Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option

Remove `skip_exploit_if_file_exist` config option
2022-02-21 17:59:51 +05:30 · 2022-02-21 17:59:51 +05:30 · 10d8dc1f33
parent 6150610bdc 3c80e1c38b
commit 10d8dc1f33
9 changed files with 1 additions and 107 deletions
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -140,12 +140,6 @@ class Configuration(object):
    # Ping Scanner
    ping_scan_timeout = 1000

-    ###########################
-    # exploiters config
-    ###########################
-
-    skip_exploit_if_file_exist = False
-
    ###########################
    # ransomware config
    ###########################
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@ -47,7 +47,6 @@
  "smb_download_timeout": 300,
  "smb_service_name": "InfectionMonkey",
  "self_delete_in_cleanup": true,
-  "skip_exploit_if_file_exist": false,
  "exploit_user_list": [],
  "exploit_password_list": [],
  "exploit_lm_hash_list": [],
--- a/monkey/infection_monkey/exploit/shellshock.py
+++ b/monkey/infection_monkey/exploit/shellshock.py
@ -36,7 +36,6 @@ class ShellShockExploiter(HostExploiter):
        self.success_flag = "".join(
            safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20)
        )
-        self.skip_exist = self._config.skip_exploit_if_file_exist

    def _exploit_host(self):
        # start by picking ports
@ -108,14 +107,6 @@ class ShellShockExploiter(HostExploiter):

            # copy the monkey
            dropper_target_path_linux = self._config.dropper_target_path_linux
-            if self.skip_exist and (
-                self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)
-            ):
-                logger.info(
-                    "Host %s was already infected under the current configuration, "
-                    "done" % self.host
-                )
-                return True  # return already infected

            src_path = get_target_monkey(self.host)
            if not src_path:
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -29,7 +29,6 @@ class SSHExploiter(HostExploiter):
    def __init__(self, host):
        super(SSHExploiter, self).__init__(host)
        self._update_timestamp = 0
-        self.skip_exist = self._config.skip_exploit_if_file_exist

    def log_transfer(self, transferred, total):
        # TODO: Replace with infection_monkey.utils.timer.Timer
@ -147,19 +146,6 @@ class SSHExploiter(HostExploiter):
                    "Error running uname machine command on victim %r: (%s)", self.host, exc
                )

-        if self.skip_exist:
-            _, stdout, stderr = ssh.exec_command(
-                "head -c 1 %s" % self._config.dropper_target_path_linux
-            )
-            stdout_res = stdout.read().strip()
-            if stdout_res:
-                # file exists
-                logger.info(
-                    "Host %s was already infected under the current configuration, "
-                    "done" % self.host
-                )
-                return True  # return already infected
-
        src_path = get_target_monkey(self.host)

        if not src_path:
--- a/monkey/infection_monkey/exploit/tools/smb_tools.py
+++ b/monkey/infection_monkey/exploit/tools/smb_tools.py
@ -6,7 +6,6 @@ from impacket.dcerpc.v5 import srvs, transport
 from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
 from impacket.smbconnection import SMB_DIALECT, SMBConnection

-import infection_monkey.config
 import infection_monkey.monkeyfs as monkeyfs
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.config import Configuration
@ -22,8 +21,6 @@ class SmbTools(object):
        host, src_path, dst_path, username, password, lm_hash="", ntlm_hash="", timeout=60
    ):
        assert monkeyfs.isfile(src_path), "Source file to copy (%s) is missing" % (src_path,)
-        config = infection_monkey.config.WormConfiguration
-        src_file_size = monkeyfs.getsize(src_path)

        smb, dialect = SmbTools.new_smb_connection(
            host, username, password, lm_hash, ntlm_hash, timeout
@ -140,21 +137,6 @@ class SmbTools(object):

            remote_full_path = ntpath.join(share_path, remote_path.strip(ntpath.sep))

-            # check if file is found on destination
-            if config.skip_exploit_if_file_exist:
-                try:
-                    file_info = smb.listPath(share_name, remote_path)
-                    if file_info:
-                        if src_file_size == file_info[0].get_filesize():
-                            logger.debug("Remote monkey file is same as source, skipping copy")
-                            return remote_full_path
-
-                        logger.debug(
-                            "Remote monkey file is found but different, moving along with " "attack"
-                        )
-                except Exception:
-                    pass  # file isn't found on remote victim, moving on
-
            try:
                with monkeyfs.open(src_path, "rb") as source_file:
                    # make sure of the timeout
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -31,7 +31,6 @@ from infection_monkey.utils.commands import build_monkey_commandline

 logger = logging.getLogger(__name__)
 # Command used to check if monkeys already exists
-LOOK_FOR_FILE = "ls %s"
 POWERSHELL_NOT_FOUND = "powershell is not recognized"


@ -52,7 +51,6 @@ class WebRCE(HostExploiter):
                "win64": self._config.dropper_target_path_win_64,
            }
        self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
-        self.skip_exist = self._config.skip_exploit_if_file_exist
        self.vulnerable_urls = []
        self.target_url = None

@ -110,17 +108,6 @@ class WebRCE(HostExploiter):

        self.target_url = self.get_target_url()

-        # Skip if monkey already exists and this option is given
-        if (
-            not exploit_config["blind_exploit"]
-            and self.skip_exist
-            and self.check_remote_files(self.target_url)
-        ):
-            logger.info(
-                "Host %s was already infected under the current configuration, done" % self.host
-            )
-            return True
-
        # Check for targets architecture (if it's 32 or 64 bit)
        if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()):
            return False
@ -299,33 +286,6 @@ class WebRCE(HostExploiter):
            else:
                return False

-    def check_remote_monkey_file(self, url, path):
-        command = LOOK_FOR_FILE % path
-        resp = self.exploit(url, command)
-        if "No such file" in resp:
-            return False
-        else:
-            logger.info(
-                "Host %s was already infected under the current configuration, done"
-                % str(self.host)
-            )
-            return True
-
-    def check_remote_files(self, url):
-        """
-        :param url: Url for exploiter to use
-        :return: True if at least one file is found, False otherwise
-        """
-        paths = []
-        if "linux" in self.host.os["type"]:
-            paths.append(self.monkey_target_paths["linux"])
-        else:
-            paths.extend([self.monkey_target_paths["win32"], self.monkey_target_paths["win64"]])
-        for path in paths:
-            if self.check_remote_monkey_file(url, path):
-                return True
-        return False
-
    # Wrapped functions:
    def get_ports_w(self, ports, names):
        """
--- a/monkey/monkey_island/cc/services/config_schema/internal.py
+++ b/monkey/monkey_island/cc/services/config_schema/internal.py
@ -252,20 +252,6 @@ INTERNAL = {
                    "items": {"type": "string"},
                    "description": "List of SSH key pairs to use, when trying to ssh into servers",
                },
-                "general": {
-                    "title": "General",
-                    "type": "object",
-                    "properties": {
-                        "skip_exploit_if_file_exist": {
-                            "title": "Skip exploit if file exists",
-                            "type": "boolean",
-                            "default": False,
-                            "description": "Determines whether the monkey should skip the exploit "
-                            "if the monkey's file"
-                            " is already on the remote machine",
-                        }
-                    },
-                },
            },
            "smb_service": {
                "title": "SMB service",
--- a/monkey/tests/data_for_tests/monkey_configs/flat_config.json
+++ b/monkey/tests/data_for_tests/monkey_configs/flat_config.json
@ -96,7 +96,6 @@
            "readme": true
        }
    },
-    "skip_exploit_if_file_exist": false,
    "smb_download_timeout": 300,
    "smb_service_name": "InfectionMonkey",
    "subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"],
--- a/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
+++ b/monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
@ -118,10 +118,7 @@
      "exploits": {
        "exploit_lm_hash_list": [],
        "exploit_ntlm_hash_list": [],
-        "exploit_ssh_keys": [],
-        "general": {
-          "skip_exploit_if_file_exist": false
-        }
+        "exploit_ssh_keys": []
      },
      "testing": {
        "export_monkey_telems": false