forked from nightlionsecurity/labtunnel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
host_client.py
145 lines (112 loc) · 4.47 KB
/
host_client.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/python
## License ##########################################################
#
# Lab Tunnel Provisioner v1.3
# Copyright (c) 2017, NightLion Security
#
#
#
#
#
# This is free software, licensed under:
# The Artistic License 2.0
#
import urllib2
import fcntl, socket, struct
import os
import json
import time
import ConfigParser
configParser = ConfigParser.RawConfigParser()
configFilePath = r'config.conf'
configParser.read(configFilePath)
__SERVER_IP__ = configParser.get('lab-config', 'ServerIP')
__SERVER_PORT__= configParser.get('lab-config', 'ServerPort')
__SECRET_KEY__ = configParser.get('lab-config', 'SecretKey')
# __SERVER_IP__ = "192.168.10.1"
# __SERVER_PORT__= 5001
# __SECRET_KEY__ = '62cc35df-af28-48ea-a623-79910f6743f8'
def get_ip_addr():
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect((__SERVER_IP__, __SERVER_PORT__))
return s.getsockname()[0]
def getHwAddr(ifname):
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
info = fcntl.ioctl(s.fileno(), 0x8927, struct.pack('256s', ifname[:15]))
return ':'.join(['%02x' % ord(char) for char in info[18:24]])
except:
pass
def get_host_id():
serial = None
for line in open('/proc/cpuinfo'):
if line[0:6] == 'Serial':
serial = line[10:26]
if not serial:
serial = getHwAddr('eth0')
if not serial:
serial = getHwAddr('wlan0')
if not serial:
serial = 'no_serial'
return serial
def get_pub_key():
if not os.path.exists('/root/.ssh/id_rsa.pub'):
os.system("/usr/bin/ssh-keygen -f /root/.ssh/id_rsa -t rsa -N ''")
#wait 5 seconds to complete key generation
time.sleep(5)
open('/root/.ssh/config','w').write('Host {}\nStrictHostKeyChecking no'.format(__SERVER_IP__))
return open('/root/.ssh/id_rsa.pub').read().strip()
def set_hostname():
count = 0
pub_key = get_pub_key()
while True:
try:
r_url='http://%s:%d/hostname/%s/%s' % ( __SERVER_IP__,__SERVER_PORT__, get_ip_addr(), get_host_id() )
req = urllib2.Request(r_url)
req.add_header('secret_key', __SECRET_KEY__)
req.add_header('id_rsa_pub', pub_key)
resp = urllib2.urlopen(req)
json_data = resp.read()
break
except:
count += 1
if count > 10:
print 'Could not reach hostname server in 10 attemp, giving up'
break
print 'Hostname server could not be reached, re trying in 5 secs'
time.sleep(5)
data = json.loads(json_data)
if data['host_name']:
print "My hostname is %s" % data['host_name']
write_to_authorized_keys = True
if not os.path.exists('/root/.ssh'):
os.mkdir('/root/.ssh')
if os.path.exists('/root/.ssh/authorized_keys'):
for l in open('/root/.ssh/authorized_keys'):
if l.strip() == data['id_rsa_pub']:
print "pub key exists, skipping"
write_to_authorized_keys = False
if write_to_authorized_keys:
F=open('/root/.ssh/authorized_keys','a')
F.write(data['id_rsa_pub'])
F.write('\n')
F.close()
try:
os.system('/bin/hostname %s' % data['host_name'])
F=open('/etc/hostname','w')
F.write(data['host_name'])
F.close()
except:
print 'I can not write to /etc/hostname\nDid you run me with root previleges? Please run me with sudo command'
else:
print 'Hostname server did not returned a hostname for me, giving up'
auto_ssh_command = '/usr/bin/autossh -M 10005 -f -N -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i "/root/.ssh/id_rsa" -R 200{0}:localhost:22 {2}@{1}'.format( data['host_name'][1:], __SERVER_IP__, data['remote_user'])
auto_ssh_nessus_command = '/usr/bin/autossh -f -N -o "PubkeyAuthentication=yes" -o "PasswordAuthentication=no" -i "/root/.ssh/id_rsa" -R 300{0}:localhost:8834 {2}@{1}'.format( data['host_name'][1:], __SERVER_IP__, data['remote_user'])
os.system('/etc/init.d/nessusd start')
#wait 2 seconds to start nessus
time.sleep(2)
print "Executing command:", auto_ssh_command
os.system(auto_ssh_command)
print "Executing command:", auto_ssh_nessus_command
os.system(auto_ssh_nessus_command)
set_hostname()