From 04c79d1b3ca3762dfe4b90296a02a591ea704ba2 Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Tue, 7 Nov 2017 10:30:28 +0200 Subject: [PATCH 1/2] Fix shellshock bug where service name wasn't available --- chaos_monkey/exploit/shellshock.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chaos_monkey/exploit/shellshock.py b/chaos_monkey/exploit/shellshock.py index 97c950a18..bca03b6ea 100644 --- a/chaos_monkey/exploit/shellshock.py +++ b/chaos_monkey/exploit/shellshock.py @@ -38,8 +38,10 @@ class ShellShockExploiter(HostExploiter): def exploit_host(self): # start by picking ports - candidate_services = {service: self.host.services[service] for service in self.host.services if - self.host.services[service]['name'] == 'http'} + candidate_services = { + service: self.host.services[service] for service in self.host.services if + ('name' in self.host.services[service]) and (self.host.services[service]['name'] == 'http') + } valid_ports = [(port, candidate_services['tcp-' + str(port)]['data'][1]) for port in self.HTTP if 'tcp-' + str(port) in candidate_services] From 1ad37b1dade83b622ddeb862ee8f9a2fdc6692ff Mon Sep 17 00:00:00 2001 From: Itay Mizeretz Date: Tue, 7 Nov 2017 14:54:11 +0200 Subject: [PATCH 2/2] Fix bug where 'dead' property of monkey wasn't defined --- monkey_island/cc/resources/monkey.py | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey_island/cc/resources/monkey.py b/monkey_island/cc/resources/monkey.py index 2e2da8a5d..c87adc245 100644 --- a/monkey_island/cc/resources/monkey.py +++ b/monkey_island/cc/resources/monkey.py @@ -53,6 +53,7 @@ class Monkey(flask_restful.Resource): def post(self, **kw): monkey_json = json.loads(request.data) + monkey_json['dead'] = False if 'keepalive' in monkey_json: monkey_json['keepalive'] = dateutil.parser.parse(monkey_json['keepalive']) else: