From: Jon Langseth Date: Tue, 6 Aug 2013 10:40:00 +0000 (+0200) Subject: Remote reset of phones, using sipsak NOTIFY X-Git-Url: https://git.defcon.no/?a=commitdiff_plain;h=868ce9fd49ecdd56c923fe57dca4c9e7a112a639;p=hermes Remote reset of phones, using sipsak NOTIFY --- diff --git a/guc-clients/reset-tool b/guc-clients/reset-tool new file mode 100755 index 0000000..3785667 --- /dev/null +++ b/guc-clients/reset-tool @@ -0,0 +1,222 @@ +#!/usr/bin/perl +use strict; + +use Data::Dumper; + +#TODO: Add support for assigning phone number +#TODO: Add support for overriding default domain ... + +use Getopt::Long; +use Net::LDAP; +use Net::LDAP::Control::Paged; +use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); +use LWP; +use JSON; +use AppConfig; +use Text::Iconv; + +my $api_key; + +my $help; +my $username; +my $agent; +my $file; +my $proxy; +my $sipsak; + +my $configfile = undef; +my $format = 0; +my ($g_ua, $session, $api_key, $auth_key, $data, $domain); + +my $config = AppConfig->new({ CREATE => 1 }); + +$config->define("api_url=s"); +$config->define("api_keyfile=s"); + +foreach ( + "/usr/local/etc/hermes/hermes_config", + "/usr/local/etc/hermes/config", + "/etc/hermes/config", + $ENV{"HOME"} . "/.hermes/config", + $ENV{"HOME"} . "/.hermes_config", +) { $configfile = $_ if ( -f $_ ); } + +GetOptions( + "help" => \$help, + "configfile=s" => \$configfile, + "username=s" => \$username, + "agent=s" => \$agent, + "file=s" => \$file, + "proxy=s" => \$proxy, + "sipsak=s" => \$sipsak, +); + +if ( + (not $agent) || + (not $file) || + (not $proxy) || + (not $sipsak) || + (not $username) || + (not $configfile) || + (( $configfile ) && ( not -f $configfile )) +) +{ + $help = 1; +} + +$config->file( $configfile ); + +if ( ( not $config->api_url ) || + ( not $config->api_keyfile ) || + ( $config->api_keyfile && not -f $config->api_keyfile ) +) +{ + $help = 1; +} + +if ( $help ) { +print <api_keyfile; +chomp( $api_key = ); +close KEY; + +if ( not $username =~ m/\w+/ ) +{ print "Illegal username\n"; exit; } + +$g_ua = LWP::UserAgent->new; +$g_ua->cookie_jar({}); # In-memory jar, look at HTTP::Cookies for persistant + +login_apikey(); + +# First: fetch a supported domain from the API... +$data = exec_apinode("domain/list", undef); +if ( $data->{'response'} eq 'ok' ) +{ + $domain = $data->{'list'}[0]; +} +else +{ + printf("Unable to get domain name. Aborting\n"); + logout(); + exit; +} + +if ( $username =~ /@/ ) +{ + ( $username, $domain ) = split /@/, $username; +} + +$data = exec_apinode("user/location", { 'username' => $username, 'domain' => $domain }); +if ( not $data->{'response'} eq 'ok' ) +{ + printf("Unable to fetch location: %s\n", $data->{'cause'}); + exit; +} +my $t = $data->{'locations'}; +my @locations = @$t; + +foreach my $l ( @locations ) +{ + if ( $l->{'useragent'} =~ m/$agent/ ) + { + $l->{'contact'} =~ m/sip:(\w+)@(.*):(\d+)/; + my ( $user, $host, $port) = ( $1, $2, $3 ); + + $data = exec_apinode("user/get", { 'username' => $user, 'domain' => $domain }); + if ( not $data->{'response'} eq 'ok' ) + { + printf("Unable to fetch user: %s\n", $data->{'cause'}); + exit; + } + + my $sipuser = $data->{'user'}; + my $pass = $data->{'user'}->{'password'}; + #printf("Auth password.: %s\n", $sipuser->{'password'}); + + printf("%s -vvv -G -f %s -p %s -H %s -s sip:%s@%s -a %s\n", + $sipsak, + $file, + $proxy, + $host, + $user, + $domain, + $pass, + ); + } +} + +undef $data; + +logout(); +################################################################################################ +sub exec_apinode($$) +{ + my $node = shift; + my $param = shift; + + my ( $response, $data ); + + $session = "" if not defined $session; + $auth_key = "" if not defined $auth_key; + my $url = $config->api_url . "/" . $node; + + $param->{'session'} = $session; + $param->{'auth_key'} = $auth_key; + + $response = $g_ua->post( $url, $param ); + if ( $response->is_success ) + { + if ( $response->content =~ m/\s*{/ ) + { + $data = decode_json( $response->content); + } + else + { + $data = $response->content; + } + + } + return $data; +} + +sub login_apikey +{ + my $response = $g_ua->post( $config->api_url . "/auth/login", + [ "api_key" => $api_key ] ); + + my $data = decode_json( $response->content) if $response->is_success; + die("HTTP error") unless $response->is_success; + + if ( $data->{'response'} eq "ok" ) + { + $session = $data->{'session'}; + $auth_key = $data->{'auth_key'}; + } + else + { + print "Unable to log in to Hermes API\n"; + exit; + } + undef $data; undef $response; +} + +sub logout +{ + my $response = $g_ua->post( $config->api_url . "/auth/logout", + [ "session" => $session ] ); + die("HTTP error") unless $response->is_success; + undef $session; undef $auth_key; +}