p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Merge pull request #1729 from guardicore/1605-remove-skip_exploit_if_file_exist-config-option 

Remove `skip_exploit_if_file_exist` config option
This commit is contained in:
Shreya Malviya 2022-02-21 17:59:51 +05:30 committed by GitHub
parent 6150610bdc 3c80e1c38b
commit 10d8dc1f33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 1 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
monkey/infection_monkey/config.py
View File

@ -140,12 +140,6 @@ class Configuration(object):
# Ping Scanner # Ping Scanner
ping_scan_timeout = 1000 ping_scan_timeout = 1000
###########################
# exploiters config
###########################
skip_exploit_if_file_exist = False
########################### ###########################
# ransomware config # ransomware config
########################### ###########################

1
monkey/infection_monkey/example.conf
View File

@ -47,7 +47,6 @@
"smb_download_timeout": 300, "smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey", "smb_service_name": "InfectionMonkey",
"self_delete_in_cleanup": true, "self_delete_in_cleanup": true,
"skip_exploit_if_file_exist": false,
"exploit_user_list": [], "exploit_user_list": [],
"exploit_password_list": [], "exploit_password_list": [],
"exploit_lm_hash_list": [], "exploit_lm_hash_list": [],

9
monkey/infection_monkey/exploit/shellshock.py
View File

@ -36,7 +36,6 @@ class ShellShockExploiter(HostExploiter):
self.success_flag = "".join( self.success_flag = "".join(
safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20) safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20)
) )
self.skip_exist = self._config.skip_exploit_if_file_exist
def _exploit_host(self): def _exploit_host(self):
# start by picking ports # start by picking ports
@ -108,14 +107,6 @@ class ShellShockExploiter(HostExploiter):
# copy the monkey # copy the monkey
dropper_target_path_linux = self._config.dropper_target_path_linux dropper_target_path_linux = self._config.dropper_target_path_linux
if self.skip_exist and (
self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)
):
logger.info(
"Host %s was already infected under the current configuration, "
"done" % self.host
)
return True # return already infected
src_path = get_target_monkey(self.host) src_path = get_target_monkey(self.host)
if not src_path: if not src_path:

14
monkey/infection_monkey/exploit/sshexec.py
View File

@ -29,7 +29,6 @@ class SSHExploiter(HostExploiter):
def __init__(self, host): def __init__(self, host):
super(SSHExploiter, self).__init__(host) super(SSHExploiter, self).__init__(host)
self._update_timestamp = 0 self._update_timestamp = 0
self.skip_exist = self._config.skip_exploit_if_file_exist
def log_transfer(self, transferred, total): def log_transfer(self, transferred, total):
# TODO: Replace with infection_monkey.utils.timer.Timer # TODO: Replace with infection_monkey.utils.timer.Timer
@ -147,19 +146,6 @@ class SSHExploiter(HostExploiter):
"Error running uname machine command on victim %r: (%s)", self.host, exc "Error running uname machine command on victim %r: (%s)", self.host, exc
) )
if self.skip_exist:
_, stdout, stderr = ssh.exec_command(
"head -c 1 %s" % self._config.dropper_target_path_linux
)
stdout_res = stdout.read().strip()
if stdout_res:
# file exists
logger.info(
"Host %s was already infected under the current configuration, "
"done" % self.host
)
return True # return already infected
src_path = get_target_monkey(self.host) src_path = get_target_monkey(self.host)
if not src_path: if not src_path:

18
monkey/infection_monkey/exploit/tools/smb_tools.py
View File

@ -6,7 +6,6 @@ from impacket.dcerpc.v5 import srvs, transport
from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21 from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
from impacket.smbconnection import SMB_DIALECT, SMBConnection from impacket.smbconnection import SMB_DIALECT, SMBConnection
import infection_monkey.config
import infection_monkey.monkeyfs as monkeyfs import infection_monkey.monkeyfs as monkeyfs
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from infection_monkey.config import Configuration from infection_monkey.config import Configuration
@ -22,8 +21,6 @@ class SmbTools(object):
host, src_path, dst_path, username, password, lm_hash="", ntlm_hash="", timeout=60 host, src_path, dst_path, username, password, lm_hash="", ntlm_hash="", timeout=60
): ):
assert monkeyfs.isfile(src_path), "Source file to copy (%s) is missing" % (src_path,) assert monkeyfs.isfile(src_path), "Source file to copy (%s) is missing" % (src_path,)
config = infection_monkey.config.WormConfiguration
src_file_size = monkeyfs.getsize(src_path)
smb, dialect = SmbTools.new_smb_connection( smb, dialect = SmbTools.new_smb_connection(
host, username, password, lm_hash, ntlm_hash, timeout host, username, password, lm_hash, ntlm_hash, timeout
@ -140,21 +137,6 @@ class SmbTools(object):
remote_full_path = ntpath.join(share_path, remote_path.strip(ntpath.sep)) remote_full_path = ntpath.join(share_path, remote_path.strip(ntpath.sep))
# check if file is found on destination
if config.skip_exploit_if_file_exist:
try:
file_info = smb.listPath(share_name, remote_path)
if file_info:
if src_file_size == file_info[0].get_filesize():
logger.debug("Remote monkey file is same as source, skipping copy")
return remote_full_path
logger.debug(
"Remote monkey file is found but different, moving along with " "attack"
)
except Exception:
pass # file isn't found on remote victim, moving on
try: try:
with monkeyfs.open(src_path, "rb") as source_file: with monkeyfs.open(src_path, "rb") as source_file:
# make sure of the timeout # make sure of the timeout

40
monkey/infection_monkey/exploit/web_rce.py
View File

@ -31,7 +31,6 @@ from infection_monkey.utils.commands import build_monkey_commandline
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
# Command used to check if monkeys already exists # Command used to check if monkeys already exists
LOOK_FOR_FILE = "ls %s"
POWERSHELL_NOT_FOUND = "powershell is not recognized" POWERSHELL_NOT_FOUND = "powershell is not recognized"
@ -52,7 +51,6 @@ class WebRCE(HostExploiter):
"win64": self._config.dropper_target_path_win_64, "win64": self._config.dropper_target_path_win_64,
} }
self.HTTP = [str(port) for port in self._config.HTTP_PORTS] self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
self.skip_exist = self._config.skip_exploit_if_file_exist
self.vulnerable_urls = [] self.vulnerable_urls = []
self.target_url = None self.target_url = None
@ -110,17 +108,6 @@ class WebRCE(HostExploiter):
self.target_url = self.get_target_url() self.target_url = self.get_target_url()
# Skip if monkey already exists and this option is given
if (
not exploit_config["blind_exploit"]
and self.skip_exist
and self.check_remote_files(self.target_url)
):
logger.info(
"Host %s was already infected under the current configuration, done" % self.host
)
return True
# Check for targets architecture (if it's 32 or 64 bit) # Check for targets architecture (if it's 32 or 64 bit)
if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()): if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()):
return False return False
@ -299,33 +286,6 @@ class WebRCE(HostExploiter):
else: else:
return False return False
def check_remote_monkey_file(self, url, path):
command = LOOK_FOR_FILE % path
resp = self.exploit(url, command)
if "No such file" in resp:
return False
else:
logger.info(
"Host %s was already infected under the current configuration, done"
% str(self.host)
)
return True
def check_remote_files(self, url):
"""
:param url: Url for exploiter to use
:return: True if at least one file is found, False otherwise
"""
paths = []
if "linux" in self.host.os["type"]:
paths.append(self.monkey_target_paths["linux"])
else:
paths.extend([self.monkey_target_paths["win32"], self.monkey_target_paths["win64"]])
for path in paths:
if self.check_remote_monkey_file(url, path):
return True
return False
# Wrapped functions: # Wrapped functions:
def get_ports_w(self, ports, names): def get_ports_w(self, ports, names):
""" """

14
monkey/monkey_island/cc/services/config_schema/internal.py
View File

@ -252,20 +252,6 @@ INTERNAL = {
"items": {"type": "string"}, "items": {"type": "string"},
"description": "List of SSH key pairs to use, when trying to ssh into servers", "description": "List of SSH key pairs to use, when trying to ssh into servers",
}, },
"general": {
"title": "General",
"type": "object",
"properties": {
"skip_exploit_if_file_exist": {
"title": "Skip exploit if file exists",
"type": "boolean",
"default": False,
"description": "Determines whether the monkey should skip the exploit "
"if the monkey's file"
" is already on the remote machine",
}
},
},
}, },
"smb_service": { "smb_service": {
"title": "SMB service", "title": "SMB service",

1
monkey/tests/data_for_tests/monkey_configs/flat_config.json
View File

@ -96,7 +96,6 @@
"readme": true "readme": true
} }
}, },
"skip_exploit_if_file_exist": false,
"smb_download_timeout": 300, "smb_download_timeout": 300,
"smb_service_name": "InfectionMonkey", "smb_service_name": "InfectionMonkey",
"subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"], "subnet_scan_list": ["192.168.1.50", "192.168.56.0/24", "10.0.33.0/30"],

5
monkey/tests/data_for_tests/monkey_configs/monkey_config_standard.json
View File

@ -118,10 +118,7 @@
"exploits": { "exploits": {
"exploit_lm_hash_list": [], "exploit_lm_hash_list": [],
"exploit_ntlm_hash_list": [], "exploit_ntlm_hash_list": [],
"exploit_ssh_keys": [], "exploit_ssh_keys": []
"general": {
"skip_exploit_if_file_exist": false
}
}, },
"testing": { "testing": {
"export_monkey_telems": false "export_monkey_telems": false