Merge pull request #66 from guardicore/hotfix/various-exploit-fixes

Hotfix/various exploit fixes
2017-10-24 16:18:12 +03:00 · 2017-10-24 16:18:12 +03:00 · 1f6c5ffecb
parent 9f2e3a8db0 17d3795581
commit 1f6c5ffecb
3 changed files with 8 additions and 6 deletions
--- a/chaos_monkey/exploit/shellshock.py
+++ b/chaos_monkey/exploit/shellshock.py
@ -99,7 +99,7 @@ class ShellShockExploiter(HostExploiter):
                LOG.info("Host %s was already infected under the current configuration, done" % self.host)
                return True  # return already infected

-            src_path = src_path or get_target_monkey(self.host)
+            src_path = get_target_monkey(self.host)
            if not src_path:
                LOG.info("Can't find suitable monkey executable for host %r", self.host)
                return False
--- a/chaos_monkey/exploit/smbexec.py
+++ b/chaos_monkey/exploit/smbexec.py
@ -86,11 +86,11 @@ class SmbExploiter(HostExploiter):

        # execute the remote dropper in case the path isn't final
        if remote_full_path.lower() != self._config.dropper_target_path.lower():
-            cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path}
+            cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
+                      build_monkey_commandline(self.host, get_monkey_depth() - 1, self._config.dropper_target_path)
        else:
-            cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path}
-
-        cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
+            cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {'monkey_path': remote_full_path} + \
+                      build_monkey_commandline(self.host, get_monkey_depth() - 1)

        for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
            rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
--- a/chaos_monkey/exploit/tools.py
+++ b/chaos_monkey/exploit/tools.py
@ -389,7 +389,9 @@ class HTTPTools(object):

 def get_interface_to_target(dst):
    if sys.platform == "win32":
-        return get_close_matches(dst, local_ips())[0]
+        ips = local_ips()
+        matches = get_close_matches(dst, ips)
+        return matches[0] if (len(matches) > 0) else ips[0]
    else:
        # based on scapy implementation