Merge pull request #353 from VakarisZ/monkey_hook_method
Exploiter hook method
This commit is contained in:
commit
4f4fedb5d8
|
@ -48,8 +48,19 @@ class HostExploiter(object):
|
||||||
self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
|
self._exploit_attempts.append({'result': result, 'user': user, 'password': password,
|
||||||
'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
|
'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
|
||||||
|
|
||||||
@abstractmethod
|
|
||||||
def exploit_host(self):
|
def exploit_host(self):
|
||||||
|
self.pre_exploit()
|
||||||
|
self._exploit_host()
|
||||||
|
self.post_exploit()
|
||||||
|
|
||||||
|
def pre_exploit(self):
|
||||||
|
self.set_start_time()
|
||||||
|
|
||||||
|
def post_exploit(self):
|
||||||
|
self.set_finish_time()
|
||||||
|
|
||||||
|
@abstractmethod
|
||||||
|
def _exploit_host(self):
|
||||||
raise NotImplementedError()
|
raise NotImplementedError()
|
||||||
|
|
||||||
def add_vuln_url(self, url):
|
def add_vuln_url(self, url):
|
||||||
|
|
|
@ -31,7 +31,7 @@ class HadoopExploiter(WebRCE):
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
super(HadoopExploiter, self).__init__(host)
|
super(HadoopExploiter, self).__init__(host)
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
# Try to get exploitable url
|
# Try to get exploitable url
|
||||||
urls = self.build_potential_urls(self.HADOOP_PORTS)
|
urls = self.build_potential_urls(self.HADOOP_PORTS)
|
||||||
self.add_vulnerable_urls(urls, True)
|
self.add_vulnerable_urls(urls, True)
|
||||||
|
|
|
@ -30,7 +30,7 @@ class MSSQLExploiter(HostExploiter):
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
super(MSSQLExploiter, self).__init__(host)
|
super(MSSQLExploiter, self).__init__(host)
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
# Brute force to get connection
|
# Brute force to get connection
|
||||||
username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
|
username_passwords_pairs_list = self._config.get_exploit_user_password_pairs()
|
||||||
cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list)
|
cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, username_passwords_pairs_list)
|
||||||
|
|
|
@ -255,7 +255,7 @@ class RdpExploiter(HostExploiter):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
global g_reactor
|
global g_reactor
|
||||||
|
|
||||||
is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
|
is_open, _ = check_tcp_port(self.host.ip_addr, RDP_PORT)
|
||||||
|
|
|
@ -57,7 +57,7 @@ class SambaCryExploiter(HostExploiter):
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
super(SambaCryExploiter, self).__init__(host)
|
super(SambaCryExploiter, self).__init__(host)
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
if not self.is_vulnerable():
|
if not self.is_vulnerable():
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
|
@ -36,7 +36,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
) for _ in range(20))
|
) for _ in range(20))
|
||||||
self.skip_exist = self._config.skip_exploit_if_file_exist
|
self.skip_exist = self._config.skip_exploit_if_file_exist
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
# start by picking ports
|
# start by picking ports
|
||||||
candidate_services = {
|
candidate_services = {
|
||||||
service: self.host.services[service] for service in self.host.services if
|
service: self.host.services[service] for service in self.host.services if
|
||||||
|
|
|
@ -43,7 +43,7 @@ class SmbExploiter(HostExploiter):
|
||||||
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
src_path = get_target_monkey(self.host)
|
src_path = get_target_monkey(self.host)
|
||||||
|
|
||||||
if not src_path:
|
if not src_path:
|
||||||
|
|
|
@ -94,7 +94,7 @@ class SSHExploiter(HostExploiter):
|
||||||
continue
|
continue
|
||||||
return exploited
|
return exploited
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
ssh = paramiko.SSHClient()
|
ssh = paramiko.SSHClient()
|
||||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
LOG.error('Failed to send payload to %s', self.host.ip_addr)
|
LOG.error('Failed to send payload to %s', self.host.ip_addr)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
LOG.info("Attempting to trigger the Backdoor..")
|
LOG.info("Attempting to trigger the Backdoor..")
|
||||||
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ class WebRCE(HostExploiter):
|
||||||
|
|
||||||
return exploit_config
|
return exploit_config
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
"""
|
"""
|
||||||
Method that contains default exploitation workflow
|
Method that contains default exploitation workflow
|
||||||
:return: True if exploited, False otherwise
|
:return: True if exploited, False otherwise
|
||||||
|
|
|
@ -92,7 +92,7 @@ class SRVSVC_Exploit(object):
|
||||||
|
|
||||||
def get_telnet_port(self):
|
def get_telnet_port(self):
|
||||||
"""get_telnet_port()
|
"""get_telnet_port()
|
||||||
|
|
||||||
The port on which the Telnet service will listen.
|
The port on which the Telnet service will listen.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ class SRVSVC_Exploit(object):
|
||||||
|
|
||||||
def start(self):
|
def start(self):
|
||||||
"""start() -> socket
|
"""start() -> socket
|
||||||
|
|
||||||
Exploit the target machine and return a socket connected to it's
|
Exploit the target machine and return a socket connected to it's
|
||||||
listening Telnet service.
|
listening Telnet service.
|
||||||
"""
|
"""
|
||||||
|
@ -175,7 +175,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
self.host.os.get('version') in self._windows_versions.keys()
|
self.host.os.get('version') in self._windows_versions.keys()
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
src_path = get_target_monkey(self.host)
|
src_path = get_target_monkey(self.host)
|
||||||
|
|
||||||
if not src_path:
|
if not src_path:
|
||||||
|
|
|
@ -23,7 +23,7 @@ class WmiExploiter(HostExploiter):
|
||||||
super(WmiExploiter, self).__init__(host)
|
super(WmiExploiter, self).__init__(host)
|
||||||
|
|
||||||
@WmiTools.dcom_wrap
|
@WmiTools.dcom_wrap
|
||||||
def exploit_host(self):
|
def _exploit_host(self):
|
||||||
src_path = get_target_monkey(self.host)
|
src_path = get_target_monkey(self.host)
|
||||||
|
|
||||||
if not src_path:
|
if not src_path:
|
||||||
|
|
|
@ -285,9 +285,7 @@ class InfectionMonkey(object):
|
||||||
|
|
||||||
result = False
|
result = False
|
||||||
try:
|
try:
|
||||||
exploiter.set_start_time()
|
|
||||||
result = exploiter.exploit_host()
|
result = exploiter.exploit_host()
|
||||||
exploiter.set_finish_time()
|
|
||||||
if result:
|
if result:
|
||||||
self.successfully_exploited(machine, exploiter)
|
self.successfully_exploited(machine, exploiter)
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in New Issue