rdp-tunnel
/
test-client
211 строк · 4.8 Кб
1#!/usr/bin/env python
2from rdp2tcp import rdp2tcp, R2TException
3from sys import exit
4import time
5import socket
6import os
7
8def tcp_sock(local_port):
9s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
10s.connect(('127.0.0.1', local_port))
11s.settimeout(30)
12return s
13
14def cmd(cmdline):
15os.system('xterm -e %s &' % cmdline)
16
17###############################################################
18# send shit to controller -> expect connection closed
19def test_controller_proto():
20
21badmsgs = [ \
22'\n', \
23' l\n', \
24't\n', 'r\n', 's\n', 'x\n', \
25's a 0\n', \
26's a -1\n', \
27's a 65536\n', \
28's a 65535A\n', \
29'\x00\n' \
30]
31
32print 'controller protocol tests'
33for msg in badmsgs:
34
35s = tcp_sock(8477)
36s.sendall(msg)
37data = s.recv(256)
38if data != '':
39print 'error: server didnt closed connection'
40print '>>> ', repr(msg)
41print '<<< ', data
42s.close()
43
44
45
46###############################################################
47# python API test
48def setup_tunnels():
49print 'tunnels setup'
50try:
51r2t = rdp2tcp('127.0.0.1', 8477)
52except R2TException, e:
53print e
54exit(0)
55
56try:
57# forward
58r2t.add_tunnel('t', ('127.0.0.1',4444),('127.0.0.1',4444))
59# forward
60r2t.add_tunnel('t', ('127.0.0.1',4445),('127.0.0.1',445))
61# reverse
62r2t.add_tunnel('r', ('127.0.0.1',22),('127.0.0.1',2222))
63# forward
64r2t.add_tunnel('t', ('127.0.0.1',2222),('127.0.0.1',2222))
65# forward
66r2t.add_tunnel('t', ('::1',2223),('127.0.0.1',2222))
67# forward
68r2t.add_tunnel('t', ('localhost',2224),('127.0.0.1',2222))
69# process
70r2t.add_tunnel('x', ('127.0.0.1',4446),('cmd.exe',0))
71# socks5
72r2t.add_tunnel('s', ('127.0.0.1',65480),('',0))
73
74print r2t.info()
75
76except R2TException, e:
77print e
78
79r2t.close()
80
81###############################################################
82# test behaviour of buggy tunnel clients
83def test_connect_and_close():
84targets = [ \
858477, \
864444, \
874445, \
882222, \
894446, \
9065480 \
91]
92
93print 'connect() + close() tests'
94for port in targets:
95s = tcp_sock(port)
96s.close()
97
98for port in targets:
99print 'connect(%i) + sleep(2) + close() tests' % port
100s = tcp_sock(port)
101time.sleep(2)
102s.close()
103
104print 'connect() + send(garbage) + close() tests'
105garbage = ''.join(chr(i) for i in xrange(0x100))
106for port in targets:
107s = tcp_sock(port)
108s.sendall(garbage)
109s.close()
110
111###############################################################
112# test ssh tunnel by boucing on remote host
113# use forward tunnel + reverse tunnel
114# server talks first
115def test_ssh():
116
117print '1 SSH test'
118cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
119raw_input('Press Key when SSH is closed')
120print '2 SSH test'
121cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
122cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
123raw_input('Press Key when both SSH are closed')
124
125
126###############################################################
127# test forward tunnel using "dir c:\windows\system32"
128# server talks first
129def test_cmd():
130print 'cmd.exe test'
131cmd('telnet 127.0.0.1 4446')
132raw_input('Press Key when cmd.exe is closed')
133
134###############################################################
135# test forward tunnel using smbclient
136# client talks first
137def test_smb():
138print 'smbclient test'
139cmd('smbclient -U Administrator -p 4445 //127.0.0.1/c$')
140raw_input('Press Key when smbclient is closed')
141
142###############################################################
143# test socks5 protocol errors
144def test_socks5():
145
146# expect connection closed
147badmsgs = [ '\x00', '\x04', '\x06', '\x05\x00' ]
148
149print 'socks5 protocol tests 1'
150for msg in badmsgs:
151
152s = tcp_sock(65480)
153s.sendall(msg)
154try:
155data = s.recv(256)
156if data != '' and da:
157print 'error: socket5 server didnt closed connection'
158print '>>> ', repr(msg)
159print '<<< ', repr(data)
160except socket.error, e:
161if e[0] != 104:
162print 'error: %s' % str(e)
163print '>>> ', repr(msg)
164s.close()
165
166# expect socks5 error
167badmsgs = [ \
168'\x05\x01\x00\x00', \
169'\x05\x01\x00\x05\x00', \
170'\x05\x01\x00\x05\x02', \
171'\x05\x01\x00\x05\x03', \
172'\x05\x01\x00\x05\x00', \
173'\x05\x01\x00\x05\x01\x01', \
174'\x05\x01\x00\x05\x01\x00\x00', \
175'\x05\x01\x00\x05\x01\x00\x02', \
176'\x05\x01\x00\x05\x01\x00\xff', \
177'\x05\x01\x00\x05\x01\x00\x03\x00', \
178'\x05\x01\x00\x05\x01\x00\x03\x00\x41', \
179]
180
181print 'socks5 protocol tests 2'
182for msg in badmsgs:
183
184s = tcp_sock(65480)
185s.sendall(msg)
186try:
187data = s.recv(256)
188if len(data) != 2 or data[0] != '\x05':
189print 'error: socket5 server didnt closed connection'
190print '>>> ', repr(msg)
191print '<<< ', repr(data)
192except socket.error, e:
193if e[0] != 104:
194print 'error: %s' % str(e)
195print '>>> ', repr(msg)
196s.close()
197
198if __name__ == '__main__':
199
200socket.setdefaulttimeout(5)
201
202setup_tunnels()
203if 1:
204#test_controller_proto()
205#test_controller_proto()
206test_connect_and_close()
207#test_socks5()
208#test_ssh()
209#test_cmd()
210#test_smb()
211pass
212