pwn 0.4.478 → 0.4.481
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +2 -2
- data/README.md +2 -2
- data/bin/pwn_perimeter_recon +2 -2
- data/bin/pwn_shodan_search +1 -1
- data/lib/pwn/plugins/msr206.rb +161 -65
- data/lib/pwn/version.rb +1 -1
- metadata +6 -6
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9982a0cc0ec0ac9abb6f30e3bdb8cfb48328e69683ca48824381133ad235edf1
|
4
|
+
data.tar.gz: e0d25785cb24747d2593e622c3338fd37d27bc711bc18577cecd16b71d9ad48a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f956e5a528a46aafdc929ff4cc6836423b510d6103bf985193491b1a9c08d69c34da582a1f2aa172d9d9265def2789927f623d9d37b117670242f1f03b613c3a
|
7
|
+
data.tar.gz: 26c61de702fb0f1e6047afb53ba36f64f83c331c78553d7c038134a7891d66c682454074207f7a8516e221e66f281d7a0c1a596ae1fc2239171abc02ba076ef3
|
data/Gemfile
CHANGED
@@ -33,12 +33,12 @@ gem 'ipaddress', '0.8.3'
|
|
33
33
|
gem 'js-beautify', '0.1.8'
|
34
34
|
gem 'json', '2.6.2'
|
35
35
|
gem 'jsonpath', '1.1.2'
|
36
|
-
gem 'jwt', '2.4.
|
36
|
+
gem 'jwt', '2.4.1'
|
37
37
|
gem 'luhn', '1.0.2'
|
38
38
|
gem 'mail', '2.7.1'
|
39
39
|
gem 'mongo', '2.17.1'
|
40
40
|
gem 'msfrpc-client', '1.1.2'
|
41
|
-
gem 'net-ldap', '0.17.
|
41
|
+
gem 'net-ldap', '0.17.1'
|
42
42
|
gem 'net-openvpn', '0.8.7'
|
43
43
|
gem 'net-smtp', '0.3.1'
|
44
44
|
gem 'nexpose', '7.3.0'
|
data/README.md
CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
37
37
|
$ rvm list gemsets
|
38
38
|
$ gem install --verbose pwn
|
39
39
|
$ pwn
|
40
|
-
pwn[v0.4.
|
40
|
+
pwn[v0.4.481]:001 >>> PWN.help
|
41
41
|
```
|
42
42
|
|
43
43
|
[![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
|
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
|
|
52
52
|
$ gem uninstall --all --executables pwn
|
53
53
|
$ gem install --verbose pwn
|
54
54
|
$ pwn
|
55
|
-
pwn[v0.4.
|
55
|
+
pwn[v0.4.481]:001 >>> PWN.help
|
56
56
|
```
|
57
57
|
|
58
58
|
|
data/bin/pwn_perimeter_recon
CHANGED
@@ -130,7 +130,7 @@ def invoke_burp(opts = {})
|
|
130
130
|
)
|
131
131
|
|
132
132
|
File.open(json_results, 'w') do |f|
|
133
|
-
f.puts scan_issues_hash
|
133
|
+
f.puts JSON.pretty_generate(scan_issues_hash)
|
134
134
|
end
|
135
135
|
puts "#{@green}complete.#{@end_of_color}\n\n\n"
|
136
136
|
|
@@ -190,7 +190,7 @@ unless ipinfo.nil?
|
|
190
190
|
|
191
191
|
ipinfo_struc = PWN::Plugins::IPInfo.get(ip_or_host: ipinfo_target)
|
192
192
|
File.open(ipinfo_json_results, 'w') do |f|
|
193
|
-
f.puts ipinfo_struc
|
193
|
+
f.puts JSON.pretty_generate(ipinfo_struc)
|
194
194
|
end
|
195
195
|
end
|
196
196
|
end
|
data/bin/pwn_shodan_search
CHANGED
data/lib/pwn/plugins/msr206.rb
CHANGED
@@ -106,6 +106,7 @@ module PWN
|
|
106
106
|
decoded_data_str = ''
|
107
107
|
if raw_byte_arr
|
108
108
|
raw_byte_arr.first.split.each do |byte_str|
|
109
|
+
# TODO: Different case statements for each parity
|
109
110
|
case byte_str
|
110
111
|
when '1B'
|
111
112
|
decoded_data_str += ''
|
@@ -612,6 +613,7 @@ module PWN
|
|
612
613
|
msr206_obj: msr206_obj,
|
613
614
|
cmd: type
|
614
615
|
)
|
616
|
+
puts exec_resp.inspect
|
615
617
|
|
616
618
|
print 'Ready to Read. Please Swipe Card Now:'
|
617
619
|
loop do
|
@@ -620,6 +622,7 @@ module PWN
|
|
620
622
|
cmd: type
|
621
623
|
)
|
622
624
|
|
625
|
+
puts exec_resp[:msg]
|
623
626
|
break if exec_resp[:msg] == :ack_command_completed
|
624
627
|
end
|
625
628
|
|
@@ -659,6 +662,7 @@ module PWN
|
|
659
662
|
params: [param]
|
660
663
|
)
|
661
664
|
exec_resp[:encoding] = encoding
|
665
|
+
exec_resp[:track_format] = [param]
|
662
666
|
puts exec_resp[:decoded]
|
663
667
|
puts exec_resp.inspect
|
664
668
|
track_data_arr.push(exec_resp)
|
@@ -684,17 +688,20 @@ module PWN
|
|
684
688
|
params: [param]
|
685
689
|
)
|
686
690
|
exec_resp[:encoding] = encoding
|
691
|
+
exec_resp[:track_format] = [param]
|
687
692
|
puts exec_resp[:decoded]
|
688
693
|
puts exec_resp.inspect
|
689
694
|
track_data_arr.push(exec_resp)
|
690
695
|
|
691
696
|
# 3 byte command
|
697
|
+
param = [0x5f] + [param]
|
692
698
|
exec_resp = exec(
|
693
699
|
msr206_obj: msr206_obj,
|
694
700
|
cmd: cmd,
|
695
|
-
params:
|
701
|
+
params: param
|
696
702
|
)
|
697
703
|
exec_resp[:encoding] = encoding
|
704
|
+
exec_resp[:track_format] = param
|
698
705
|
puts exec_resp[:decoded]
|
699
706
|
puts exec_resp.inspect
|
700
707
|
track_data_arr.push(exec_resp)
|
@@ -705,6 +712,9 @@ module PWN
|
|
705
712
|
:arm_to_write_with_raw,
|
706
713
|
:arm_to_write_with_raw_speed_prompts
|
707
714
|
|
715
|
+
# TODO: Set Write Density for Tracks Here
|
716
|
+
# >>>
|
717
|
+
|
708
718
|
if encoding == :iso
|
709
719
|
cmds_arr = %i[
|
710
720
|
load_iso_std_data_for_writing_track1
|
@@ -712,69 +722,96 @@ module PWN
|
|
712
722
|
load_iso_std_data_for_writing_track3
|
713
723
|
]
|
714
724
|
|
725
|
+
# TODO: Get Data by cmd (e.g. load_iso_std_data_for_writing_track1)
|
715
726
|
cmds_arr.each_with_index do |cmd, track|
|
716
727
|
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
728
|
+
puts track_data[track][:decoded]
|
729
|
+
next if track_data[track][:decoded] == '+'
|
730
|
+
|
717
731
|
this_track = track_data[track][:decoded].chars.map do |c|
|
718
732
|
c.unpack1('H*').to_i(16)
|
719
733
|
end
|
720
|
-
|
721
|
-
|
734
|
+
track_eot = [0x04]
|
735
|
+
track_payload = this_track + track_eot
|
736
|
+
puts track_payload.inspect
|
722
737
|
exec_resp = exec(
|
723
738
|
msr206_obj: msr206_obj,
|
724
739
|
cmd: cmd,
|
725
|
-
params:
|
740
|
+
params: track_payload
|
741
|
+
)
|
742
|
+
exec_resp[:encoding] = encoding
|
743
|
+
puts exec_resp.inspect
|
744
|
+
track_data_arr.push(exec_resp)
|
745
|
+
end
|
746
|
+
end
|
747
|
+
|
748
|
+
if encoding == :iso_alt
|
749
|
+
cmds_arr = %i[
|
750
|
+
alt_load_iso_std_data_for_writing_track1
|
751
|
+
alt_load_iso_std_data_for_writing_track2
|
752
|
+
alt_load_iso_std_data_for_writing_track3
|
753
|
+
]
|
754
|
+
|
755
|
+
# TODO: Get Data by cmd (e.g. alt_load_iso_std_data_for_writing_track1)
|
756
|
+
cmds_arr.each_with_index do |cmd, track|
|
757
|
+
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
758
|
+
puts track_data[track][:decoded]
|
759
|
+
next if track_data[track][:decoded] == '+'
|
760
|
+
|
761
|
+
this_track = track_data[track][:decoded].chars.map do |c|
|
762
|
+
c.unpack1('H*').to_i(16)
|
763
|
+
end
|
764
|
+
track_format = track_data[track][:track_format]
|
765
|
+
track_eot = [0x04]
|
766
|
+
track_payload = track_format + this_track + track_eot
|
767
|
+
puts track_payload.inspect
|
768
|
+
exec_resp = exec(
|
769
|
+
msr206_obj: msr206_obj,
|
770
|
+
cmd: cmd,
|
771
|
+
params: track_payload
|
726
772
|
)
|
727
773
|
exec_resp[:encoding] = encoding
|
728
|
-
puts exec_resp[:decoded]
|
729
774
|
puts exec_resp.inspect
|
730
775
|
track_data_arr.push(exec_resp)
|
731
776
|
end
|
732
777
|
end
|
733
778
|
|
734
|
-
|
735
|
-
|
736
|
-
|
737
|
-
|
738
|
-
|
739
|
-
|
740
|
-
|
741
|
-
|
742
|
-
|
743
|
-
|
744
|
-
|
745
|
-
|
746
|
-
|
747
|
-
|
748
|
-
|
749
|
-
|
750
|
-
|
751
|
-
|
752
|
-
|
753
|
-
|
754
|
-
|
755
|
-
|
756
|
-
|
757
|
-
|
758
|
-
|
759
|
-
|
760
|
-
|
761
|
-
|
762
|
-
|
763
|
-
|
764
|
-
# msr206_obj: msr206_obj,
|
765
|
-
# cmd: cmd
|
766
|
-
# )
|
767
|
-
# exec_resp[:encoding] = encoding
|
768
|
-
# puts exec_resp[:decoded]
|
769
|
-
# puts exec_resp.inspect
|
770
|
-
# track_data_arr.push(exec_resp)
|
771
|
-
# end
|
772
|
-
# end
|
779
|
+
if encoding == :raw
|
780
|
+
cmds_arr = %i[
|
781
|
+
load_custom_data_for_writing_track1
|
782
|
+
load_custom_data_for_writing_track2
|
783
|
+
load_custom_data_for_writing_track3
|
784
|
+
]
|
785
|
+
|
786
|
+
# TODO: Get Data by cmd (e.g. load_custom_data_for_writing_track1)
|
787
|
+
cmds_arr.each_with_index do |cmd, track|
|
788
|
+
puts "\n*** #{cmd.to_s.gsub('_', ' ').upcase} #{'*' * 17}"
|
789
|
+
puts track_data[track][:decoded]
|
790
|
+
next if track_data[track][:decoded] == '+'
|
791
|
+
|
792
|
+
this_track = track_data[track][:decoded].chars.map do |c|
|
793
|
+
c.unpack1('H*').to_i(16)
|
794
|
+
end
|
795
|
+
track_format = track_data[track][:track_format]
|
796
|
+
track_eot = [0x04]
|
797
|
+
track_payload = track_format + this_track + track_eot
|
798
|
+
puts track_payload.inspect
|
799
|
+
exec_resp = exec(
|
800
|
+
msr206_obj: msr206_obj,
|
801
|
+
cmd: cmd,
|
802
|
+
params: track_payload
|
803
|
+
)
|
804
|
+
exec_resp[:encoding] = encoding
|
805
|
+
puts exec_resp.inspect
|
806
|
+
track_data_arr.push(exec_resp)
|
807
|
+
end
|
808
|
+
end
|
773
809
|
|
774
810
|
exec_resp = PWN::Plugins::MSR206.exec(
|
775
811
|
msr206_obj: msr206_obj,
|
776
812
|
cmd: type
|
777
813
|
)
|
814
|
+
puts exec_resp.inspect
|
778
815
|
|
779
816
|
print 'Ready to Write. Please Swipe Card Now:'
|
780
817
|
loop do
|
@@ -880,13 +917,86 @@ module PWN
|
|
880
917
|
)
|
881
918
|
end
|
882
919
|
|
883
|
-
File.write(file, "#{track_data
|
920
|
+
File.write(file, "#{JSON.pretty_generate(track_data)}\n")
|
884
921
|
exec_resp = exec(
|
885
922
|
msr206_obj: msr206_obj,
|
886
923
|
cmd: :yellow_off
|
887
924
|
)
|
888
925
|
|
889
|
-
|
926
|
+
track_data
|
927
|
+
rescue StandardError => e
|
928
|
+
raise e
|
929
|
+
end
|
930
|
+
|
931
|
+
# Supported Method Parameters::
|
932
|
+
# PWN::Plugins::MSR206.write_card(
|
933
|
+
# msr206_obj: 'required - msr206_obj returned from #connect method',
|
934
|
+
# encoding: 'required - :iso || :alt_iso || :raw',
|
935
|
+
# track_data: 'requred - track data to write (see #backup_card for structure)'
|
936
|
+
# )
|
937
|
+
|
938
|
+
public_class_method def self.write_card(opts = {})
|
939
|
+
msr206_obj = opts[:msr206_obj]
|
940
|
+
encoding = opts[:encoding].to_s.scrub.strip.chomp.to_sym
|
941
|
+
track_data = opts[:track_data]
|
942
|
+
|
943
|
+
puts 'IN ORDER TO GET BLANK TRACKS, A STRONG MAGNETIC FIELD MUST BE PRESENT TO FIRST WIPE THE CARD TARGETED FOR WRITING.'
|
944
|
+
# puts 'Default Write Current:'
|
945
|
+
# exec_resp = exec(
|
946
|
+
# msr206_obj: msr206_obj,
|
947
|
+
# cmd: :view_default_write_current
|
948
|
+
# )
|
949
|
+
# puts exec_resp.inspect
|
950
|
+
|
951
|
+
# puts 'Temporary Write Current:'
|
952
|
+
# exec_resp = exec(
|
953
|
+
# msr206_obj: msr206_obj,
|
954
|
+
# cmd: :view_temp_write_current
|
955
|
+
# )
|
956
|
+
# puts exec_resp.inspect
|
957
|
+
|
958
|
+
coercivity = :waiting_for_selection
|
959
|
+
loop do
|
960
|
+
puts "\nCOERCIVITY OPTIONS:"
|
961
|
+
puts '[(H)igh (Black Stripe)]'
|
962
|
+
puts '[(L)ow (Brown Stripe)]'
|
963
|
+
print 'COERCIVITY LEVEL >>> '
|
964
|
+
coercivity_choice = gets.scrub.chomp.strip.upcase.to_sym
|
965
|
+
|
966
|
+
# Write Current Settings vs. Media Coercivties
|
967
|
+
# Media Coercivity (Oersteds)|Write Current Setting*|Typical Usage
|
968
|
+
# 300 |36 |Low coercivity
|
969
|
+
# 600 | |
|
970
|
+
# 1800 | |
|
971
|
+
# 3600+ |255 |Typical high corcivity
|
972
|
+
|
973
|
+
case coercivity_choice
|
974
|
+
when :H
|
975
|
+
coercivity = [0x32, 0x35, 0x35]
|
976
|
+
break
|
977
|
+
when :L
|
978
|
+
coercivity = [0x30, 0x33, 0x36]
|
979
|
+
break
|
980
|
+
end
|
981
|
+
end
|
982
|
+
|
983
|
+
exec_resp = exec(
|
984
|
+
msr206_obj: msr206_obj,
|
985
|
+
cmd: :set_temp_write_current,
|
986
|
+
params: coercivity
|
987
|
+
)
|
988
|
+
|
989
|
+
track_data = wait_for_swipe(
|
990
|
+
msr206_obj: msr206_obj,
|
991
|
+
type: :arm_to_write_no_raw,
|
992
|
+
encoding: encoding,
|
993
|
+
track_data: track_data
|
994
|
+
)
|
995
|
+
|
996
|
+
exec_resp = PWN::Plugins::MSR206.exec(
|
997
|
+
msr206_obj: msr206_obj,
|
998
|
+
cmd: :simulate_power_cycle_warm_reset
|
999
|
+
)
|
890
1000
|
|
891
1001
|
track_data
|
892
1002
|
rescue StandardError => e
|
@@ -908,16 +1018,11 @@ module PWN
|
|
908
1018
|
|
909
1019
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
910
1020
|
# TODO: Save Original Card Contents
|
911
|
-
|
1021
|
+
write_card(
|
912
1022
|
msr206_obj: msr206_obj,
|
913
|
-
type: :arm_to_write_no_raw,
|
914
1023
|
encoding: encoding,
|
915
1024
|
track_data: track_data
|
916
1025
|
)
|
917
|
-
|
918
|
-
puts 'complete.'
|
919
|
-
|
920
|
-
track_data
|
921
1026
|
rescue StandardError => e
|
922
1027
|
raise e
|
923
1028
|
end
|
@@ -970,16 +1075,11 @@ module PWN
|
|
970
1075
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
971
1076
|
|
972
1077
|
# TODO: Save Original Card Contents
|
973
|
-
|
1078
|
+
write_card(
|
974
1079
|
msr206_obj: msr206_obj,
|
975
|
-
type: :arm_to_write_no_raw,
|
976
1080
|
encoding: encoding,
|
977
1081
|
track_data: track_data
|
978
1082
|
)
|
979
|
-
|
980
|
-
puts 'complete.'
|
981
|
-
|
982
|
-
track_data
|
983
1083
|
rescue StandardError => e
|
984
1084
|
raise e
|
985
1085
|
end
|
@@ -1001,15 +1101,11 @@ module PWN
|
|
1001
1101
|
|
1002
1102
|
encoding = track_data.first[:encoding] if track_data.length == 3
|
1003
1103
|
# TODO: Save Original Card Contents
|
1004
|
-
|
1104
|
+
write_card(
|
1005
1105
|
msr206_obj: msr206_obj,
|
1006
|
-
|
1007
|
-
|
1106
|
+
encoding: encoding,
|
1107
|
+
track_data: track_data
|
1008
1108
|
)
|
1009
|
-
|
1010
|
-
puts 'complete.'
|
1011
|
-
|
1012
|
-
track_data
|
1013
1109
|
rescue StandardError => e
|
1014
1110
|
raise e
|
1015
1111
|
end
|
data/lib/pwn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: pwn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.481
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- 0day Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-06-
|
11
|
+
date: 2022-06-07 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -310,14 +310,14 @@ dependencies:
|
|
310
310
|
requirements:
|
311
311
|
- - '='
|
312
312
|
- !ruby/object:Gem::Version
|
313
|
-
version: 2.4.
|
313
|
+
version: 2.4.1
|
314
314
|
type: :runtime
|
315
315
|
prerelease: false
|
316
316
|
version_requirements: !ruby/object:Gem::Requirement
|
317
317
|
requirements:
|
318
318
|
- - '='
|
319
319
|
- !ruby/object:Gem::Version
|
320
|
-
version: 2.4.
|
320
|
+
version: 2.4.1
|
321
321
|
- !ruby/object:Gem::Dependency
|
322
322
|
name: luhn
|
323
323
|
requirement: !ruby/object:Gem::Requirement
|
@@ -380,14 +380,14 @@ dependencies:
|
|
380
380
|
requirements:
|
381
381
|
- - '='
|
382
382
|
- !ruby/object:Gem::Version
|
383
|
-
version: 0.17.
|
383
|
+
version: 0.17.1
|
384
384
|
type: :runtime
|
385
385
|
prerelease: false
|
386
386
|
version_requirements: !ruby/object:Gem::Requirement
|
387
387
|
requirements:
|
388
388
|
- - '='
|
389
389
|
- !ruby/object:Gem::Version
|
390
|
-
version: 0.17.
|
390
|
+
version: 0.17.1
|
391
391
|
- !ruby/object:Gem::Dependency
|
392
392
|
name: net-openvpn
|
393
393
|
requirement: !ruby/object:Gem::Requirement
|