Merge pull request BinaryDefense#92 from russhaun/win_fixes

Windows side fixes for issue BinaryDefense#86

artillery.py

@@ -22,28 +22,21 @@
 # import artillery global variables
 import src.globals
 from src.core import *
-#
-# Tested on win 7/8/10 also on kali rolling. left this here for when someone tries to launch this directly before using setup.
-
 #
 init_globals()
-
+# Tested on win 7/8/10 also on kali rolling. left this here for when someone tries to launch this directly before using setup.
 if not os.path.isfile(src.globals.g_appfile):
     print("[*] Artillery is not installed, running setup.py..")
     import setup
 
-
 # from src.config import * # yaml breaks config reading - disabling
 
-check_config()
-
 if is_windows():#this is for launching script as admin from batchfile.
     if not isUserAdmin():# will prompt for user\pass and open in seperate window when you double click batchfile
         runAsAdmin()
-    #removed below.These folders are created in setup.py
-    #if not os.path.isdir("C:\\Program Files (x86)\\Artillery\\database"):
-        #os.mkdir("C:\\Program Files (x86)\\Artillery\\database")
+    #
     if isUserAdmin():
+        check_config()
         #moved for issue #39 BinaryDefense to only import on windows. seemed like best place
         #not the best way but for now something will go into eventlog.
         #for people with subscriptions in there environment like myself.
@@ -71,6 +64,7 @@
             print ("[*] You must be root to run this script!\r\n")
         sys.exit(1)
     else:
+        check_config()
         if not os.path.isdir(src.globals.g_apppath + "/database/"):
             os.makedirs(src.globals.g_apppath + "/database/")
         if not os.path.isfile(src.globals.g_apppath + "/database/temp.database"):
@@ -133,8 +127,9 @@
         import src.harden
 
     # start the email handler
-    write_console("Launching email handler.")
-    import src.email_handler
+    if is_config_enabled("EMAIL_ALERTS") and is_posix():
+        write_console("Launching email handler.")
+        import src.email_handler
 
     # check to see if we are a threat server or not
     if is_config_enabled("THREAT_SERVER"):

src/config.py

@@ -25,7 +25,7 @@ def get_config_path():
         #if os.path.isfile("config"):
         #    path = "config"
     if is_windows():
-        program_files = os.environ["ProgramFiles"]
+        program_files = os.environ["PROGRAMFILES(X86)"]
         if os.path.isfile(globals.g_configfile):
             path = globals.g_configfile
     return path

src/core.py

@@ -14,7 +14,12 @@
     from email import Encoders
     from email.utils import formatdate
 except ImportError:
-    from email import *
+
+    from email.mime.multipart import MIMEMultipart
+    from email.utils import formatdate
+    from email.mime.base import MIMEBase
+    from email.mime.text import MIMEText
+    from email import encoders
 
 import os
 import re
@@ -118,7 +123,7 @@ def check_config():
     configdefaults["HONEYPOT_BAN_CLASSC"] = ["OFF","WHEN BANNING, DO YOU WANT TO BAN ENTIRE CLASS C AT ONCE INSTEAD OF INDIVIDUAL IP ADDRESS"]
     configdefaults["HONEYPOT_BAN_LOG_PREFIX"] = ["","PUT A PREFIX ON ALL BANNED IP ADDRESSES. HELPFUL FOR WHEN TRYING TO PARSE OR SHOW DETECTIONS THAT YOU ARE PIPING OFF TO OTHER SYSTEMS. WHEN SET, PREFIX IPTABLES LOG ENTRIES WITH THE PROVIDED TEXT"]
     configdefaults["WHITELIST_IP"] = ["127.0.0.1,localhost", "WHITELIST IP ADDRESSES, SPECIFY BY COMMAS ON WHAT IP ADDRESSES YOU WANT TO WHITELIST"]
-    configdefaults["TCPPORTS"] = ["22,1433,8080,21,5060,5061,5900,25,3389,53,110,1723,1337,10000,5800,44443,16993","TCP PORTS TO SPAWN HONEYPOT FOR"]
+    configdefaults["TCPPORTS"] = ["22,1433,8080,21,5060,5061,5900,25,53,110,1723,1337,10000,5800,44443,16993","TCP PORTS TO SPAWN HONEYPOT FOR"]
     configdefaults["UDPPORTS"] = ["123,53,5060,5061,3478", "UDP PORTS TO SPAWN HONEYPOT FOR"]
     configdefaults["HONEYPOT_AUTOACCEPT"] = ["ON", "SHOULD THE HONEYPOT AUTOMATICALLY ADD ACCEPT RULES TO THE ARTILLERY CHAIN FOR ANY PORTS ITS LISTENING ON"]
     configdefaults["EMAIL_ALERTS"] = ["OFF","SHOULD EMAIL ALERTS BE SENT"]
@@ -239,7 +244,7 @@ def check_config():
       msg = "A brand new config file '%s' was created. Please review the file, change as needed, and launch artillery (again)." % globals.g_configfile
       write_console(msg)
       write_log(msg,1)
-      sys.exit(1) 
+      #sys.exit(1) 
 
     return
 
@@ -991,20 +996,20 @@ def mail(to, subject, text):
         msg.attach(MIMEText(text))
         # prep the smtp server
         mailServer = smtplib.SMTP("%s" % (smtp_address), smtp_port)
-        # send ehlo
-        mailServer.ehlo()
-        # if we aren't using open relays
-        if user != "":
+        if user == '':
+            write_console("[!] Email username is blank. please provide address in config file")
+        else:
+            # send ehlo
+            mailServer.ehlo()
             # tls support?
             mailServer.starttls()
             # some servers require ehlo again
             mailServer.ehlo()
             mailServer.login(user, pwd)
-
-        # send the mail
-        write_log("Sending email to %s: %s" % (to, subject))
-        mailServer.sendmail(smtp_from, to, msg.as_string())
-        mailServer.close()
+            # send the mail
+            write_log("Sending email to %s: %s" % (to, subject))
+            mailServer.sendmail(smtp_from, to, msg.as_string())
+            mailServer.close()
 
     except Exception as err:
         write_log("Error, Artillery was unable to log into the mail server %s:%d" % (

src/honeypot.py

@@ -102,12 +102,14 @@ def setup(self):
 
 def open_sesame(porttype, port):
     if honeypot_autoaccept:
-        cmd = "iptables -D ARTILLERY -p %s --dport %s -j ACCEPT -w 3" % (porttype, port)
-        execOScmd(cmd)
-        cmd = "iptables -A ARTILLERY -p %s --dport %s -j ACCEPT -w 3" % (porttype, port)
-        execOScmd(cmd)
-        write_log("Created iptables rule to accept incoming connection to %s %s" % (porttype, port))
-
+        if is_posix():
+            cmd = "iptables -D ARTILLERY -p %s --dport %s -j ACCEPT -w 3" % (porttype, port)
+            execOScmd(cmd)
+            cmd = "iptables -A ARTILLERY -p %s --dport %s -j ACCEPT -w 3" % (porttype, port)
+            execOScmd(cmd)
+            write_log("Created iptables rule to accept incoming connection to %s %s" % (porttype, port))
+        if is_windows():
+            pass
 
 # here we define a basic server
 
@@ -175,6 +177,7 @@ def listenudp_server(udpport, bind_interface):
             continue
 
       if not bindsuccess:
+          binderror = ''
           bind_error = "Artillery was unable to bind to UDP port %s. This could be due to an active port in use.\n" % (port)
           subject = socket.gethostname() + " | Artillery error - unable to bind to UDP port %s" % port
           binderror += errormsg

src/pyuac.py

@@ -97,7 +97,7 @@ def runAsAdmin(cmdLine=None, wait=True):
                               lpVerb=lpVerb,
                               lpFile=cmd,
                               lpParameters=params)
-
+    
     if wait:
         procHandle = procInfo['hProcess']    
         obj = win32event.WaitForSingleObject(procHandle, win32event.INFINITE)
@@ -107,6 +107,7 @@ def runAsAdmin(cmdLine=None, wait=True):
         rc = None
 
     return rc
+    sys.exit()
 
 def test():
     """A simple test function; check if we're admin, and if not relaunch