launchExploits()

The following section will talk about the launchExploits() method. 

Section(9) of the following code loads all the details that are placed in the IPexploits table for the current project, which is 744. We have already seen the seven rows that will be pulled out and placed under the IPexploits_data list. We don't need to focus on the else block of if(concurrent=False), as that refers to code that is invoked in the GUI version. For now, let's only take the if block into consideration, as concurrent=False for the CLI version. Next, we iterate over the IPexploits_data: "for exploit in IPexploits_data:" structure:

In section (10), we loading the details from the JSON structure for the current service that is being iterated. Remember that self.commandsJSON holds the whole JSON file data where we mapped the services and testcases. We then load all the commands and testcases of that particular service and placing them under a list meta. For example, if service = http, then the meta will hold [http_1,http_2,http_3,http_4,http_5 ...]. Now, remember that in the last section, for each record out of the seven records, the project_status was init. In the next line (section (11)), we update the status to processing for the current record's (host,port,service,record_id) combination. As we have already picked up this service to be executed, we want to change the database status.

In section (12), we load all the enabled service cases for the particular service to be executed, depending upon the scan profile chosen for the project. As discussed earlier, we have all the essential cases loaded.

There are certain projects/scans that may also need some user defined parameters, such as username, passwords to use, and so on. All such parameters are placed inside a Project_params.json file, and section (13) replaces the usernames and passwords of the command to be executed with the project specific usernames and passwords, wherever applicable:

Self.commandObj holds the object of the auto_commands.pl class. Section (14) initializes the instance variables of the class that are relevant to the current record set to be executed (host, port, service, and so on). As we discussed earlier, the args parameter from the JSON file contains the actual command to be executed. We loaded the args value in the program variable args. As we know, this is a list that contains commands. We iterate over this list and replace entries such as <host> with the actual IP to be scanned and <port> with the actual port to be scanned. We will repeat this activity for all the testcases, one by one. For the current example, if we assume that http is the current service to be scanned, the code will iterate over all the commands, [http_1,http_2..]. Finally, the final_args list for http_5 and port 80 will be specified as [500, nmap -Pn --script=banner.nse -P80 10.0.2.5]:

In section (16), we are actually invoking the appropriate method from the auto_comamnds.py module. Let's think about how this works. getattr(object, name[, default]) returns the value of the named attribute of object. name and must be a string. If the string is the name of one of the object’s attributes, the result is the value of that attribute. For example, getattr(x,'Method_name') is equivalent to x. Method_name:

As we have already discussed, the name of the method to execute the script/module is preconfigured in the JSON file, and in the preceding code it is read in the variable method. func = getattr(self.commandObj,method_name) will return the reference of that method, and can be invoked such as func(args). This is what is done in section (18): func(final_args,grep_commands). When that method is executed, it will automatically save the results in the database. Once all the test cases for a service are executed, we want to update the status of that row from processing to complete, which is what is done at section (20). The same operation is repeated until all the discovered services for all the hosts are scanned. Let's take a look at what the database table looks like when a test case is executed. We will be taking examples from a different project ID:

As can be seen from the preceding screenshot, the data for this particular row for the project ID 736 before service scanning would have been as follows: Pid=736,Service='ssl',Exploits={"Entries" :{"ssl_1":[true,0,0]} ... }. Once the execution is over, however, the first 0 is replaced by a list that has the command(s) executed. In place of the second 0, we have the final results in the form of a string.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.135.246.193