-
-
Notifications
You must be signed in to change notification settings - Fork 132
steal_files_ssh.py
This document provides a detailed step-by-step explanation of how the steal_files_ssh.py
script operates. This script connects to remote SSH servers using provided credentials, searches for specific files, and downloads them to a local directory.
-
Filename:
steal_files_ssh.py
- Purpose: To connect to remote SSH servers using provided credentials, search for specific files, and download them to a local directory.
The script imports the following modules:
-
Standard Libraries:
os
paramiko
logging
time
threading.Timer
-
External Libraries:
rich.console
-
Custom Modules:
SharedData
Logger
The logger is configured to log messages for steal_files_ssh.py
at the DEBUG level, ensuring detailed logging of events and errors.
Global variables are defined to provide metadata about the class and module, including:
b_class = "StealFilesSSH"
b_module = "steal_files_ssh"
b_status = "steal_files_ssh"
b_parent = "SSHBruteforce"
b_port = 22
The StealFilesSSH
class manages the process of connecting to SSH servers, searching for specific files, and downloading them.
- Attributes: Initializes shared data and sets up the state for SSH and SFTP connections.
- Logger: Logs the initialization process.
- Purpose: Establishes an SSH connection to the specified IP using the provided username and password.
- Logging: Logs the connection attempt and outcome.
- Returns: An SSH client object if the connection is successful.
- Purpose: Searches for files in the specified directory on the remote server based on configuration criteria (file extensions and names).
- Logging: Logs the number of matching files found.
- Returns: A list of matching file paths.
- Purpose: Downloads a specified file from the remote server to a local directory.
- Logging: Logs the download process and outcome.
- Purpose: Orchestrates the file-stealing process by connecting to the remote server, searching for files, and downloading them.
- Logging: Logs the overall process, including connection attempts, file searches, and downloads.
- Returns: A status string indicating success or failure.
- The
StealFilesSSH
class is initialized with shared data, setting up necessary attributes and logging the initialization.
- The
connect_ssh
method attempts to establish an SSH connection using provided credentials. - Successful connections are logged, and an SSH client object is returned.
- The
find_files
method searches for specific files in a given directory on the remote server. - Files that match the configured criteria are logged and returned as a list of file paths.
- The
steal_file
method downloads each identified file from the remote server to a local directory. - The download process and outcome are logged.
- The
execute
method orchestrates the overall process, handling connection attempts, file searches, and downloads. - Credentials are retrieved from a pre-configured file, and each credential is tried sequentially.
- A timeout mechanism ensures that the process does not hang indefinitely if an SFTP connection is not established.
- Purpose: Specifies the file extensions to look for when searching for files on the remote server.
- Type: List of strings.
-
Example:
['.txt', '.log', '.conf']
- Purpose: Specifies the file names (or parts of file names) to look for when searching for files on the remote server.
- Type: List of strings.
-
Example:
['important', 'secret', 'config']
- Purpose: The file that contains the SSH credentials (username and password) cracked from previous brute force attacks.
- Type: String (file path).
-
Example:
'/path/to/sshfile.csv'
- Purpose: The directory where the stolen files will be saved locally.
- Type: String (directory path).
-
Example:
'/path/to/datastolendir/'
self.shared_data.steal_file_extensions = ['.txt', '.log', '.conf']
self.shared_data.steal_file_names = ['important', 'secret', 'config']
self.shared_data.sshfile = '/path/to/sshfile.csv'
self.shared_data.datastolendir = '/path/to/datastolendir/'
The StealFilesSSH
class is a child of the SSHBruteforce
class in the orchestrator's workflow. This means that the file-stealing process is initiated only after the successful execution of the brute force attack managed by SSHBruteforce
.
The StealFilesSSH
class is called by the orchestrator via its execute
method. The process involves:
-
Receiving Target Details: The orchestrator provides IP, port, and credential details to the
StealFilesSSH
class. -
Performing File Stealing: The
execute
method connects to the remote server, searches for files, and downloads them. - Updating Orchestrator: The status (success or failure) is returned to the orchestrator for further action.
-
Initialization: The orchestrator initializes the
StealFilesSSH
class. -
Execution: For each target IP and port, the orchestrator calls the
execute
method ofStealFilesSSH
. -
Logging and Status Update: The
StealFilesSSH
class logs each step and updates the status based on the outcome of the file-stealing process.
By following these detailed steps, the steal_files_ssh.py
script connects to SSH servers, searches for specified files, and downloads them to a local directory. It integrates seamlessly with the orchestrator for coordinated security operations, ensuring that file-stealing actions are performed only after successful brute force attacks.