ืืฉืืืชื ืืขืืื ืืืืจื ืืื, ืืืจ ืืื ืื ืืกื ื ืชืื ืื ืืืฉืื ืฉื ืืชืงื ื IP, ืืกืคืจ ืฉืจืชืื ืขื ืืืืืืช ืืชืืงืื ืืฆืืจืช FreeBPX. ืื ืืกืฃ, ืืจืืืื ืื ืืืืืช Samsung IDCS500 ืขืืื ืืืงืืื ืืืืืคื ืืืื ืืืืชื ืืขืจืืช ืืชืงืฉืืจืช ืืืจืืืืช ืืืืจื, ืืืคืื ืื IP ืขืืื ืจืง ืขืืืจ ืืืืงืช ืืืืืจืืช. ืืืื ืืื ืืืฉืื ืืืชืืฉื ืื, ืืื ืืืื ืืืืจ ืืื ื ืืชื ื ืฆื ืืืขืืืจ ืืช ืืืื ืืืืคืื ืื IP, ืกืืืื ืืืขืืื, ื ืจืืฉ ืฆืืื ืืืืื ืืืืฉื ืืช ืืชืืื ืืช ืืืขืืจืช ืืืืื ืืืื ื-21.
ืืืืจ ืืจืืฉืื ืฉืืชืืื ืืืืื ืืืฆื ืืื ืืื ืืืกืคืจ ืืืื ืืืืืจืืช ืฉื ืืืฉืืจื ืืืคืื ืฉืฆืจืื ืื ืื ืืืืฉืื, ืืืืจ ืืฉื ื ืฉืืื ืืืืื ืืืื ืืื ืกืคืจ ืืืืคืื ืื. ืื ืื ืื ื ืงืืืืช ืงืฆื ืืืื ืืขืืืจ ืื ื ืขื ืืจืืฉืื (ืฉืืื, ื ืืชื ืืืืจืกืืืช ืืืืจืื ืืช ืฉื FreePBX), ืื ืขืื ืืื ืฉืืืืช ืขื ืืกืคืจ:
- ืจืืฉืืช, ืืืฆื ืืืืืื ืืช ืืืืืง ืฉืื ืืืฉืจ ืืืืงืื/ืื ืืืืืช ืฉื ืืืฉืชืืฉืื ืืฉืชื ื ืื ืืืื?
- ืฉื ืืช, ืืื ืืืื ืืืืืืื ืืชืืื ืืืฉืืช ืฉื ืืืคืื ืื. ืืื ืืืื ืืช ืฉื ืืืฉ ืืงืฉืจ ืืื ืคืขื?
ืืืขืื ืืืืชื ืืขื ืืื ืช, ืืคืชืจืื ืื ืืงื ืืจืื ืืื ืืืืืข. ืขืืฉืื ืื ื ืืชื ืืช ืืจืฉืืื ืืืืื, ืืื ื ืกืชืื ืขื ืื ืืคื ืืกืืจ.
from scapy.all import sniff
from scapy.layers.inet import IP
import mysql.connector
import ldap
import getpass
import tftpy
import requests
import os
import time
from string import replace
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=IT,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
if __name__ == '__main__':
macaddr, ipaddr = sniff_frame()
current_account = get_phone_inform(ipaddr)
current_account_password = check_account(current_account)
macaddr = macaddr.replace(':', '')
ipaddr = ipaddr.decode('utf-8')
adname = conn_ldap(getpass.getuser())
query = 'INSERT INTO station (mac, ip, name, number) VALUES (' + '"' + macaddr + '",' + '"' + ipaddr + '",' + '"' + adname + '",' + '"' + get_phone_inform(ipaddr) + '"' + ')'
qwery2 = 'UPDATE station SET ip=' + '"' + ipaddr + '"' + ', name=' + '"' + adname + '"' + ', number=' + '"' + get_phone_inform(ipaddr) + '"' + ' WHERE mac=' + '"' + macaddr + '"'
fquery = 'SELECT EXISTS(SELECT mac FROM voip.station WHERE mac=' + '"' + macaddr + '")'
query = query.encode('utf-8')
fquery = fquery.encode('utf-8')
config = macaddr + '.cfg'
place = os.path.expanduser("~") + "" + "AppDataLocal" + config
conn_mysql(query,fquery,macaddr,qwery2)
tftp_file_change(config,place,adname,current_account,current_account_password)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')
ืืชืืื ื ืคืืขืืช ืขื ืืืืฉื ืฉื ืืืฉืชืืฉ ืืคืืขืืช ืืชื ืื ืฉืืืืฉื ืืืืืจ ืืจืฉืช ืืืืฆืขืืช ืืืคืื, ืฉืื Yealink T19 ืื ืืืื ืืขืืื ืืฉืขืจ.
ืจืืฉืืช, ืขืืื ื ืืืืื ืืื ืืื ืืืืืจ? ืืืืื mac ื-ip ืืฉ ืืืืคืื ืฉืื ื.
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
ืืื ืื ื ืืฉืชืืฉืื ืืคืื ืงืฆืืืช sniff ืืืืกืืจืช scapy, ืืขืืจืชื ืืงืืืื ืืืืืช udp ืืืืืจืช ืืจืืฉ, ืืืชืื ืื 70 ืฉื ืืืช ืืื ืื ืงืืืืื ืืืื, ืืืฆืืื.
count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060"
ืืืืจ ืืื, ืื ื ืืืืืืื ืฉืืืืฉืืจ ืืื Yealink ืืืืืืจืื ืืช ืืขืจืืื ืืืจืืฉืื (ip ื-mac).
ืืืืฆืขืืช ืืงืฉื ืืืืืืช, ืื ื ืืืจืจืื ืืช ืืืฉืืื ืื ืืืื ืืืืคืื. ืืฉื ืื, ืืชืฆืืจื ืื ืืืืืช ืืืจืืื ืืืืืคืื ืืื ืชืืช.
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
ืืื ืืช ืืกืืกืื ืืืฉืืื ืื. ืืฉื ืื, ืื ื ืคืื ืื ืืืืืช asterisk.sip ืืืฉืื ืื ืชืื ืื ืื.
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
ืืืื, ืืฉืื ืืืืจืื ืื ืื ื ืืชืืืจืื ื-ldap AD ืืืฉืชืืฉืื ื-sAMAccountName ืฉืืชืงืื ืืจื ืืคืื ืงืฆืื getpass.getuser() ืงื ืืช ื-cn ืฉื ืืืฉืชืืฉ ืื ืืืื (ืฉืืืื ืืืจื ืืื ืืช ืฉืื ืืืื ืฉื ืืืฉืชืืฉ).
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=***,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
ืื ืื ื ืืชืืืจืื ืืืืื ืฉื ืืฆืจื ืืจืืฉ ืืืกื ืื ืชืื ืื (ืื ื ืืฆืจืชื ืืืชื ืฉื) ืืืื ืืกืื ืืช ืื ืื ืฉืืืื ื, ืืืืืจ: ip, mac, username.
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
ืื ืื ื ืืืืืื ืืขืฆืืจ ืืื, ืื ืืืจ ืืฆืจื ื ืคื ืงืก ืืชืืืืช ืืื ืื, ืืชื ืืืื ืืฉืืื, ืืื ืืืืชื ืจืืืง ืืืชืจ ืืืืกืคืชื ืืื ืืงืฆืื ืืืืืืืืช ืฉื ืืืฉืืจืื.
ืืฉื ืื, ืืืจืืืื ืชืฆืืจืช ืชืื ืืช ืืฉืจืช tftp ืืืืืจ ืืจืืฉ, ืฉืืืื ืื ื ืืืฆืขืื ืืช ืืฉืื ืืืื ืฉืื ื ืืฉืืืจืื ืืืชื ื-mac.cfg. ืืืืืจ, ืขืืืจ Yealink ืืฉื ื ืฉื ื ืกืืื ืชืฆืืจื, ืืืื ืืื ืืืืืื, ืืืฉื ื ืื ืขื ืืืคืื ืกืคืฆืืคื ืืฆืจืื ืืืืืช ืืฆืืจื mac_phone.cfg
ืืืืจ ืื ืืฉืื ืืืื ืืงืืืฅ ืืฉืืืจืชื ืืืืจื ืืฉืจืช tftp, ืื ื ื ืืชื ืื ืืช ืืคืงืืื ืืืืคืื ืืืงืฆืืช ืืืืชืื ืืช ืืืืฉืืจ.
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')
ืืืืจ ืืชืืื ืืืืฉืืจ, ื ืงืื ืืช ืืฉื ืืืื ืฉืื ื ืขื ืืกื ืืืืคืื + ืคื ืงืก ืืชืืืืช ืืืืื ืชืืื ืืฆืืจื ืฉื ืืกื ื ืชืื ืื, ืืื ืื ืื ืฉื ืืชืจ ืืื ืืืืกืืฃ XML ืืงืฆืช PHP ืืื ืืืฆืื ืืืืคื ืืื ืื ืืช ืืชืืื. ืืฉ ืืจืื ืืืืืืืช ืืืื, ืืคืืื ื-YEALINK ืขืฆืื ืืฉ ืืืชื.
ื .ื.: ืืงืืืช ืืืจืืืืช ืจืื ืืืชืจ, ืืชื ืืืื ืืืขืืืจ ืืช ืืืืืจืืช ืืจืืฉืืืช (ืืืฉืชื ืื) ืืงืืืฅ ื ืคืจื.
ืืงืืจ: www.habr.com