readme updates, testconnect updates

missing0x00 · Mar 21, 2021 · 3ecda29 · 3ecda29
1 parent 8563ad4
commit 3ecda29
Show file tree

Hide file tree

Showing 8 changed files with 151 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@ Launch a password spray via Amazon AWS passthrough proxies, shifting the request
 
 Shoutout to [@ustayready](https://twitter.com/ustayready) for his [CredKing](https://github.com/ustayready/CredKing) and [FireProx](https://github.com/ustayready/fireprox) tools, which form the base of this suite.
 
-See all the full notes on the [Wiki](https://github.com/knavesec/CredMaster/wiki)
+See all the full notes on the [Wiki](https://github.com/knavesec/CredMaster/wiki), tool released with specifics in this [blogpost](https://whynotsecurity.com/blog/credmaster/)
 
 
 ## Benefits ##

diff --git a/credmaster.py b/credmaster.py
@@ -107,7 +107,7 @@ def main(args,pargs):
 		apis = load_apis(access_key, secret_access_key, profile_name, session_token, thread_count, url)
 
 		# do test connection / fingerprint
-		connect_success, testconnect_output, pluginargs = validator.testconnect(pluginargs, args, apis['us-east-2'])
+		connect_success, testconnect_output, pluginargs = validator.testconnect(pluginargs, args, apis['us-east-2'], random.choice(useragent_file))
 		log_entry(testconnect_output)
 
 		if not connect_success:

diff --git a/plugins/fortinetvpn/__init__.py b/plugins/fortinetvpn/__init__.py
@@ -1,4 +1,4 @@
-import requests
+import requests, random
 
 def validate(pluginargs, args):
     #
@@ -17,10 +17,17 @@ def validate(pluginargs, args):
         return False, error, None
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'] + "/remote/login?lang=en")
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'] + "/remote/login?lang=en", headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -31,3 +38,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Warning, Fortinet client not indicated, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second
diff --git a/plugins/httpbrute/__init__.py b/plugins/httpbrute/__init__.py
@@ -1,4 +1,4 @@
-import requests
+import requests, random
 
 def validate(pluginargs, args):
     #
@@ -23,10 +23,17 @@ def validate(pluginargs, args):
         return False, error, None
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'])
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'], headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -35,3 +42,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Connection success, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second
diff --git a/plugins/msol/__init__.py b/plugins/msol/__init__.py
@@ -1,14 +1,21 @@
-import requests
+import requests, random
 
 def validate(pluginargs, args):
     pluginargs = {'url' : "https://login.microsoft.com"}
     return True, None, pluginargs
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'])
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'], headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -17,3 +24,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Connection success, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second
diff --git a/plugins/o365/__init__.py b/plugins/o365/__init__.py
@@ -7,10 +7,17 @@ def validate(pluginargs, args):
     return True, None, pluginargs
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'])
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'], headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -19,3 +26,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Connection success, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second
diff --git a/plugins/okta/__init__.py b/plugins/okta/__init__.py
@@ -1,4 +1,4 @@
-import requests
+import requests, random
 
 def validate(pluginargs, args):
     #
@@ -20,10 +20,17 @@ def validate(pluginargs, args):
         return False, error, None
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'])
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'], headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -32,3 +39,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Connection success, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second
diff --git a/plugins/template/__init__.py b/plugins/template/__init__.py
@@ -1,4 +1,4 @@
-import requests
+import requests, random
 
 def validate(pluginargs, args):
     #
@@ -21,10 +21,17 @@ def validate(pluginargs, args):
     return True, None, pluginargs
 
 
-def testconnect(pluginargs, args, api_dict):
+def testconnect(pluginargs, args, api_dict, useragent):
 
     success = True
-    resp = requests.get(api_dict['proxy_url'])
+    headers = {
+        'User-Agent': useragent,
+        "X-My-X-Forwarded-For" : generate_ip(),
+        "x-amzn-apigateway-api-id" : generate_id(),
+        "X-My-X-Amzn-Trace-Id" : generate_trace_id(),
+    }
+
+    resp = requests.get(api_dict['proxy_url'], headers=headers)
 
     if resp.status_code == 504:
         output = "Testconnect: Connection failed, endpoint timed out, exiting"
@@ -33,3 +40,18 @@ def testconnect(pluginargs, args, api_dict):
         output = "Testconnect: Connection success, continuting"
 
     return success, output, pluginargs
+
+
+def generate_ip():
+    return ".".join(str(random.randint(0,255)) for _ in range(4))
+
+
+def generate_id():
+    return "".join(random.choice("0123456789abcdefghijklmnopqrstuvwxyz") for _ in range(10))
+
+
+def generate_trace_id():
+    str = "Root=1-"
+    first = "".join(random.choice("0123456789abcdef") for _ in range(8))
+    second = "".join(random.choice("0123456789abcdef") for _ in range(24))
+    return str + first + "-" + second