17 +1028,15 @@ def parse_reply(pkt)
t=header.split(" ")[0]
type=t.downcase
data="#{header.strip.gsub("#{t} ","")}"
rdata[type] = {}
data.split(",").each { |d| rdata[type][d.split("=")[0].gsub(" ","")]=d.split("=")[1].gsub("\"",'')}
rdata[type] = parse_auth(data)
rdata[type]["authtype"]="www"
end
if(rawdata =~ /^Proxy-Authenticate:\s*(.*)$/i)
header=$1
t=header.split(" ")[0]
type=t.downcase
data="#{header.strip.gsub("#{t} ","")}"
rdata[type] = {}
data.split(",").each { |d| rdata[type][d.split("=")[0].gsub(" ","")]=d.split("=")[1].gsub("\"",'')}
rdata[type] = parse_auth(data)
rdata[type]["authtype"]="proxy"
end
if(rawdata =~ /^From:\s+(.*)$/)
Expand Down
4 changes: 2 additions & 2 deletions modules/auxiliary/voip/viproy_sip_invite.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ def initialize
OptString.new('USERAGENT', [ false, "SIP user agent" ]),
OptBool.new('DEBUG', [ false, "Debug Level", false]),
OptString.new('REALM', [ false, "The login realm to probe at each host", nil]),
OptString.new('LOGINMETHOD', [false, 'Login Method (REGISTER | MESSAGE)', "MESSAGE"]),
OptString.new('LOGINMETHOD', [false, 'Login Method (REGISTER | INVITE)', "INVITE"]),
OptBool.new('TOEQFROM', [true, 'Try the to field as the from field for all users', false]),
OptString.new('CUSTOMHEADER', [false, 'Custom Headers for Requests', nil]),
OptString.new('P-Asserted-Identity', [false, 'Proxy Identity Field. Sample: (IVR, 200@192.168.0.1)', nil]),
Expand Down Expand Up @@ -133,7 +133,7 @@ def run
datastore['DOS_COUNT'].times do
results = send_invite(
'login' => login,
'loginmethod' => datastore['LOGINMETHOD'],
'loginmethod' => datastore['LOGINMETHOD'].upcase,
'user' => user,
'password' => password,
'realm' => realm,
Expand Down
44 changes: 23 additions & 21 deletions modules/auxiliary/voip/viproy_sip_negotiate.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,12 @@ def initialize
OptString.new('TO', [ true, "The destination username to probe at each host", "100"]),
OptString.new('FROM', [ true, "The source username to probe at each host", "100"]),
OptString.new('PROTO', [ true, "Protocol for SIP service (UDP|TCP|TLS)", "UDP"]),
Opt::RPORT(5060),
OptString.new('RPORTS', [true, 'Port Range (5060-5065)', "5060"]),
], self.class)

register_advanced_options(
[
Opt::CHOST,
Opt::CPORT(5065),
OptString.new('USERAGENT', [ false, "SIP user agent" ]),
OptString.new('REALM', [ false, "The login realm to probe at each host", nil]),
OptString.new('MACADDRESS', [ false, "MAC Address for Vendor", "000000000000"]),
Expand All @@ -42,28 +41,31 @@ def initialize
end

def run_host(dest_addr)
sockinfo={}
# Protocol parameters
sockinfo["proto"] = datastore['PROTO'].downcase
sockinfo["vendor"] = datastore['VENDOR'].downcase
sockinfo["macaddress"] = datastore['MACADDRESS']
rports = Rex::Socket.portspec_crack(datastore['RPORTS'])
rports.each { |rport|
sockinfo={}
# Protocol parameters
sockinfo["proto"] = datastore['PROTO'].downcase
sockinfo["vendor"] = datastore['VENDOR'].downcase
sockinfo["macaddress"] = datastore['MACADDRESS']

# Socket parameters
sockinfo["listen_addr"] = datastore['CHOST']
sockinfo["listen_port"] = datastore['CPORT']
sockinfo["dest_addr"] =datastore['RHOST']
sockinfo["dest_port"] = datastore['RPORT']
# Socket parameters
sockinfo["listen_addr"] = datastore['CHOST']
sockinfo["listen_port"] = datastore['CPORT']
sockinfo["dest_addr"] = dest_addr
sockinfo["dest_port"] = rport

sipsocket_start(sockinfo)
sipsocket_connect
sipsocket_start(sockinfo)
sipsocket_connect

results = send_negotiate(
'realm' => datastore['REALM'],
'from' => datastore['FROM'],
'to' => datastore['TO']
)
results = send_negotiate(
'realm' => datastore['REALM'],
'from' => datastore['FROM'],
'to' => datastore['TO']
)

printresults(results)
sipsocket_stop
printresults(results)
sipsocket_stop
}
end
end
42 changes: 22 additions & 20 deletions modules/auxiliary/voip/viproy_sip_options.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,13 +26,12 @@ def initialize
OptString.new('TO', [ true, "The destination username to probe at each host", "100"]),
OptString.new('FROM', [ true, "The source username to probe at each host", "100"]),
OptString.new('PROTO', [ true, "Protocol for SIP service (UDP|TCP|TLS)", "UDP"]),
Opt::RPORT(5060),
OptString.new('RPORTS', [true, 'Port Range (5060-5065)', "5060"]),
], self.class)

register_advanced_options(
[
Opt::CHOST,
Opt::CPORT(5065),
OptString.new('USERAGENT', [ false, "SIP user agent" ]),
OptString.new('REALM', [ false, "The login realm to probe at each host", nil]),
OptString.new('MACADDRESS', [ false, "MAC Address for Vendor", "000000000000"]),
Expand All @@ -43,24 +42,27 @@ def initialize
end

def run_host(dest_addr)
sockinfo={}
sockinfo["listen_addr"] = datastore['CHOST']
sockinfo["listen_port"] = datastore['CPORT']
sockinfo["dest_addr"] = dest_addr
sockinfo["dest_port"] = datastore['RPORT']
sockinfo["proto"] = datastore['PROTO'].downcase
sockinfo["vendor"] = datastore['VENDOR'].downcase
sockinfo["macaddress"] = datastore['MACADDRESS']
rports = Rex::Socket.portspec_crack(datastore['RPORTS'])
rports.each { |rport|
sockinfo={}
sockinfo["listen_addr"] = datastore['CHOST']
sockinfo["listen_port"] = datastore['CPORT']
sockinfo["dest_addr"] = dest_addr
sockinfo["dest_port"] = rport
sockinfo["proto"] = datastore['PROTO'].downcase
sockinfo["vendor"] = datastore['VENDOR'].downcase
sockinfo["macaddress"] = datastore['MACADDRESS']

# sending options
sipsocket_start(sockinfo)
sipsocket_connect
results = send_options(
'realm' => datastore['REALM'],
'from' => datastore['FROM'],
'to' => datastore['TO']
)
printresults(results)
sipsocket_stop
# sending options
sipsocket_start(sockinfo)
sipsocket_connect
results = send_options(
'realm' => datastore['REALM'],
'from' => datastore['FROM'],
'to' => datastore['TO']
)
printresults(results)
sipsocket_stop
}
end
end

0 comments on commit d1bbc4c

Please sign in to comment.