Agent: Remove architecture setting from web_rce.py
This commit is contained in:
parent
5cbcb88dd6
commit
0501bb7037
|
@ -1,11 +1,10 @@
|
|||
import logging
|
||||
import re
|
||||
from abc import abstractmethod
|
||||
from posixpath import join
|
||||
from typing import List, Tuple
|
||||
|
||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||
from infection_monkey.exploit.consts import WIN_ARCH_32, WIN_ARCH_64
|
||||
from infection_monkey.exploit.consts import WIN_ARCH_64
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||
|
@ -15,8 +14,6 @@ from infection_monkey.model import (
|
|||
CHMOD_MONKEY,
|
||||
DOWNLOAD_TIMEOUT,
|
||||
DROPPER_ARG,
|
||||
GET_ARCH_LINUX,
|
||||
GET_ARCH_WINDOWS,
|
||||
ID_STRING,
|
||||
MONKEY_ARG,
|
||||
POWERSHELL_HTTP_UPLOAD,
|
||||
|
@ -109,7 +106,7 @@ class WebRCE(HostExploiter):
|
|||
self.target_url = self.get_target_url()
|
||||
|
||||
# Check for targets architecture (if it's 32 or 64 bit)
|
||||
if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()):
|
||||
if not exploit_config["blind_exploit"]:
|
||||
return False
|
||||
|
||||
# Upload the right monkey to target
|
||||
|
@ -254,38 +251,6 @@ class WebRCE(HostExploiter):
|
|||
if not self.vulnerable_urls:
|
||||
logger.info("No vulnerable urls found, skipping.")
|
||||
|
||||
def get_host_arch(self, url):
|
||||
"""
|
||||
:param url: Url for exploiter to use
|
||||
:return: Machine architecture string or false. Eg. 'i686', '64', 'x86_64', ...
|
||||
"""
|
||||
if "linux" in self.host.os["type"]:
|
||||
resp = self.exploit(url, GET_ARCH_LINUX)
|
||||
if resp:
|
||||
# Pulls architecture string
|
||||
arch = re.search(r"(?<=Architecture:)\s+(\w+)", resp)
|
||||
try:
|
||||
arch = arch.group(1)
|
||||
except AttributeError:
|
||||
logger.error("Looked for linux architecture but could not find it")
|
||||
return False
|
||||
if arch:
|
||||
return arch
|
||||
else:
|
||||
logger.info("Could not pull machine architecture string from command's output")
|
||||
return False
|
||||
else:
|
||||
return False
|
||||
else:
|
||||
resp = self.exploit(url, GET_ARCH_WINDOWS)
|
||||
if resp:
|
||||
if "64-bit" in resp:
|
||||
return WIN_ARCH_64
|
||||
else:
|
||||
return WIN_ARCH_32
|
||||
else:
|
||||
return False
|
||||
|
||||
# Wrapped functions:
|
||||
def get_ports_w(self, ports, names):
|
||||
"""
|
||||
|
@ -302,15 +267,6 @@ class WebRCE(HostExploiter):
|
|||
else:
|
||||
return ports
|
||||
|
||||
def set_host_arch(self, url):
|
||||
arch = self.get_host_arch(url)
|
||||
if not arch:
|
||||
logger.error("Couldn't get host machine's architecture")
|
||||
return False
|
||||
else:
|
||||
self.host.os["machine"] = arch
|
||||
return True
|
||||
|
||||
def run_backup_commands(self, resp, url, dest_path, http_path):
|
||||
"""
|
||||
If you need multiple commands for the same os you can override this method to add backup
|
||||
|
@ -520,6 +476,7 @@ class WebRCE(HostExploiter):
|
|||
return self._config.dropper_target_path_linux
|
||||
if self.host.os["type"] == "windows":
|
||||
try:
|
||||
# remove now or when 32-bit binaries are removed?
|
||||
if self.host.os["machine"] == WIN_ARCH_64:
|
||||
return self._config.dropper_target_path_win_64
|
||||
except KeyError:
|
||||
|
|
|
@ -44,8 +44,7 @@ RUN_MONKEY = "%(monkey_path)s %(monkey_type)s %(parameters)s"
|
|||
# Commands used to check for architecture and if machine is exploitable
|
||||
CHECK_COMMAND = "echo %s" % ID_STRING
|
||||
# Architecture checking commands
|
||||
GET_ARCH_WINDOWS = "wmic os get osarchitecture"
|
||||
GET_ARCH_LINUX = "lscpu"
|
||||
GET_ARCH_WINDOWS = "wmic os get osarchitecture" # can't remove, powershell exploiter uses
|
||||
|
||||
# All in one commands (upload, change permissions, run)
|
||||
HADOOP_WINDOWS_COMMAND = (
|
||||
|
|
Loading…
Reference in New Issue