-
-
Notifications
You must be signed in to change notification settings - Fork 126
steal_files_ssh.py
This document provides a detailed step-by-step explanation of how the steal_files_ssh.py script operates. This script connects to remote SSH servers using provided credentials, searches for specific files, and downloads them to a local directory.
-
Filename:
steal_files_ssh.py - Purpose: To connect to remote SSH servers using provided credentials, search for specific files, and download them to a local directory.
The script imports the following modules:
-
Standard Libraries:
osparamikologgingtimethreading.Timer
-
External Libraries:
rich.console
-
Custom Modules:
SharedDataLogger
The logger is configured to log messages for steal_files_ssh.py at the DEBUG level, ensuring detailed logging of events and errors.
Global variables are defined to provide metadata about the class and module, including:
b_class = "StealFilesSSH"b_module = "steal_files_ssh"b_status = "steal_files_ssh"b_parent = "SSHBruteforce"b_port = 22
The StealFilesSSH class manages the process of connecting to SSH servers, searching for specific files, and downloading them.
- Attributes: Initializes shared data and sets up the state for SSH and SFTP connections.
- Logger: Logs the initialization process.
- Purpose: Establishes an SSH connection to the specified IP using the provided username and password.
- Logging: Logs the connection attempt and outcome.
- Returns: An SSH client object if the connection is successful.
- Purpose: Searches for files in the specified directory on the remote server based on configuration criteria (file extensions and names).
- Logging: Logs the number of matching files found.
- Returns: A list of matching file paths.
- Purpose: Downloads a specified file from the remote server to a local directory.
- Logging: Logs the download process and outcome.
- Purpose: Orchestrates the file-stealing process by connecting to the remote server, searching for files, and downloading them.
- Logging: Logs the overall process, including connection attempts, file searches, and downloads.
- Returns: A status string indicating success or failure.
- The
StealFilesSSHclass is initialized with shared data, setting up necessary attributes and logging the initialization.
- The
connect_sshmethod attempts to establish an SSH connection using provided credentials. - Successful connections are logged, and an SSH client object is returned.
- The
find_filesmethod searches for specific files in a given directory on the remote server. - Files that match the configured criteria are logged and returned as a list of file paths.
- The
steal_filemethod downloads each identified file from the remote server to a local directory. - The download process and outcome are logged.
- The
executemethod orchestrates the overall process, handling connection attempts, file searches, and downloads. - Credentials are retrieved from a pre-configured file, and each credential is tried sequentially.
- A timeout mechanism ensures that the process does not hang indefinitely if an SFTP connection is not established.
- Purpose: Specifies the file extensions to look for when searching for files on the remote server.
- Type: List of strings.
-
Example:
['.txt', '.log', '.conf']
- Purpose: Specifies the file names (or parts of file names) to look for when searching for files on the remote server.
- Type: List of strings.
-
Example:
['important', 'secret', 'config']
- Purpose: The file that contains the SSH credentials (username and password) cracked from previous brute force attacks.
- Type: String (file path).
-
Example:
'/path/to/sshfile.csv'
- Purpose: The directory where the stolen files will be saved locally.
- Type: String (directory path).
-
Example:
'/path/to/datastolendir/'
self.shared_data.steal_file_extensions = ['.txt', '.log', '.conf']
self.shared_data.steal_file_names = ['important', 'secret', 'config']
self.shared_data.sshfile = '/path/to/sshfile.csv'
self.shared_data.datastolendir = '/path/to/datastolendir/'The StealFilesSSH class is a child of the SSHBruteforce class in the orchestrator's workflow. This means that the file-stealing process is initiated only after the successful execution of the brute force attack managed by SSHBruteforce.
The StealFilesSSH class is called by the orchestrator via its execute method. The process involves:
-
Receiving Target Details: The orchestrator provides IP, port, and credential details to the
StealFilesSSHclass. -
Performing File Stealing: The
executemethod connects to the remote server, searches for files, and downloads them. - Updating Orchestrator: The status (success or failure) is returned to the orchestrator for further action.
-
Initialization: The orchestrator initializes the
StealFilesSSHclass. -
Execution: For each target IP and port, the orchestrator calls the
executemethod ofStealFilesSSH. -
Logging and Status Update: The
StealFilesSSHclass logs each step and updates the status based on the outcome of the file-stealing process.
By following these detailed steps, the steal_files_ssh.py script connects to SSH servers, searches for specified files, and downloads them to a local directory. It integrates seamlessly with the orchestrator for coordinated security operations, ensuring that file-stealing actions are performed only after successful brute force attacks.