p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Island adjusted to differentiate parsing data incoming from linux and windows bootloaders

This commit is contained in:
VakarisZ 2020-02-24 17:17:34 +02:00
parent c2b125012f
commit 056c260c12
4 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
monkey/infection_monkey/transport/http.py
View File

@ -115,8 +115,12 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
def do_POST(self):
content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
post_data = self.rfile.read(content_length).decode() # <--- Gets the data itself
r = requests.post(url=self.path, data=post_data)
if (r.status_code != 200):
try:
r = requests.post(url=self.path, data=post_data)
except requests.exceptions.ConnectionError as e:
LOG.error("Couldn't forward request to the island: {}".format(e))
return self.send_response(404)
if r.status_code != 200:
# somehow forward post request to the next proxy
r = requests.post(url=self.path, data=post_data, proxy=self.path)
if (r.status_code != 200):

2
monkey/monkey_island/cc/app.py
View File

@ -87,7 +87,7 @@ def init_app_url_rules(app):
def init_api_resources(api):
api.add_resource(Root, '/api')
api.add_resource(Monkey, '/api/monkey', '/api/monkey/', '/api/monkey/<string:guid>')
api.add_resource(Bootloader, '/api/bootloader')
api.add_resource(Bootloader, '/api/bootloader/<string:os>')
api.add_resource(LocalRun, '/api/local-monkey', '/api/local-monkey/')
api.add_resource(ClientRun, '/api/client-monkey', '/api/client-monkey/')
api.add_resource(Telemetry, '/api/telemetry', '/api/telemetry/', '/api/telemetry/<string:monkey_guid>')

4
monkey/monkey_island/cc/bootloader_server.py
View File

@ -1,4 +1,5 @@
from http.server import HTTPServer, BaseHTTPRequestHandler
from socketserver import ThreadingMixIn
from urllib import parse
import urllib3
@ -9,7 +10,7 @@ import pymongo
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class BootloaderHttpServer(HTTPServer):
class BootloaderHttpServer(ThreadingMixIn, HTTPServer):
def __init__(self, mongo_url):
self.mongo_client = pymongo.MongoClient(mongo_url)
@ -26,6 +27,7 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
if not conf:
conf = self.server.mongo_client['monkeyisland']['config'].find_one({'name': 'initial'})
island_server_path = BootloaderHTTPRequestHandler.get_bootloader_resource_path_from_config(conf)
island_server_path = parse.urljoin(island_server_path, self.path)
r = requests.post(url=island_server_path, data=post_data, verify=False)
if r.status_code != 200:

17
monkey/monkey_island/cc/resources/bootloader.py
View File

@ -10,18 +10,29 @@ from monkey_island.cc.services.bootloader import BootloaderService
class Bootloader(flask_restful.Resource):
# Used by monkey. can't secure.
def post(self, **kw):
data = Bootloader.parse_bootloader_request(request.data)
def post(self, os):
if os == 'linux':
data = Bootloader.parse_bootloader_request_linux(request.data)
elif os == 'windows':
data = Bootloader.parse_bootloader_request_windows(request.data)
else:
return make_response({"status": "OS_NOT_FOUND"}, 404)
resp = BootloaderService.parse_bootloader_data(data)
if resp:
return make_response({"status": "RUN"}, 200)
else:
return make_response({"status": "ABORT"}, 200)
@staticmethod
def parse_bootloader_request(request_data: bytes) -> Dict[str, str]:
def parse_bootloader_request_linux(request_data: bytes) -> Dict[str, str]:
parsed_data = json.loads(request_data.decode().replace("\n", "")
.replace("NAME=\"", "")
.replace("\"\"", "\"")
.replace("\":\",", "\":\"\","))
return parsed_data
@staticmethod
def parse_bootloader_request_windows(request_data: bytes) -> Dict[str, str]:
return json.loads(request_data.decode("utf-16", "ignore"))