rdp-tunnel

test-client
211 строк · 4.8 Кб
Перенос по словам
1
#!/usr/bin/env python
2
from rdp2tcp import rdp2tcp, R2TException
3
from sys import exit
4
import time
5
import socket
6
import os
7

8
def tcp_sock(local_port):
9
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0)
10
	s.connect(('127.0.0.1', local_port))
11
	s.settimeout(30)
12
	return s
13

14
def cmd(cmdline):
15
	os.system('xterm -e %s &' % cmdline)
16

17
###############################################################
18
# send shit to controller -> expect connection closed
19
def test_controller_proto():
20

21
	badmsgs = [ \
22
			'\n', \
23
			' l\n', \
24
			't\n', 'r\n', 's\n', 'x\n', \
25
			's a 0\n', \
26
			's a -1\n', \
27
			's a 65536\n', \
28
			's a 65535A\n', \
29
			'\x00\n' \
30
	]
31

32
	print 'controller protocol tests'
33
	for msg in badmsgs:
34

35
		s = tcp_sock(8477)
36
		s.sendall(msg)
37
		data = s.recv(256)
38
		if data != '':
39
			print 'error: server didnt closed connection'
40
			print '>>> ', repr(msg)
41
			print '<<< ', data
42
		s.close()
43

44

45

46
###############################################################
47
# python API test
48
def setup_tunnels():
49
	print 'tunnels setup'
50
	try:
51
		r2t = rdp2tcp('127.0.0.1', 8477)
52
	except R2TException, e:
53
		print e
54
		exit(0)
55

56
	try:
57
		# forward
58
		r2t.add_tunnel('t', ('127.0.0.1',4444),('127.0.0.1',4444))
59
		# forward
60
		r2t.add_tunnel('t', ('127.0.0.1',4445),('127.0.0.1',445))
61
		# reverse 
62
		r2t.add_tunnel('r', ('127.0.0.1',22),('127.0.0.1',2222))
63
		# forward
64
		r2t.add_tunnel('t', ('127.0.0.1',2222),('127.0.0.1',2222))
65
		# forward
66
		r2t.add_tunnel('t', ('::1',2223),('127.0.0.1',2222))
67
		# forward
68
		r2t.add_tunnel('t', ('localhost',2224),('127.0.0.1',2222))
69
		# process
70
		r2t.add_tunnel('x', ('127.0.0.1',4446),('cmd.exe',0))
71
		# socks5
72
		r2t.add_tunnel('s', ('127.0.0.1',65480),('',0))
73

74
		print r2t.info()
75

76
	except R2TException, e:
77
		print e
78

79
	r2t.close()
80

81
###############################################################
82
# test behaviour of buggy tunnel clients
83
def test_connect_and_close():
84
	targets = [ \
85
			8477, \
86
			4444, \
87
			4445, \
88
			2222, \
89
			4446, \
90
			65480 \
91
	]
92

93
	print 'connect() + close() tests'
94
	for port in targets:
95
		s = tcp_sock(port)
96
		s.close()
97

98
	for port in targets:
99
		print 'connect(%i) + sleep(2) + close() tests' % port
100
		s = tcp_sock(port)
101
		time.sleep(2)
102
		s.close()
103

104
	print 'connect() + send(garbage) + close() tests'
105
	garbage = ''.join(chr(i) for i in xrange(0x100))
106
	for port in targets:
107
		s = tcp_sock(port)
108
		s.sendall(garbage)
109
		s.close()
110

111
###############################################################
112
# test ssh tunnel by boucing on remote host
113
# use forward tunnel + reverse tunnel
114
# server talks first
115
def test_ssh():
116

117
	print '1 SSH test'
118
	cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
119
	raw_input('Press Key when SSH is closed')
120
	print '2 SSH test'
121
	cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
122
	cmd('ssh -p 2222 127.0.0.1 "ls /usr/lib | less"')
123
	raw_input('Press Key when both SSH are closed')
124

125

126
###############################################################
127
# test forward tunnel using "dir c:\windows\system32"
128
# server talks first
129
def test_cmd():
130
	print 'cmd.exe test'
131
	cmd('telnet 127.0.0.1 4446')
132
	raw_input('Press Key when cmd.exe is closed')
133

134
###############################################################
135
# test forward tunnel using smbclient
136
# client talks first
137
def test_smb():
138
	print 'smbclient test'
139
	cmd('smbclient -U Administrator -p 4445 //127.0.0.1/c$')
140
	raw_input('Press Key when smbclient is closed')
141

142
###############################################################
143
# test socks5 protocol errors
144
def test_socks5():
145

146
	# expect connection closed
147
	badmsgs = [ '\x00', '\x04', '\x06', '\x05\x00' ]
148

149
	print 'socks5 protocol tests 1'
150
	for msg in badmsgs:
151

152
		s = tcp_sock(65480)
153
		s.sendall(msg)
154
		try:
155
			data = s.recv(256)
156
			if data != '' and da:
157
				print 'error: socket5 server didnt closed connection'
158
				print '>>> ', repr(msg)
159
				print '<<< ', repr(data)
160
		except socket.error, e:
161
			if e[0] != 104:
162
				print 'error: %s' % str(e)
163
				print '>>> ', repr(msg)
164
		s.close()
165
	
166
	# expect socks5 error
167
	badmsgs = [ \
168
			'\x05\x01\x00\x00', \
169
			'\x05\x01\x00\x05\x00', \
170
			'\x05\x01\x00\x05\x02', \
171
			'\x05\x01\x00\x05\x03', \
172
			'\x05\x01\x00\x05\x00', \
173
			'\x05\x01\x00\x05\x01\x01', \
174
			'\x05\x01\x00\x05\x01\x00\x00', \
175
			'\x05\x01\x00\x05\x01\x00\x02', \
176
			'\x05\x01\x00\x05\x01\x00\xff', \
177
			'\x05\x01\x00\x05\x01\x00\x03\x00', \
178
			'\x05\x01\x00\x05\x01\x00\x03\x00\x41', \
179
	]
180

181
	print 'socks5 protocol tests 2'
182
	for msg in badmsgs:
183

184
		s = tcp_sock(65480)
185
		s.sendall(msg)
186
		try:
187
			data = s.recv(256)
188
			if len(data) != 2 or data[0] != '\x05':
189
				print 'error: socket5 server didnt closed connection'
190
				print '>>> ', repr(msg)
191
				print '<<< ', repr(data)
192
		except socket.error, e:
193
			if e[0] != 104:
194
				print 'error: %s' % str(e)
195
				print '>>> ', repr(msg)
196
		s.close()
197

198
if __name__ == '__main__':
199

200
	socket.setdefaulttimeout(5)
201

202
	setup_tunnels()
203
	if 1:
204
		#test_controller_proto()
205
		#test_controller_proto()
206
		test_connect_and_close()
207
		#test_socks5()
208
		#test_ssh()
209
		#test_cmd()
210
		#test_smb()
211
	pass
212
rdp-tunnel

Использование cookies
