forked from alexbers/exploit_farm
-
Notifications
You must be signed in to change notification settings - Fork 0
/
start_sploit.py
executable file
·99 lines (78 loc) · 2.98 KB
/
start_sploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env python
# author: Alexander Bersenev (Bay) from Hackerdom team
# starts one sploit for all teams
from flag_format import FLAG_FORMAT
from team_list import TEAMS
from time import sleep, strftime
from os.path import basename, splitext, abspath, exists
from subprocess import Popen, PIPE, STDOUT
import threading
import re
import sys
import os
TIMEOUT = 60 # sploit timeout in sec
def log(text):
print("%s " % strftime("%H:%M:%S") + text)
def get_unfinished_teams():
return [t.name for t in threading.enumerate() if t.daemon]
class TeamOwner(threading.Thread):
def __init__(self, sploit_name, team_name, team_ip):
threading.Thread.__init__(self, name=team_name)
self.sploit_name = sploit_name
self.team_name = team_name
self.team_ip = team_ip
spl_short_name = splitext(basename(sploit_name))[0]
log_filename = "flags_%s_%s.txt" % (spl_short_name, team_name)
self.logfile = open(log_filename, "ab", 0)
self.existed_flags = set()
def run(self):
log("Lauching %s %s for %s" %
(basename(self.sploit_name), self.team_ip, self.team_name))
try:
need_launch_in_shell = (os.name == "nt")
# launch sploit proccess with team_ip as arg
spl = Popen([self.sploit_name, self.team_ip],
stdout=PIPE, stderr=STDOUT,
shell=need_launch_in_shell, bufsize=1)
# get output by lines until EOF
while True:
nextline = spl.stdout.readline()
if not nextline:
break
nextline = nextline.strip()
if not nextline:
continue
print("%s: %s" % (self.team_name, nextline))
flags = re.findall(FLAG_FORMAT, nextline)
for flag in flags:
log("Flag from %s: %s" % (self.team_name, flag))
if flag not in self.existed_flags:
self.logfile.write(flag + b"\n")
self.existed_flags.add(flag)
spl.communicate() # wait for finish
except Exception as E:
log("Exception, team %s: %s" % (self.team_name, E) + "\a")
# LETS ROCK !!!
if len(sys.argv) < 2:
print("Usage: start_sploit.py <sploit>")
sys.exit(1)
sploit_name = abspath(sys.argv[1])
if not exists(sploit_name):
print("Sploit doesn't exist: " + sploit_name)
sys.exit(1)
for team_name, team_ip in TEAMS.items():
owner = TeamOwner(sploit_name, team_name, team_ip)
owner.daemon = True
owner.start() # start pwning thread for the team
# do small 1-sec sleeps till ctrl-c or till end of the work
try:
for i in range(TIMEOUT):
sleep(1)
if not get_unfinished_teams():
break
except KeyboardInterrupt:
print("Ctrl-c received!")
if get_unfinished_teams():
log("Done. Teams with timeouts: %s" % get_unfinished_teams())
else:
log("Done.")