mirror of
https://github.com/infinition/Bjorn.git
synced 2025-12-06 06:11:46 +00:00
Created steal_files_ssh.py (markdown)
infinition
142
steal_files_ssh.py.md
Normal file
142
steal_files_ssh.py.md
Normal file
@@ -0,0 +1,142 @@
|
||||
# Steal Files SSH steal_files_ssh.py
|
||||
|
||||
This document provides a detailed step-by-step explanation of how the `steal_files_ssh.py` script operates. This script connects to remote SSH servers using provided credentials, searches for specific files, and downloads them to a local directory.
|
||||
|
||||
## Overview
|
||||
|
||||
### Description
|
||||
- **Filename**: `steal_files_ssh.py`
|
||||
- **Purpose**: To connect to remote SSH servers using provided credentials, search for specific files, and download them to a local directory.
|
||||
|
||||
## Initialization and Setup
|
||||
|
||||
### Importing Modules
|
||||
The script imports the following modules:
|
||||
|
||||
- **Standard Libraries**:
|
||||
- `os`
|
||||
- `paramiko`
|
||||
- `logging`
|
||||
- `time`
|
||||
- `threading.Timer`
|
||||
|
||||
- **External Libraries**:
|
||||
- `rich.console`
|
||||
|
||||
- **Custom Modules**:
|
||||
- `SharedData`
|
||||
- `Logger`
|
||||
|
||||
### Configuring the Logger
|
||||
The logger is configured to log messages for `steal_files_ssh.py` at the DEBUG level, ensuring detailed logging of events and errors.
|
||||
|
||||
### Defining Global Variables
|
||||
Global variables are defined to provide metadata about the class and module, including:
|
||||
- `b_class = "StealFilesSSH"`
|
||||
- `b_module = "steal_files_ssh"`
|
||||
- `b_status = "steal_files_ssh"`
|
||||
- `b_parent = "SSHBruteforce"`
|
||||
- `b_port = 22`
|
||||
|
||||
## `StealFilesSSH` Class
|
||||
|
||||
### Purpose
|
||||
The `StealFilesSSH` class manages the process of connecting to SSH servers, searching for specific files, and downloading them.
|
||||
|
||||
### Initialization
|
||||
- **Attributes**: Initializes shared data and sets up the state for SSH and SFTP connections.
|
||||
- **Logger**: Logs the initialization process.
|
||||
|
||||
### Methods
|
||||
|
||||
#### `connect_ssh(ip, username, password)`
|
||||
- **Purpose**: Establishes an SSH connection to the specified IP using the provided username and password.
|
||||
- **Logging**: Logs the connection attempt and outcome.
|
||||
- **Returns**: An SSH client object if the connection is successful.
|
||||
|
||||
#### `find_files(ssh, dir_path)`
|
||||
- **Purpose**: Searches for files in the specified directory on the remote server based on configuration criteria (file extensions and names).
|
||||
- **Logging**: Logs the number of matching files found.
|
||||
- **Returns**: A list of matching file paths.
|
||||
|
||||
#### `steal_file(ssh, remote_file, local_dir)`
|
||||
- **Purpose**: Downloads a specified file from the remote server to a local directory.
|
||||
- **Logging**: Logs the download process and outcome.
|
||||
|
||||
#### `execute(ip, port, row, status_key)`
|
||||
- **Purpose**: Orchestrates the file-stealing process by connecting to the remote server, searching for files, and downloading them.
|
||||
- **Logging**: Logs the overall process, including connection attempts, file searches, and downloads.
|
||||
- **Returns**: A status string indicating success or failure.
|
||||
|
||||
## Detailed Execution Flow
|
||||
|
||||
### Step 1: Initialization
|
||||
- The `StealFilesSSH` class is initialized with shared data, setting up necessary attributes and logging the initialization.
|
||||
|
||||
### Step 2: Establish SSH Connection
|
||||
- The `connect_ssh` method attempts to establish an SSH connection using provided credentials.
|
||||
- Successful connections are logged, and an SSH client object is returned.
|
||||
|
||||
### Step 3: Search for Files
|
||||
- The `find_files` method searches for specific files in a given directory on the remote server.
|
||||
- Files that match the configured criteria are logged and returned as a list of file paths.
|
||||
|
||||
### Step 4: Download Files
|
||||
- The `steal_file` method downloads each identified file from the remote server to a local directory.
|
||||
- The download process and outcome are logged.
|
||||
|
||||
### Step 5: Execute File Stealing
|
||||
- The `execute` method orchestrates the overall process, handling connection attempts, file searches, and downloads.
|
||||
- Credentials are retrieved from a pre-configured file, and each credential is tried sequentially.
|
||||
- A timeout mechanism ensures that the process does not hang indefinitely if an SFTP connection is not established.
|
||||
|
||||
## Variables and Configuration
|
||||
|
||||
### Target Files and Directories
|
||||
|
||||
#### `self.shared_data.steal_file_extensions`
|
||||
- **Purpose**: Specifies the file extensions to look for when searching for files on the remote server.
|
||||
- **Type**: List of strings.
|
||||
- **Example**: `['.txt', '.log', '.conf']`
|
||||
|
||||
#### `self.shared_data.steal_file_names`
|
||||
- **Purpose**: Specifies the file names (or parts of file names) to look for when searching for files on the remote server.
|
||||
- **Type**: List of strings.
|
||||
- **Example**: `['important', 'secret', 'config']`
|
||||
|
||||
#### `self.shared_data.sshfile`
|
||||
- **Purpose**: The file that contains the SSH credentials (username and password) cracked from previous brute force attacks.
|
||||
- **Type**: String (file path).
|
||||
- **Example**: `'/path/to/sshfile.csv'`
|
||||
|
||||
#### `self.shared_data.datastolendir`
|
||||
- **Purpose**: The directory where the stolen files will be saved locally.
|
||||
- **Type**: String (directory path).
|
||||
- **Example**: `'/path/to/datastolendir/'`
|
||||
|
||||
### Example Configuration
|
||||
|
||||
```python
|
||||
self.shared_data.steal_file_extensions = ['.txt', '.log', '.conf']
|
||||
self.shared_data.steal_file_names = ['important', 'secret', 'config']
|
||||
self.shared_data.sshfile = '/path/to/sshfile.csv'
|
||||
self.shared_data.datastolendir = '/path/to/datastolendir/'
|
||||
```
|
||||
|
||||
## Integration with Orchestrator
|
||||
|
||||
### Parent-Child Relationship
|
||||
The `StealFilesSSH` class is a child of the `SSHBruteforce` class in the orchestrator's workflow. This means that the file-stealing process is initiated only after the successful execution of the brute force attack managed by `SSHBruteforce`.
|
||||
|
||||
### Method Call
|
||||
The `StealFilesSSH` class is called by the orchestrator via its `execute` method. The process involves:
|
||||
1. **Receiving Target Details**: The orchestrator provides IP, port, and credential details to the `StealFilesSSH` class.
|
||||
2. **Performing File Stealing**: The `execute` method connects to the remote server, searches for files, and downloads them.
|
||||
3. **Updating Orchestrator**: The status (success or failure) is returned to the orchestrator for further action.
|
||||
|
||||
### Example Workflow
|
||||
1. **Initialization**: The orchestrator initializes the `StealFilesSSH` class.
|
||||
2. **Execution**: For each target IP and port, the orchestrator calls the `execute` method of `StealFilesSSH`.
|
||||
3. **Logging and Status Update**: The `StealFilesSSH` class logs each step and updates the status based on the outcome of the file-stealing process.
|
||||
|
||||
By following these detailed steps, the `steal_files_ssh.py` script connects to SSH servers, searches for specified files, and downloads them to a local directory. It integrates seamlessly with the orchestrator for coordinated security operations, ensuring that file-stealing actions are performed only after successful brute force attacks.
|
||||
Reference in New Issue
Block a user