monkey/infection_monkey/dropper.py

import argparse
import ctypes
import logging
import os
import pprint
import shutil
import subprocess
import sys
import time
from ctypes import c_char_p

import filecmp
from config import WormConfiguration
from exploit.tools import build_monkey_commandline_explicitly
from model import MONKEY_CMDLINE_WINDOWS, MONKEY_CMDLINE_LINUX, GENERAL_CMDLINE_LINUX
from system_info import SystemInfoCollector, OperatingSystem

if "win32" == sys.platform:
    from win32process import DETACHED_PROCESS
else:
    DETACHED_PROCESS = 0

# Linux doesn't have WindowsError
try:
    WindowsError
except NameError:
    WindowsError = None

__author__ = 'itamar'

LOG = logging.getLogger(__name__)

MOVEFILE_DELAY_UNTIL_REBOOT = 4


class MonkeyDrops(object):
    def __init__(self, args):
        arg_parser = argparse.ArgumentParser()
        arg_parser.add_argument('-p', '--parent')
        arg_parser.add_argument('-t', '--tunnel')
        arg_parser.add_argument('-s', '--server')
        arg_parser.add_argument('-d', '--depth', type=int)
        arg_parser.add_argument('-l', '--location')
        self.monkey_args = args[1:]
        self.opts, _ = arg_parser.parse_known_args(args)

        self._config = {'source_path': os.path.abspath(sys.argv[0]),
                        'destination_path': self.opts.location}

    def initialize(self):
        LOG.debug("Dropper is running with config:\n%s", pprint.pformat(self._config))

    def start(self):

        if self._config['destination_path'] is None:
            LOG.error("No destination path specified")
            return False

        # we copy/move only in case path is different
        try:
            file_moved = filecmp.cmp(self._config['source_path'], self._config['destination_path'])
        except OSError:
            file_moved = False

        if not file_moved and os.path.exists(self._config['destination_path']):
            os.remove(self._config['destination_path'])

        # first try to move the file
        if not file_moved and WormConfiguration.dropper_try_move_first:
            try:
                shutil.move(self._config['source_path'],
                            self._config['destination_path'])

                LOG.info("Moved source file '%s' into '%s'",
                         self._config['source_path'], self._config['destination_path'])

                file_moved = True
            except (WindowsError, IOError, OSError) as exc:
                LOG.debug("Error moving source file '%s' into '%s': %s",
                          self._config['source_path'], self._config['destination_path'],
                          exc)

        # if file still need to change path, copy it
        if not file_moved:
            try:
                shutil.copy(self._config['source_path'],
                            self._config['destination_path'])

                LOG.info("Copied source file '%s' into '%s'",
                         self._config['source_path'], self._config['destination_path'])
            except (WindowsError, IOError, OSError) as exc:
                LOG.error("Error copying source file '%s' into '%s': %s",
                          self._config['source_path'], self._config['destination_path'],
                          exc)

                return False

        if WormConfiguration.dropper_set_date:
            if sys.platform == 'win32':
                dropper_date_reference_path = os.path.expandvars(WormConfiguration.dropper_date_reference_path_windows)
            else:
                dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux
            try:
                ref_stat = os.stat(dropper_date_reference_path)
            except OSError as exc:
                LOG.warn("Cannot set reference date using '%s', file not found",
                         dropper_date_reference_path)
            else:
                try:
                    os.utime(self._config['destination_path'],
                             (ref_stat.st_atime, ref_stat.st_mtime))
                except:
                    LOG.warn("Cannot set reference date to destination file")

        monkey_options =\
            build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth)

        if OperatingSystem.Windows == SystemInfoCollector.get_os():
            monkey_cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': self._config['destination_path']} + monkey_options
        else:
            dest_path = self._config['destination_path']
            # In linux we have a more complex commandline. There's a general outer one, and the inner one which actually
            # runs the monkey
            inner_monkey_cmdline = MONKEY_CMDLINE_LINUX % {'monkey_filename': dest_path.split("/")[-1]} + monkey_options
            monkey_cmdline = GENERAL_CMDLINE_LINUX % {'monkey_directory': dest_path[0:dest_path.rfind("/")],
                                                      'monkey_commandline': inner_monkey_cmdline}

        monkey_process = subprocess.Popen(monkey_cmdline, shell=True,
                                          stdin=None, stdout=None, stderr=None,
                                          close_fds=True, creationflags=DETACHED_PROCESS)

        LOG.info("Executed monkey process (PID=%d) with command line: %s",
                 monkey_process.pid, monkey_cmdline)

        time.sleep(3)
        if monkey_process.poll() is not None:
            LOG.warn("Seems like monkey died too soon")

    def cleanup(self):
        try:
            if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \
                    os.path.exists(self._config['source_path']) and \
                    WormConfiguration.dropper_try_move_first:

                # try removing the file first
                try:
                    os.remove(self._config['source_path'])
                except Exception as exc:
                    LOG.debug("Error removing source file '%s': %s", self._config['source_path'], exc)

                    # mark the file for removal on next boot
                    dropper_source_path_ctypes = c_char_p(self._config['source_path'])
                    if 0 == ctypes.windll.kernel32.MoveFileExA(dropper_source_path_ctypes, None,
                                                               MOVEFILE_DELAY_UNTIL_REBOOT):
                        LOG.debug("Error marking source file '%s' for deletion on next boot (error %d)",
                                  self._config['source_path'], ctypes.windll.kernel32.GetLastError())
                    else:
                        LOG.debug("Dropper source file '%s' is marked for deletion on next boot",
                                  self._config['source_path'])
        except AttributeError:
            LOG.error("Invalid configuration options. Failing")
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`import argparse`
first commit 2015-08-30 15:27:35 +08:00			`import ctypes`
			`import logging`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`import os`
			`import pprint`
			`import shutil`
first commit 2015-08-30 15:27:35 +08:00			`import subprocess`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`import sys`
			`import time`
first commit 2015-08-30 15:27:35 +08:00			`from ctypes import c_char_p`
Fix CR 2017-09-04 19:52:24 +08:00
Changed to a better file comparison function 2018-07-19 01:48:15 +08:00			`import filecmp`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`from config import WormConfiguration`
Fix CR 2017-09-04 19:52:24 +08:00			`from exploit.tools import build_monkey_commandline_explicitly`
minor fix in dropper Rename constants 2017-08-28 15:41:11 +08:00			`from model import MONKEY_CMDLINE_WINDOWS, MONKEY_CMDLINE_LINUX, GENERAL_CMDLINE_LINUX`
minor fix in dropper 2017-08-28 14:41:27 +08:00			`from system_info import SystemInfoCollector, OperatingSystem`
first commit 2015-08-30 15:27:35 +08:00
- c&c - support for virtual files (monkeyfs) - ssh exploitation - some linux support issues fixed 2015-09-29 22:58:06 +08:00			`if "win32" == sys.platform:`
			`from win32process import DETACHED_PROCESS`
			`else:`
			`DETACHED_PROCESS = 0`

Fix missing WindowsError on linux 2017-09-28 22:56:34 +08:00			`# Linux doesn't have WindowsError`
			`try:`
			`WindowsError`
			`except NameError:`
			`WindowsError = None`

first commit 2015-08-30 15:27:35 +08:00			`__author__ = 'itamar'`

			`LOG = logging.getLogger(__name__)`

			`MOVEFILE_DELAY_UNTIL_REBOOT = 4`

configuration print and meaningless spaces fixes 2015-11-26 21:48:47 +08:00
first commit 2015-08-30 15:27:35 +08:00			`class MonkeyDrops(object):`
			`def __init__(self, args):`
Add arg parsing to dropper 2017-08-28 00:18:11 +08:00			`arg_parser = argparse.ArgumentParser()`
			`arg_parser.add_argument('-p', '--parent')`
			`arg_parser.add_argument('-t', '--tunnel')`
			`arg_parser.add_argument('-s', '--server')`
Fixed most CR 2018-04-12 00:07:03 +08:00			`arg_parser.add_argument('-d', '--depth', type=int)`
Add arg parsing to dropper 2017-08-28 00:18:11 +08:00			`arg_parser.add_argument('-l', '--location')`
			`self.monkey_args = args[1:]`
			`self.opts, _ = arg_parser.parse_known_args(args)`

first commit 2015-08-30 15:27:35 +08:00			`self._config = {'source_path': os.path.abspath(sys.argv[0]),`
Add arg parsing to dropper 2017-08-28 00:18:11 +08:00			`'destination_path': self.opts.location}`
first commit 2015-08-30 15:27:35 +08:00
			`def initialize(self):`
			`LOG.debug("Dropper is running with config:\n%s", pprint.pformat(self._config))`

			`def start(self):`
Add arg parsing to dropper 2017-08-28 00:18:11 +08:00
			`if self._config['destination_path'] is None:`
Fix CR 2017-09-04 19:52:24 +08:00			`LOG.error("No destination path specified")`
Bugfix in dropper.py, return value in all fail paths 2018-04-17 19:16:46 +08:00			`return False`
Add arg parsing to dropper 2017-08-28 00:18:11 +08:00
first commit 2015-08-30 15:27:35 +08:00			`# we copy/move only in case path is different`
os.path.samefile does not work on windows. My code checks if files handlers are the same instead 2018-07-18 17:44:19 +08:00			`try:`
Changed to a better file comparison function 2018-07-19 01:48:15 +08:00			`file_moved = filecmp.cmp(self._config['source_path'], self._config['destination_path'])`
os.path.samefile does not work on windows. My code checks if files handlers are the same instead 2018-07-18 17:44:19 +08:00			`except OSError:`
			`file_moved = False`
first commit 2015-08-30 15:27:35 +08:00
Remove destination path if it exists (mostly for windows upgrade) Fix minor bug in dropper 2018-02-28 22:26:14 +08:00			`if not file_moved and os.path.exists(self._config['destination_path']):`
			`os.remove(self._config['destination_path'])`

first commit 2015-08-30 15:27:35 +08:00			`# first try to move the file`
			`if not file_moved and WormConfiguration.dropper_try_move_first:`
			`try:`
			`shutil.move(self._config['source_path'],`
			`self._config['destination_path'])`

			`LOG.info("Moved source file '%s' into '%s'",`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`self._config['source_path'], self._config['destination_path'])`
first commit 2015-08-30 15:27:35 +08:00
			`file_moved = True`
Fix missing WindowsError on linux 2017-09-28 22:56:34 +08:00			`except (WindowsError, IOError, OSError) as exc:`
first commit 2015-08-30 15:27:35 +08:00			`LOG.debug("Error moving source file '%s' into '%s': %s",`
			`self._config['source_path'], self._config['destination_path'],`
			`exc)`

			`# if file still need to change path, copy it`
			`if not file_moved:`
			`try:`
			`shutil.copy(self._config['source_path'],`
			`self._config['destination_path'])`

			`LOG.info("Copied source file '%s' into '%s'",`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`self._config['source_path'], self._config['destination_path'])`
Fix missing WindowsError on linux 2017-09-28 22:56:34 +08:00			`except (WindowsError, IOError, OSError) as exc:`
first commit 2015-08-30 15:27:35 +08:00			`LOG.error("Error copying source file '%s' into '%s': %s",`
			`self._config['source_path'], self._config['destination_path'],`
			`exc)`

			`return False`

			`if WormConfiguration.dropper_set_date:`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`if sys.platform == 'win32':`
			`dropper_date_reference_path = os.path.expandvars(WormConfiguration.dropper_date_reference_path_windows)`
			`else:`
			`dropper_date_reference_path = WormConfiguration.dropper_date_reference_path_linux`
first commit 2015-08-30 15:27:35 +08:00			`try:`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`ref_stat = os.stat(dropper_date_reference_path)`
PEP8 + Python exception 2017-10-01 23:03:33 +08:00			`except OSError as exc:`
first commit 2015-08-30 15:27:35 +08:00			`LOG.warn("Cannot set reference date using '%s', file not found",`
Expand config env variables on demand 2017-09-27 16:24:42 +08:00			`dropper_date_reference_path)`
first commit 2015-08-30 15:27:35 +08:00			`else:`
			`try:`
			`os.utime(self._config['destination_path'],`
			`(ref_stat.st_atime, ref_stat.st_mtime))`
			`except:`
			`LOG.warn("Cannot set reference date to destination file")`

Fixed most CR 2018-04-12 00:07:03 +08:00			`monkey_options =\`
			`build_monkey_commandline_explicitly(self.opts.parent, self.opts.tunnel, self.opts.server, self.opts.depth)`
minor fix in dropper Rename constants 2017-08-28 15:41:11 +08:00
			`if OperatingSystem.Windows == SystemInfoCollector.get_os():`
			`monkey_cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': self._config['destination_path']} + monkey_options`
			`else:`
			`dest_path = self._config['destination_path']`
Fix CR 2017-09-04 19:52:24 +08:00			`# In linux we have a more complex commandline. There's a general outer one, and the inner one which actually`
			`# runs the monkey`
			`inner_monkey_cmdline = MONKEY_CMDLINE_LINUX % {'monkey_filename': dest_path.split("/")[-1]} + monkey_options`
minor fix in dropper Rename constants 2017-08-28 15:41:11 +08:00			`monkey_cmdline = GENERAL_CMDLINE_LINUX % {'monkey_directory': dest_path[0:dest_path.rfind("/")],`
Fix CR 2017-09-04 19:52:24 +08:00			`'monkey_commandline': inner_monkey_cmdline}`
minor fix in dropper 2017-08-28 14:41:27 +08:00
first commit 2015-08-30 15:27:35 +08:00			`monkey_process = subprocess.Popen(monkey_cmdline, shell=True,`
			`stdin=None, stdout=None, stderr=None,`
			`close_fds=True, creationflags=DETACHED_PROCESS)`

			`LOG.info("Executed monkey process (PID=%d) with command line: %s",`
			`monkey_process.pid, monkey_cmdline)`

			`time.sleep(3)`
			`if monkey_process.poll() is not None:`
			`LOG.warn("Seems like monkey died too soon")`

			`def cleanup(self):`
Bugfix in dropper.py, handle gracefully failure in cleanup 2018-04-17 19:20:21 +08:00			`try:`
			`if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \`
			`os.path.exists(self._config['source_path']) and \`
			`WormConfiguration.dropper_try_move_first:`
first commit 2015-08-30 15:27:35 +08:00
Bugfix in dropper.py, handle gracefully failure in cleanup 2018-04-17 19:20:21 +08:00			`# try removing the file first`
			`try:`
			`os.remove(self._config['source_path'])`
			`except Exception as exc:`
			`LOG.debug("Error removing source file '%s': %s", self._config['source_path'], exc)`

			`# mark the file for removal on next boot`
			`dropper_source_path_ctypes = c_char_p(self._config['source_path'])`
			`if 0 == ctypes.windll.kernel32.MoveFileExA(dropper_source_path_ctypes, None,`
			`MOVEFILE_DELAY_UNTIL_REBOOT):`
			`LOG.debug("Error marking source file '%s' for deletion on next boot (error %d)",`
			`self._config['source_path'], ctypes.windll.kernel32.GetLastError())`
			`else:`
			`LOG.debug("Dropper source file '%s' is marked for deletion on next boot",`
			`self._config['source_path'])`
			`except AttributeError:`
			`LOG.error("Invalid configuration options. Failing")`