αα
ααααααα»αααααααΎααΆαα±αααααα»αα αα»αααα αααα»αααΆαααΌαααααΆααα·αααααααα½αα
ααα½αααα§ααααα IP αα½α
α αΎα αααΆαααΈαααααΆα
αααΎααααααΆααααααΆααααΆα αα·αααααααΆαααααα FreeBPX α ααΎαααΈαααααα analogue PBX Samsung IDCS500 ααααΎαααΆαααααααααΆ α αΎαααΆααΌαα
ααΊααΆααααααααααααΆααααααααααΆαααα
αααα»ααααα»αα αα»α ααΌαααααα IP ααααΎαααΆααααααΆααααααααααααααα»αααααα α αΎαα’αααΈααααααααΆαααΉαααααα
ααα’α·αααΌα
ααα ααα»αααααααααα½αααααα’ ααααΉααααα½αααααΌαααΆααααααα²αααααααα’ααααααααααααΆαα
ααΆααααΌαααααα IP αααααααΆαααααααααΌαααΆααααααααααααααΆ αααααΆααααααΌαααΆααα·α α αΎααααααΆαααααααα ααααΆααα
αααα»αααααααααΈ 21 ααΆαα
αΆααααααΎαααααΌαααΆαα’αα»ααααα
ααΏαααααΌααααα
αΆααααααΎααααα½αααΆαααααααα»αααααΆαααΆαααααααααΊααΆαααΎαα‘αΎααααΆαααΆαααα αααααααα»αααΌαααααααααα
αΆαααΆα
αααααΌαααααααααααααααααααΆ α αΎαααΏαααΈααΈαααααα½αα±αααααα½αααΆαααααααααΊααααα
ααΌααααααα ααααα·αααΎ Endpoint Manager α’αΆα
αα½αααΎαααΆαα½αααΉααααααα·ααΈααΈαα½α (αααααΆααα·ααΈαααααααΌαααΆαααΆααα
ααααΈααααα
α»αααααααααα»ααα FreePBX) ααααααα½ααα½αα
ααα½αααΆαααΎαα‘αΎαααΆαα½αααΉαααααα
αααα
- ααΈαα½α ααΎααααΎααΌα ααααα ααΎααααΈααΆααΆααΆαααΌαααΆαααααΉαααααΌαααααααΆ αα ααααααααΈααΆαα/ααΆαααααααα’αααααααΎααααΆαααααα»αααααΆααααααΌαααΆαα·α αα ?
- ααΈααΈα ααααααααΎα±ααααΌαααααααα·αααΆαααααααααααΆαααααα½αααΆαααααα»αα α αΎααα·αααααααααααααααΆααααααααΆααααα?
αααα αΆααΊαα½αα±ααα
αΆααα’αΆαααααα αααααααααΆααα·αα
αααΆααααααΌαααΎααααΈαααααα α₯α‘αΌαααααααα»αααΉαααααααααααΈααααααα αΎααααααΆααααααΎαααΉααα·αα·αααααΎαααΆααΆαααααΆαααααααα
from scapy.all import sniff
from scapy.layers.inet import IP
import mysql.connector
import ldap
import getpass
import tftpy
import requests
import os
import time
from string import replace
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=IT,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
if __name__ == '__main__':
macaddr, ipaddr = sniff_frame()
current_account = get_phone_inform(ipaddr)
current_account_password = check_account(current_account)
macaddr = macaddr.replace(':', '')
ipaddr = ipaddr.decode('utf-8')
adname = conn_ldap(getpass.getuser())
query = 'INSERT INTO station (mac, ip, name, number) VALUES (' + '"' + macaddr + '",' + '"' + ipaddr + '",' + '"' + adname + '",' + '"' + get_phone_inform(ipaddr) + '"' + ')'
qwery2 = 'UPDATE station SET ip=' + '"' + ipaddr + '"' + ', name=' + '"' + adname + '"' + ', number=' + '"' + get_phone_inform(ipaddr) + '"' + ' WHERE mac=' + '"' + macaddr + '"'
fquery = 'SELECT EXISTS(SELECT mac FROM voip.station WHERE mac=' + '"' + macaddr + '")'
query = query.encode('utf-8')
fquery = fquery.encode('utf-8')
config = macaddr + '.cfg'
place = os.path.expanduser("~") + "" + "AppDataLocal" + config
conn_mysql(query,fquery,macaddr,qwery2)
tftp_file_change(config,place,adname,current_account,current_account_password)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')
αααααα·ααΈαααααααΎαααΆαααΎαα»αααααΌαααααααα’αααααααΎααααΆαα α αΎαααααΎαααΆαααααααααααΆαα»αααααΌαααααααΌαααΆαααααΆαααα αααααΆαααΆααααααΌαααααα ααααα Yealink T19 αα·αα’αΆα ααααΎαααΆαααΆα αααα ααα αΌαααΆαααα
ααααΌαααΎαααααΌααααααΆααΎααΆααααΌαααΆαααααΆαα? α αΎαβα’αααΈβααα mac αα·α ip ααΌααααααβααααβααΎαβααΆαα
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
αα ααΈαααααΎαααααΎαα»αααΆα sniff ααΈ scapy framework αααααΆααααα½αααααααΆ ααΎαααα½αααΆααααα ααααααααΆα udp αααααΆαααααααα»αααΆαα»α αααα αΆα 70 αα·ααΆααΈ α αΎαααααα·αααΎααΎααα·αα αΆααα’αααΈαα ααΎαα αΆαα ααα
count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060"
αααααΆααααΎαααααΎα±ααααααΆααααΆα§ααααααααααΊαα·αααΆ Yealink α αΎααααα‘αααααααα αΆαααΆα α (ip αα·α mac) α
αααααααΎααααΎαα·ααα ααΎαααααΎαααααΈαα αα α»αααααααα ααΎααΌααααααα ααΎααααΈααααΎααΌα αααα ααΆαααααααα αα α»ααααααααααΌαααΆαααΆαααααΈααΌααααα α αΎααααα
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
αααααααααΆααααααααΆαααααααΆααααααΈαααα ααΎααααΈααααΎααΌα αααααΎαααΆααα ααΆααΆα asterisk.sip αα·αααΆααα·αααααααα αααα»αααΆα
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
ααΆααΆααααααΎαααΆαα αααααΆααααααΆααααΆαα α»αααααα ααΎαααααΆαααα ldap AD αα·αααααΎααααΆαα sAMAccountName αααααα½αααΆαααΆαααααα»αααΆα getpass.getuser() αα cn ααααα’αααααααΎαα αα α»αααααα (αααααΆααααααΆααΆαααααααααααααα’αααααααΎ)α
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=***,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
ααΎαααααΆαααα ααΆααΆααααααΆααααααΎαααΆαα»ααα αααα»αααΌαααααΆααα·αααααα (αααα»αααΆααααααΎαααΆαα ααΈααα) α αΎααααα αΌαα’αααΈααααααααΆααααααΎαααΆααααααΌα ααΆ: ip, mac, username α
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
ααΎαα’αΆα ααααα ααΈααα αααααΆαααΎαααΆααααααΎαααααα α’αΆααααααΆαααΆααααααα½α α αΎα α’αααα’αΆα αα½α ααα»αααααααα»αααΆααα ααααααααα α αΎαααΆαααααααααΆαααααααααααααααααααααα·ααΌαα§ααααααα ααΈαααα
ααΎααααΈααααΎααΌα αααα ααΆαααααααα ααΆααααααααααααΌααααΌαααΆαααΆαααααΈαααΆαααΈααα tftp αααααΆααααααααΆαα»α αααααΎαααααΎααΆαααααΆααααααΌαααααααΎα α αΎααααααΆαα»αααΆααΆ mac.cfg α αααααΊαααααΆαα Yealink ααΆαααΆαααααααα ααΆααααααααααΈααααααα αα½αααΊααα α αΎαααΈααΈαα’αα»ααααα ααααααΌαααααααΆααααΆαααα½α α αΎααα½αααααΆαααααα mac_phone.cfg
αααααΆααααΈααΆαααααΆααααααΌαααΆααα’αααα αααα»αα―αααΆα αα·ααααααΆαα»αααΆαααα‘αααα αααΆαααΈααα tftp ααΎααααααααΆααααααααΆαα ααΌααααααααΎααααΈααααα αα·αα αΆααααααΎαα§αααααα‘αΎααα·αα
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')
αααααΆααααΈα αΆααααααΎαα§αααααα‘αΎααα·α ααΎαααα½αααΆαααααααααααααααΎααα ααΎα’ααααααααΌαααααα + ααααα α’αΆααααααΆαααααααααααααααααΆαααααΉαααααΌααααα»αααααααααΆααΌαααααΆααα·αααααα αααααΆααααα’αααΈαααααα αααααΊααααΌααααααα XML αα·α PHP ααααα·α ααΎααααΈαααα αΆαααααΉαααΆαααΆαααααα ααΆαα§ααΆα αααααααααα αααΎαααΆαα ααΌααααΈαα YEALINK ααααΆααα½ααααααα
PS: αααααΆααααα αααααΆαααα α’αααα’αΆα
ααααΆααααΈααΆααααααααααΆαα (α’ααα) αα
αααα»αα―αααΆαααΆα
ααααα‘αααα½αα
ααααα: www.habr.com