Questions about this topic? Sign up to ask in the talk tab.

Kolkata

From NetSec
Revision as of 00:19, 28 April 2012 by LashawnSeccombe (Talk | contribs) (Wordpress)

Jump to: navigation, search

Description

Dependencies

Usage

Source

<syntaxhighlight lang="perl">

  1. !/usr/bin/perl
  2. @url http://www.blackhatacademy.org/
  3. @author fxm+hatter

use strict; use YAML; use YAML::XS; use Digest::MD5 qw(md5_hex); use LW2; use Getopt::Std;

my @apps; my %opts;

getopts('c:p:d:v', \%opts);

usage() unless $opts{d};

my $domain = $opts{d}; my $verbose = 0; $verbose = 1 if $opts{v}; my $path = ; $path = $opts{p} if ($opts{p});


opendir(SIGDIR, "./sigs/") or die $!; my @filenames = grep {

    /\.yml$/
     && -f "./sigs/$_"

} readdir(SIGDIR);

my $i = 0;

foreach my $file (@filenames) {

   $apps[$i] = YAML::XS::LoadFile("./sigs/$file");
   $i++;

}


foreach my $app (@apps) {

   print "Downloading " . $path . $app->{'config'}->{'check_file'} . " to check for " . $app->{'config'}->{'app_name'} . "\n";
   my $contents = download($path . $app->{'config'}->{'check_file'}, $domain);    
   my $target_md5 = md5_hex($contents);
   foreach my $sig (keys %{$app->{'sigs'
) {
       print "Comparing $target_md5 with " . $app->{'sigs'}->{$sig} . " for " . $app->{'config'}->{'app_name'} . " " . $sig . " detection.\n" if ($verbose > 0);
       die($app->{'config'}->{'app_name'} . " version " . $sig ."\n") if ($app->{'sigs'}->{$sig} eq $target_md5);
   }

}

sub usage {

   print "kolkata.pl -d domain.tld [-v -p [remote_path_to_web_application]]\n";
   exit(0);

}

sub download {

   my $uri = shift;
   my $try = 5;
   my $host = shift;
   my %request;
   my %response;
   LW2::http_init_request(\%request);
   $request{'whisker'}->{'method'} = "GET";
   $request{'whisker'}->{'host'} = $host;
   $request{'whisker'}->{'uri'} = $uri;
   $request{'whisker'}->{'encode_anti_ids'} = 9;
   $request{'User-Agent'} = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.237 Safari/534.10";
   LW2::http_fixup_request(\%request);
   if(LW2::http_do_request(\%request, \%response)) {
       if($try < 5) {
           print "Failed to fetch $uri on try $try. Retrying...\n";
           return undef if(!download($uri, $try++));
       }
       print "Failed to fetch $uri.\n";
       return undef;
   } else {
       return ($response{'whisker'}->{'data'}, $response{'whisker'}->{'data'});
   }

}

</syntaxhighlight>}}

Signature Bundles

c3el4.png Each signature bundle is written in yaml.

Wordpress

  • sigs/wordpress.yml

config:

 app_name: Wordpress
 check_file: /wp-includes/js/tinymce/tiny_mce.js

sigs:

 2.0: a306a72ce0f250e5f67132dc6bcb2ccb
 2.1: 4f04728cb4631a553c4266c14b9846aa
 2.2: 25e1e78d5b0c221e98e14c6e8c62084f
 2.3: 83c83d0f0a71bd57c320d93e59991c53
 2.5: 7293453cf0ff5a9a4cfe8cebd5b5a71a
 2.6: 61740709537bd19fb6e03b7e11eb8812
 2.7: e6bbc53a727f3af003af272fd229b0b2
 2.8.5: 56c606da29ea9b8f8d823eeab8038ee8
 2.9.1: 128e75ed19d49a94a771586bf83265ec
 3.0.0: 128e75ed19d49a94a771586bf83265ec
 3.0.1: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.0.2: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.0.3: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.0.4: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.0.5: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.0.6: 0711a6aa3862ac0dd2f9ef1a3d26f809
 3.1: c67211f73b63e773e626127aa95338c2
 3.1.1: 1786644689f0495f07d5ae1737395108
 3.1.2: 1786644689f0495f07d5ae1737395108
 3.1.3: 1786644689f0495f07d5ae1737395108
 3.1.4: 1786644689f0495f07d5ae1737395108
 3.2: b2c6b6d221c816948248b453046355eb
 3.2.1: b2c6b6d221c816948248b453046355eb
 3.3.1: 9754385dabfc67c8b6d49ad4acba25c3

Joomla

MediaWiki