- windows firewall add rules support
- exploit with our monkey if suitable
This commit is contained in:
parent
760d267459
commit
a19f820ec8
|
@ -10,6 +10,8 @@ import monkeyfs
|
|||
from difflib import get_close_matches
|
||||
from network import local_ips
|
||||
from transport import HTTPServer
|
||||
from network.info import get_free_tcp_port
|
||||
from network.firewall import app as firewall
|
||||
from impacket.dcerpc.v5 import transport, srvs
|
||||
from impacket.dcerpc.v5.dcom.wmi import DCERPCSessionError
|
||||
from impacket.smbconnection import SMBConnection, SMB_DIALECT
|
||||
|
@ -352,10 +354,16 @@ class SmbTools(object):
|
|||
|
||||
class HTTPTools(object):
|
||||
@staticmethod
|
||||
def create_transfer(host, src_path, local_ip=None, local_port=4444):
|
||||
if None == local_ip:
|
||||
def create_transfer(host, src_path, local_ip=None, local_port=None):
|
||||
if not local_port:
|
||||
local_port = get_free_tcp_port()
|
||||
|
||||
if not local_ip:
|
||||
local_ip = get_close_matches(host.ip_addr, local_ips())[0]
|
||||
|
||||
if not firewall.listen_allowed():
|
||||
return None, None
|
||||
|
||||
httpd = HTTPServer(local_ip, local_port, src_path)
|
||||
httpd.daemon = True
|
||||
httpd.start()
|
||||
|
@ -365,6 +373,8 @@ class HTTPTools(object):
|
|||
|
||||
def get_target_monkey(host):
|
||||
from control import ControlClient
|
||||
import platform
|
||||
import sys
|
||||
|
||||
if host.monkey_exe:
|
||||
return host.monkey_exe
|
||||
|
@ -372,9 +382,16 @@ def get_target_monkey(host):
|
|||
if not host.os.get('type'):
|
||||
return None
|
||||
|
||||
cc_download = ControlClient.download_monkey_exe(host)
|
||||
monkey_path = ControlClient.download_monkey_exe(host)
|
||||
|
||||
if host.os.get('machine') and cc_download:
|
||||
host.monkey_exe = cc_download
|
||||
if host.os.get('machine') and monkey_path:
|
||||
host.monkey_exe = monkey_path
|
||||
|
||||
return cc_download
|
||||
if not monkey_path:
|
||||
if host.os.get('type') == platform.system().lower():
|
||||
# if exe not found, and we have the same arch or arch is unknown and we are 32bit, use our exe
|
||||
if (not host.os.get('machine') and sys.maxsize < 2**32) or \
|
||||
host.os.get('machine','').lower() == platform.machine().lower():
|
||||
monkey_path = sys.executable
|
||||
|
||||
return monkey_path
|
|
@ -0,0 +1,172 @@
|
|||
import subprocess
|
||||
import sys
|
||||
import platform
|
||||
|
||||
class FirewallApp(object):
|
||||
def is_enabled(self, **kwargs):
|
||||
return False
|
||||
|
||||
def add_firewall_rule(self, **kwargs):
|
||||
return False
|
||||
|
||||
def remove_firewall_rule(self, **kwargs):
|
||||
return False
|
||||
|
||||
def listen_allowed(self, **kwargs):
|
||||
return True
|
||||
|
||||
def __exit__(self):
|
||||
self.close()
|
||||
|
||||
def close(self):
|
||||
return
|
||||
|
||||
def _run_netsh_cmd(command, args):
|
||||
cmd = subprocess.Popen("netsh %s %s" % (command, " ".join(['%s="%s"'%(key,value) for key,value in args.items()])), stdout=subprocess.PIPE)
|
||||
return cmd.stdout.read().strip().lower().endswith('ok.')
|
||||
|
||||
class WinAdvFirewall(FirewallApp):
|
||||
def __init__(self):
|
||||
self._rules = {}
|
||||
|
||||
def is_enabled(self):
|
||||
try:
|
||||
cmd = subprocess.Popen('netsh advfirewall show currentprofile', stdout=subprocess.PIPE)
|
||||
out = cmd.stdout.readlines()
|
||||
|
||||
for l in out:
|
||||
if l.startswith('State'):
|
||||
state = l.split()[-1].strip()
|
||||
|
||||
return state == "ON"
|
||||
except:
|
||||
return None
|
||||
|
||||
def add_firewall_rule(self, name="Firewall", dir="in", action="allow", program=sys.executable, **kwargs):
|
||||
netsh_args = {'name': name,
|
||||
'dir' : dir,
|
||||
'action': action,
|
||||
'program' : program}
|
||||
netsh_args.update(kwargs)
|
||||
try:
|
||||
if _run_netsh_cmd('advfirewall firewall add rule', netsh_args):
|
||||
self._rules[name] = netsh_args
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
except:
|
||||
return None
|
||||
|
||||
def remove_firewall_rule(self, name="Firewall", **kwargs):
|
||||
netsh_args = {'name': name}
|
||||
netsh_args.update(kwargs)
|
||||
|
||||
try:
|
||||
if _run_netsh_cmd('advfirewall firewall delete rule', netsh_args):
|
||||
if self._rules.has_key(name):
|
||||
del self._rules[name]
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
except:
|
||||
return None
|
||||
|
||||
def listen_allowed(self, **kwargs):
|
||||
if False == self.is_enabled():
|
||||
return True
|
||||
|
||||
for rule in self._rules.values():
|
||||
if rule.get('program') == sys.executable and \
|
||||
'in' == rule.get('dir') and \
|
||||
'allow' == rule.get('action') and \
|
||||
4 == len(rule.keys()):
|
||||
return True
|
||||
return False
|
||||
|
||||
def close(self):
|
||||
try:
|
||||
for rule in self._rules.keys():
|
||||
_run_netsh_cmd('advfirewall firewall delete rule', {'name' : rule})
|
||||
except:
|
||||
pass
|
||||
|
||||
|
||||
class WinFirewall(FirewallApp):
|
||||
def __init__(self):
|
||||
self._rules = {}
|
||||
|
||||
def is_enabled(self):
|
||||
try:
|
||||
cmd = subprocess.Popen('netsh firewall show state', stdout=subprocess.PIPE)
|
||||
out = cmd.stdout.readlines()
|
||||
|
||||
for l in out:
|
||||
if l.startswith('Operational mode'):
|
||||
state = l.split('=')[-1].strip()
|
||||
elif l.startswith('The service has not been started.'):
|
||||
return False
|
||||
|
||||
return state == "Enable"
|
||||
except:
|
||||
return None
|
||||
|
||||
def add_firewall_rule(self, rule='allowedprogram', name="Firewall", mode="ENABLE", program=sys.executable, **kwargs):
|
||||
netsh_args = {'name': name,
|
||||
'mode' : mode,
|
||||
'program' : program}
|
||||
netsh_args.update(kwargs)
|
||||
|
||||
try:
|
||||
if _run_netsh_cmd('firewall add', netsh_args):
|
||||
self._rules[name] = netsh_args
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
except:
|
||||
return None
|
||||
|
||||
def remove_firewall_rule(self, rule='allowedprogram', name="Firewall", **kwargs):
|
||||
netsh_args = {'name': name,
|
||||
'mode' : mode,
|
||||
'program' : program}
|
||||
netsh_args.update(kwargs)
|
||||
try:
|
||||
if _run_netsh_cmd('firewall delete', netsh_args):
|
||||
if self._rules.has_key(name):
|
||||
del self._rules[name]
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
except:
|
||||
return None
|
||||
|
||||
def listen_allowed(self, **kwargs):
|
||||
if False == self.is_enabled():
|
||||
return True
|
||||
|
||||
for rule in self._rules.values():
|
||||
if rule.get('program') == sys.executable and \
|
||||
'allowedprogram' == rule.get('rule') and \
|
||||
'ENABLE' == rule.get('mode') and \
|
||||
4 == len(rule.keys()):
|
||||
return True
|
||||
return False
|
||||
|
||||
def close(self):
|
||||
try:
|
||||
for rule in self._rules.keys():
|
||||
_run_netsh_cmd('firewall delete', {'name' : rule})
|
||||
except:
|
||||
pass
|
||||
|
||||
if sys.platform == "win32":
|
||||
try:
|
||||
win_ver = int(platform.version().split('.')[0])
|
||||
except:
|
||||
win_ver = 0
|
||||
if win_ver > 5:
|
||||
app = WinAdvFirewall()
|
||||
else:
|
||||
app = WinFirewall()
|
||||
else:
|
||||
app = FirewallApp()
|
Loading…
Reference in New Issue