Merge branch 'release/1.10.0' of https://github.com/guardicore/monkey into release/1.10.0
This commit is contained in:
commit
e6a0b7b49e
|
@ -134,7 +134,9 @@ class MonkeyDrops(object):
|
||||||
'monkey_commandline': inner_monkey_cmdline}
|
'monkey_commandline': inner_monkey_cmdline}
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(monkey_cmdline, shell=True,
|
monkey_process = subprocess.Popen(monkey_cmdline, shell=True,
|
||||||
stdin=None, stdout=None, stderr=None,
|
stdin=subprocess.PIPE,
|
||||||
|
stdout=subprocess.PIPE,
|
||||||
|
stderr=subprocess.PIPE,
|
||||||
close_fds=True, creationflags=DETACHED_PROCESS)
|
close_fds=True, creationflags=DETACHED_PROCESS)
|
||||||
|
|
||||||
LOG.info("Executed monkey process (PID=%d) with command line: %s",
|
LOG.info("Executed monkey process (PID=%d) with command line: %s",
|
||||||
|
@ -145,6 +147,8 @@ class MonkeyDrops(object):
|
||||||
LOG.warning("Seems like monkey died too soon")
|
LOG.warning("Seems like monkey died too soon")
|
||||||
|
|
||||||
def cleanup(self):
|
def cleanup(self):
|
||||||
|
LOG.info("Cleaning up the dropper")
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \
|
if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \
|
||||||
os.path.exists(self._config['source_path']) and \
|
os.path.exists(self._config['source_path']) and \
|
||||||
|
@ -166,5 +170,7 @@ class MonkeyDrops(object):
|
||||||
LOG.debug("Dropper source file '%s' is marked for deletion on next boot",
|
LOG.debug("Dropper source file '%s' is marked for deletion on next boot",
|
||||||
self._config['source_path'])
|
self._config['source_path'])
|
||||||
T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send()
|
T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send()
|
||||||
|
|
||||||
|
LOG.info("Dropper cleanup complete")
|
||||||
except AttributeError:
|
except AttributeError:
|
||||||
LOG.error("Invalid configuration options. Failing")
|
LOG.error("Invalid configuration options. Failing")
|
||||||
|
|
|
@ -36,6 +36,7 @@ class DrupalExploiter(WebRCE):
|
||||||
exploit_config = super(DrupalExploiter, self).get_exploit_config()
|
exploit_config = super(DrupalExploiter, self).get_exploit_config()
|
||||||
exploit_config['url_extensions'] = ['node/', # In Linux, no path is added
|
exploit_config['url_extensions'] = ['node/', # In Linux, no path is added
|
||||||
'drupal/node/'] # However, Bitnami installations are under /drupal
|
'drupal/node/'] # However, Bitnami installations are under /drupal
|
||||||
|
exploit_config['dropper'] = True
|
||||||
return exploit_config
|
return exploit_config
|
||||||
|
|
||||||
def add_vulnerable_urls(self, potential_urls, stop_checking=False):
|
def add_vulnerable_urls(self, potential_urls, stop_checking=False):
|
||||||
|
|
|
@ -45,6 +45,6 @@ class HTTPFinger(HostFinger):
|
||||||
except Timeout:
|
except Timeout:
|
||||||
LOG.debug(f"Timout while requesting headers from {url}")
|
LOG.debug(f"Timout while requesting headers from {url}")
|
||||||
except ConnectionError: # Someone doesn't like us
|
except ConnectionError: # Someone doesn't like us
|
||||||
LOG.debug(f"ConnetionError while requesting headers from {url}")
|
LOG.debug(f"Connection error while requesting headers from {url}")
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
|
@ -15,10 +15,6 @@ LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
__author__ = 'VakarisZ'
|
__author__ = 'VakarisZ'
|
||||||
|
|
||||||
# Default commands for executing PBA file and then removing it
|
|
||||||
DEFAULT_LINUX_COMMAND = "chmod +x {0} ; {0} ; rm {0}"
|
|
||||||
DEFAULT_WINDOWS_COMMAND = "{0} & del {0}"
|
|
||||||
|
|
||||||
DIR_CHANGE_WINDOWS = 'cd %s & '
|
DIR_CHANGE_WINDOWS = 'cd %s & '
|
||||||
DIR_CHANGE_LINUX = 'cd %s ; '
|
DIR_CHANGE_LINUX = 'cd %s ; '
|
||||||
|
|
||||||
|
@ -31,30 +27,23 @@ class UsersPBA(PBA):
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION)
|
super(UsersPBA, self).__init__(POST_BREACH_FILE_EXECUTION)
|
||||||
self.filename = ''
|
self.filename = ''
|
||||||
|
|
||||||
if not is_windows_os():
|
if not is_windows_os():
|
||||||
# Add linux commands to PBA's
|
# Add linux commands to PBA's
|
||||||
if WormConfiguration.PBA_linux_filename:
|
if WormConfiguration.PBA_linux_filename:
|
||||||
|
self.filename = WormConfiguration.PBA_linux_filename
|
||||||
if WormConfiguration.custom_PBA_linux_cmd:
|
if WormConfiguration.custom_PBA_linux_cmd:
|
||||||
# Add change dir command, because user will try to access his file
|
# Add change dir command, because user will try to access his file
|
||||||
self.command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + WormConfiguration.custom_PBA_linux_cmd
|
self.command = (DIR_CHANGE_LINUX % get_monkey_dir_path()) + WormConfiguration.custom_PBA_linux_cmd
|
||||||
self.filename = WormConfiguration.PBA_linux_filename
|
|
||||||
else:
|
|
||||||
file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_linux_filename)
|
|
||||||
self.command = DEFAULT_LINUX_COMMAND.format(file_path)
|
|
||||||
self.filename = WormConfiguration.PBA_linux_filename
|
|
||||||
elif WormConfiguration.custom_PBA_linux_cmd:
|
elif WormConfiguration.custom_PBA_linux_cmd:
|
||||||
self.command = WormConfiguration.custom_PBA_linux_cmd
|
self.command = WormConfiguration.custom_PBA_linux_cmd
|
||||||
else:
|
else:
|
||||||
# Add windows commands to PBA's
|
# Add windows commands to PBA's
|
||||||
if WormConfiguration.PBA_windows_filename:
|
if WormConfiguration.PBA_windows_filename:
|
||||||
|
self.filename = WormConfiguration.PBA_windows_filename
|
||||||
if WormConfiguration.custom_PBA_windows_cmd:
|
if WormConfiguration.custom_PBA_windows_cmd:
|
||||||
# Add change dir command, because user will try to access his file
|
# Add change dir command, because user will try to access his file
|
||||||
self.command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + WormConfiguration.custom_PBA_windows_cmd
|
self.command = (DIR_CHANGE_WINDOWS % get_monkey_dir_path()) + WormConfiguration.custom_PBA_windows_cmd
|
||||||
self.filename = WormConfiguration.PBA_windows_filename
|
|
||||||
else:
|
|
||||||
file_path = os.path.join(get_monkey_dir_path(), WormConfiguration.PBA_windows_filename)
|
|
||||||
self.command = DEFAULT_WINDOWS_COMMAND.format(file_path)
|
|
||||||
self.filename = WormConfiguration.PBA_windows_filename
|
|
||||||
elif WormConfiguration.custom_PBA_windows_cmd:
|
elif WormConfiguration.custom_PBA_windows_cmd:
|
||||||
self.command = WormConfiguration.custom_PBA_windows_cmd
|
self.command = WormConfiguration.custom_PBA_windows_cmd
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,152 @@
|
||||||
|
import pytest
|
||||||
|
|
||||||
|
from infection_monkey.post_breach.actions.users_custom_pba import (
|
||||||
|
DIR_CHANGE_LINUX, DIR_CHANGE_WINDOWS, UsersPBA)
|
||||||
|
|
||||||
|
MONKEY_DIR_PATH = "/dir/to/monkey/"
|
||||||
|
CUSTOM_LINUX_CMD = "command-for-linux"
|
||||||
|
CUSTOM_LINUX_FILENAME = "filename-for-linux"
|
||||||
|
CUSTOM_WINDOWS_CMD = "command-for-windows"
|
||||||
|
CUSTOM_WINDOWS_FILENAME = "filename-for-windows"
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def fake_monkey_dir_path(monkeypatch):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.post_breach.actions.users_custom_pba.get_monkey_dir_path",
|
||||||
|
lambda: MONKEY_DIR_PATH,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def set_os_linux(monkeypatch):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.post_breach.actions.users_custom_pba.is_windows_os",
|
||||||
|
lambda: False,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def set_os_windows(monkeypatch):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.post_breach.actions.users_custom_pba.is_windows_os",
|
||||||
|
lambda: True,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_linux_custom_file_and_cmd(
|
||||||
|
set_os_linux, fake_monkey_dir_path, monkeypatch
|
||||||
|
):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd",
|
||||||
|
CUSTOM_LINUX_CMD,
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_linux_filename",
|
||||||
|
CUSTOM_LINUX_FILENAME,
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_linux_custom_file_and_cmd(
|
||||||
|
mock_UsersPBA_linux_custom_file_and_cmd,
|
||||||
|
):
|
||||||
|
expected_command = f"cd {MONKEY_DIR_PATH} ; {CUSTOM_LINUX_CMD}"
|
||||||
|
assert mock_UsersPBA_linux_custom_file_and_cmd.command == expected_command
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_windows_custom_file_and_cmd(
|
||||||
|
set_os_windows, fake_monkey_dir_path, monkeypatch
|
||||||
|
):
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd",
|
||||||
|
CUSTOM_WINDOWS_CMD,
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_windows_filename",
|
||||||
|
CUSTOM_WINDOWS_FILENAME,
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_windows_custom_file_and_cmd(
|
||||||
|
mock_UsersPBA_windows_custom_file_and_cmd,
|
||||||
|
):
|
||||||
|
expected_command = f"cd {MONKEY_DIR_PATH} & {CUSTOM_WINDOWS_CMD}"
|
||||||
|
assert mock_UsersPBA_windows_custom_file_and_cmd.command == expected_command
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_linux_custom_file(set_os_linux, fake_monkey_dir_path, monkeypatch):
|
||||||
|
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd", None
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_linux_filename",
|
||||||
|
CUSTOM_LINUX_FILENAME,
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_linux_custom_file(mock_UsersPBA_linux_custom_file):
|
||||||
|
expected_command = ""
|
||||||
|
assert mock_UsersPBA_linux_custom_file.command == expected_command
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_windows_custom_file(
|
||||||
|
set_os_windows, fake_monkey_dir_path, monkeypatch
|
||||||
|
):
|
||||||
|
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd", None
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_windows_filename",
|
||||||
|
CUSTOM_WINDOWS_FILENAME,
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_windows_custom_file(mock_UsersPBA_windows_custom_file):
|
||||||
|
expected_command = ""
|
||||||
|
assert mock_UsersPBA_windows_custom_file.command == expected_command
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_linux_custom_cmd(set_os_linux, fake_monkey_dir_path, monkeypatch):
|
||||||
|
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_linux_cmd",
|
||||||
|
CUSTOM_LINUX_CMD,
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_linux_filename", None
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_linux_custom_cmd(mock_UsersPBA_linux_custom_cmd):
|
||||||
|
expected_command = CUSTOM_LINUX_CMD
|
||||||
|
assert mock_UsersPBA_linux_custom_cmd.command == expected_command
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.fixture
|
||||||
|
def mock_UsersPBA_windows_custom_cmd(set_os_windows, fake_monkey_dir_path, monkeypatch):
|
||||||
|
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.custom_PBA_windows_cmd",
|
||||||
|
CUSTOM_WINDOWS_CMD,
|
||||||
|
)
|
||||||
|
monkeypatch.setattr(
|
||||||
|
"infection_monkey.config.WormConfiguration.PBA_windows_filename", None
|
||||||
|
)
|
||||||
|
return UsersPBA()
|
||||||
|
|
||||||
|
|
||||||
|
def test_command_windows_custom_cmd(mock_UsersPBA_windows_custom_cmd):
|
||||||
|
expected_command = CUSTOM_WINDOWS_CMD
|
||||||
|
assert mock_UsersPBA_windows_custom_cmd.command == expected_command
|
|
@ -11,33 +11,39 @@ MONKEY = {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
"custom_PBA_linux_cmd": {
|
"custom_PBA_linux_cmd": {
|
||||||
"title": "Linux post breach command",
|
"title": "Linux post-breach command",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default": "",
|
"default": "",
|
||||||
"description": "Linux command to be executed after breaching."
|
"description": "Command to be executed after breaching. "
|
||||||
|
"Use this field to run custom commands or execute uploaded "
|
||||||
|
"files on exploited machines.\nExample: "
|
||||||
|
"\"chmod +x ./my_script.sh; ./my_script.sh ; rm ./my_script.sh\""
|
||||||
},
|
},
|
||||||
"PBA_linux_file": {
|
"PBA_linux_file": {
|
||||||
"title": "Linux post breach file",
|
"title": "Linux post-breach file",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"format": "data-url",
|
"format": "data-url",
|
||||||
"description": "File to be executed after breaching. "
|
"description": "File to be uploaded after breaching. "
|
||||||
"If you want custom execution behavior, "
|
"Use the 'Linux post-breach command' field to "
|
||||||
"specify it in 'Linux post breach command' field. "
|
"change permissions, run, or delete the file. "
|
||||||
"Reference your file by filename."
|
"Reference your file by filename."
|
||||||
},
|
},
|
||||||
"custom_PBA_windows_cmd": {
|
"custom_PBA_windows_cmd": {
|
||||||
"title": "Windows post breach command",
|
"title": "Windows post-breach command",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default": "",
|
"default": "",
|
||||||
"description": "Windows command to be executed after breaching."
|
"description": "Command to be executed after breaching. "
|
||||||
|
"Use this field to run custom commands or execute uploaded "
|
||||||
|
"files on exploited machines.\nExample: "
|
||||||
|
"\"my_script.bat & del my_script.bat\""
|
||||||
},
|
},
|
||||||
"PBA_windows_file": {
|
"PBA_windows_file": {
|
||||||
"title": "Windows post breach file",
|
"title": "Windows post-breach file",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"format": "data-url",
|
"format": "data-url",
|
||||||
"description": "File to be executed after breaching. "
|
"description": "File to be uploaded after breaching. "
|
||||||
"If you want custom execution behavior, "
|
"Use the 'Windows post-breach command' field to "
|
||||||
"specify it in 'Windows post breach command' field. "
|
"change permissions, run, or delete the file. "
|
||||||
"Reference your file by filename."
|
"Reference your file by filename."
|
||||||
},
|
},
|
||||||
"PBA_windows_filename": {
|
"PBA_windows_filename": {
|
||||||
|
|
Loading…
Reference in New Issue