p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Agent: Remove architecture setting from web_rce.py

This commit is contained in:
Shreya Malviya 2022-02-23 12:44:39 +05:30
parent 5cbcb88dd6
commit 0501bb7037
2 changed files with 4 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
monkey/infection_monkey/exploit/web_rce.py
View File

@ -1,11 +1,10 @@
import logging
import re
from abc import abstractmethod
from posixpath import join
from typing import List, Tuple
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
from infection_monkey.exploit.consts import WIN_ARCH_32, WIN_ARCH_64
from infection_monkey.exploit.consts import WIN_ARCH_64
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.http_tools import HTTPTools
@ -15,8 +14,6 @@ from infection_monkey.model import (
CHMOD_MONKEY,
DOWNLOAD_TIMEOUT,
DROPPER_ARG,
GET_ARCH_LINUX,
GET_ARCH_WINDOWS,
ID_STRING,
MONKEY_ARG,
POWERSHELL_HTTP_UPLOAD,
@ -109,7 +106,7 @@ class WebRCE(HostExploiter):
self.target_url = self.get_target_url()
# Check for targets architecture (if it's 32 or 64 bit)
if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()):
if not exploit_config["blind_exploit"]:
return False
# Upload the right monkey to target
@ -254,38 +251,6 @@ class WebRCE(HostExploiter):
if not self.vulnerable_urls:
logger.info("No vulnerable urls found, skipping.")
def get_host_arch(self, url):
"""
:param url: Url for exploiter to use
:return: Machine architecture string or false. Eg. 'i686', '64', 'x86_64', ...
"""
if "linux" in self.host.os["type"]:
resp = self.exploit(url, GET_ARCH_LINUX)
if resp:
# Pulls architecture string
arch = re.search(r"(?<=Architecture:)\s+(\w+)", resp)
try:
arch = arch.group(1)
except AttributeError:
logger.error("Looked for linux architecture but could not find it")
return False
if arch:
return arch
else:
logger.info("Could not pull machine architecture string from command's output")
return False
else:
return False
else:
resp = self.exploit(url, GET_ARCH_WINDOWS)
if resp:
if "64-bit" in resp:
return WIN_ARCH_64
else:
return WIN_ARCH_32
else:
return False
# Wrapped functions:
def get_ports_w(self, ports, names):
"""
@ -302,15 +267,6 @@ class WebRCE(HostExploiter):
else:
return ports
def set_host_arch(self, url):
arch = self.get_host_arch(url)
if not arch:
logger.error("Couldn't get host machine's architecture")
return False
else:
self.host.os["machine"] = arch
return True
def run_backup_commands(self, resp, url, dest_path, http_path):
"""
If you need multiple commands for the same os you can override this method to add backup
@ -520,6 +476,7 @@ class WebRCE(HostExploiter):
return self._config.dropper_target_path_linux
if self.host.os["type"] == "windows":
try:
# remove now or when 32-bit binaries are removed?
if self.host.os["machine"] == WIN_ARCH_64:
return self._config.dropper_target_path_win_64
except KeyError:

3
monkey/infection_monkey/model/__init__.py
View File

@ -44,8 +44,7 @@ RUN_MONKEY = "%(monkey_path)s %(monkey_type)s %(parameters)s"
# Commands used to check for architecture and if machine is exploitable
CHECK_COMMAND = "echo %s" % ID_STRING
# Architecture checking commands
GET_ARCH_WINDOWS = "wmic os get osarchitecture"
GET_ARCH_LINUX = "lscpu"
GET_ARCH_WINDOWS = "wmic os get osarchitecture" # can't remove, powershell exploiter uses
# All in one commands (upload, change permissions, run)
HADOOP_WINDOWS_COMMAND = (