I taku taenga mai ki te mahi mo tenei kamupene, kua whiwhi ahau i etahi putunga korero mo nga taputapu IP, he maha nga kaitoro whai whetūriki me te papaki i te ahua o FreeBPX. Hei taapiri, he riterite te PBX Samsung IDCS500 i mahi whakarara, a, i te nuinga o te waa, ko te punaha korero matua i roto i te kamupene; Ko te waea waea IP he mahi anake mo te tari hoko. Na ka haere tonu nga mea katoa ki te tunu penei, engari i tetahi ra pai ka tukuna he ture ki te whakawhiti i nga tangata katoa ki te waea IP, kua whakaaehia nga wa mutunga, kua hokona nga taputapu, a ka timata te mahere ki te whakawhiti i te hinonga ki te rautau 21.
Ko te mea tuatahi ka timata te awangawanga i roto i tenei ahuatanga ko te piki haere o te maha o nga huinga waea e tika ana kia whakahaeretia, ko te mea tuarua i tino awangawanga ko te pukapuka waea. Mena ka taea e te Kaiwhakahaere Whakamutunga te awhina i a maatau ki te mea tuatahi (na te mea i tapahia mai i nga putanga hou o FreePBX), katahi ka puta etahi patai me te pukapuka:
- Tuatahi, me pehea te whakarite i tona tika ina huri tonu te waahi/maamaa o nga kaiwhakamahi?
- Tuarua, me pehea te whakakore i nga waea. A kaua e whakakiia te ingoa hoapaki i nga wa katoa?
He rawe te raru, kaore i roa te otinga ka tae mai. Inaianei ka hoatu e ahau te katoa o nga rarangi ingoa, katahi ka tirohia e tatou kia pai.
from scapy.all import sniff
from scapy.layers.inet import IP
import mysql.connector
import ldap
import getpass
import tftpy
import requests
import os
import time
from string import replace
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=IT,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adname
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_account
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return password
if __name__ == '__main__':
macaddr, ipaddr = sniff_frame()
current_account = get_phone_inform(ipaddr)
current_account_password = check_account(current_account)
macaddr = macaddr.replace(':', '')
ipaddr = ipaddr.decode('utf-8')
adname = conn_ldap(getpass.getuser())
query = 'INSERT INTO station (mac, ip, name, number) VALUES (' + '"' + macaddr + '",' + '"' + ipaddr + '",' + '"' + adname + '",' + '"' + get_phone_inform(ipaddr) + '"' + ')'
qwery2 = 'UPDATE station SET ip=' + '"' + ipaddr + '"' + ', name=' + '"' + adname + '"' + ', number=' + '"' + get_phone_inform(ipaddr) + '"' + ' WHERE mac=' + '"' + macaddr + '"'
fquery = 'SELECT EXISTS(SELECT mac FROM voip.station WHERE mac=' + '"' + macaddr + '")'
query = query.encode('utf-8')
fquery = fquery.encode('utf-8')
config = macaddr + '.cfg'
place = os.path.expanduser("~") + "" + "AppDataLocal" + config
conn_mysql(query,fquery,macaddr,qwery2)
tftp_file_change(config,place,adname,current_account,current_account_password)
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')Ka rere te papatono i runga i te rorohiko a te kaiwhakamahi me te mahi mena ka hono te rorohiko ki te whatunga ma te waea, na te mea kaore e taea e Yealink T19 te mahi hei kuaha.
Tuatahi, me maarama mehemea kei te hono? a he aha te mac me te ip kei a maatau waea.
def sniff_frame():
pcapf = sniff(count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060")
if len(pcapf) == 0:
exit()
frame = pcapf[0]
macaddr = frame.src
print macaddr[:8]
if macaddr[:8] != '80:5e:c0':
exit()
ipaddr = frame[0][IP].src
return macaddr, ipaddr
I konei ka whakamahia e matou te mahi hongi mai i te anga scapy, me tana awhina ka whiwhi matou i te kete udp kua tohua, tatari mo te 70 hēkona, ki te kore e mau tetahi mea, ka puta.
count=1, timeout=70, filter="dst host 192.168.0.3 and port 5060"I muri mai, ka whakarite maatau ko te taputapu he Yealink me te whakahoki i nga uara e tika ana (ip me te mac).
Ma te whakamahi i tetahi tono motuhake, ka kitea e matou te kaute o naianei i runga i te waea. Ki te mahi i tenei, ka tangohia te whirihoranga o naianei mai i te waea me te poroporoaki.
def get_phone_inform(ipaddr):
fileconf = requests.get('http://admin:admin@'+ipaddr+'/servlet?phonecfg=get[&accounts=1]')
conf = fileconf.text.split('|')
current_account = conf[2]
return current_accountKimihia te kupuhipa mo tenei kaute. Ki te mahi i tenei, ka huri tatou ki te ripanga asterisk.sip me te mara raraunga kei roto.
def check_account(current_account):
connect = mysql.connector.connect(host='192.168.0.3', database='asterisk', user='voip_wr', password='***')
cursor = connect.cursor()
qwery = 'select data from sip where id=' + current_account + ' and keyword="secret";'
cursor.execute(qwery)
password = cursor.fetchall()
if password == ' ':
exit()
else:
return passwordAna, mo te waahanga whakamutunga ka hono atu matou ki te ldap AD me te whakamahi i te sAMAccountName i whiwhi mai i te mahi getpass.getuser() tangohia te cn o te kaiwhakamahi o naianei (kei roto te ingoa katoa o te kaiwhakamahi).
def conn_ldap(login):
ad = ldap.initialize('ldap://***.local')
ad.simple_bind_s('voip@***.local', 'password')
basedn = 'OU=***,DC=***,DC=LOCAL'
basedn_user = 'OU=***,OU=***,DC=***,DC=LOCAL'
scope = ldap.SCOPE_SUBTREE
filterexp = "(&(sAMAccountName=" + login + ")(ObjectClass=person))"
filterexp2 = "(&(ObjectClass=organizationUnit))"
attrlist = ['cn']
attrlist2 = ['OU']
search = ad.search_s(basedn, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname == ' ':
search = ad.search_s(basedn_user, scope, filterexp2, attrlist2)
for i in range(1, len(search)+1):
group = search[i][1]['ou'][0]
basedn_user2 = 'OU='+group+','+basedn_user
search = ad.search_s(basedn_user2, scope, filterexp, attrlist)
adname = search[0][1]['cn'][0].decode('utf-8')
if adname != ' ':
return adname
adname = search[0][1]['cn'][0].decode('utf-8')
ad.unbind_s()
return adnameKa hono atu matou ki tetahi ripanga kua oti te hanga i mua i te papa korero (Naku i hanga ki reira) ka uru ki nga mea katoa i akohia e matou, ara: ip, mac, username.
def conn_mysql(query,fquery,macaddr,qwery2):
connect = mysql.connector.connect(host='192.168.0.3', database='voip', user='voip_wr', password='***')
cursor = connect.cursor()
cursor.execute(fquery)
state = cursor.fetchall()
state = bool(state[0][0])
if state == True:
cursor.execute(qwery2)
connect.commit()
connect.close()
else:
cursor.execute(query)
connect.commit()
connect.close()Ka taea e taatau ki konei, na te mea kua hanga e matou he pukapuka wahitau hihiri, ka patai pea koe, engari i haere tonu ahau me te taapiri i te tuku-aunoa o nga taputapu ki konei.
Ki te mahi i tenei, ka tangohia he whirihoranga tauira mai i te tūmau tftp i whirihora i mua, ka mahia e matou o matou huringa ka tiakina hei mac.cfg. Arā, mo Yealink e rua nga momo whirihoranga, kotahi he ao, a ko te tuarua e pa ana ki tetahi waea motuhake me te ahua mac_phone.cfg
I muri i nga huringa katoa i roto i te konae me te penapena ano ki te tūmau tftp, ka tukuna e matou te whakahau ki te waea ki te whakarato me te whakaara ano i te taputapu.
def tftp_file_change(config,place,adname,current_account,current_account_password):
client = tftpy.TftpClient("192.168.0.3", 69)
client.download('template.cfg', place)
fileread = open(place, 'r')
line = fileread.readlines()
fileread.close()
line[5] = (('account.1.label = ').encode('utf-8') + adname.encode('utf-8') + 'n')
line[2] = (('account.1.auth_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[3] = (('account.1.display_name = ').encode('utf-8') + current_account.encode('utf-8') + 'n')
line[6] = (('account.1.password = ').encode('utf-8') + current_account_password[0][0] + 'n')
filewrite = open(place, 'w')
for i in line:
filewrite.write(i)
filewrite.close()
print place
print config
client.upload(config,place)requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=AutoP')
requests.get('http://admin:admin@'+ipaddr+'/cgi-bin/ConfigManApp.com?key=Reboot')I muri i te whakaara ano i te taputapu, ka tae to matou ingoa katoa ki runga i te mata waea + he pukapuka wahitau kua whakakiia i nga wa katoa i roto i te ahua o te putunga raraunga, katahi ka toe ko te taapiri XML me te PHP iti hei whakaatu hihiri i te ihirangi. He maha nga tauira penei, ara kei a YEALINK ano.
PS: Mo te kaha ake, ka taea e koe te nuku i nga tautuhinga matua (taurangi) ki tetahi konae motuhake.
Source: will.com