forked from p15670423/monkey
Merge pull request #1248 from guardicore/string-templating-dropper-upgrader
Added string templating functions for infection monkey dropper.
This commit is contained in:
commit
524fd0f55e
|
@ -4,7 +4,6 @@ import filecmp
|
||||||
import logging
|
import logging
|
||||||
import os
|
import os
|
||||||
import pprint
|
import pprint
|
||||||
import shlex
|
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
@ -13,10 +12,13 @@ from ctypes import c_char_p
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
|
||||||
from infection_monkey.model import MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
|
|
||||||
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
||||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||||
|
from infection_monkey.utils.commands import (
|
||||||
|
build_monkey_commandline_explicitly,
|
||||||
|
get_monkey_commandline_linux,
|
||||||
|
get_monkey_commandline_windows,
|
||||||
|
)
|
||||||
|
|
||||||
if "win32" == sys.platform:
|
if "win32" == sys.platform:
|
||||||
from win32process import DETACHED_PROCESS
|
from win32process import DETACHED_PROCESS
|
||||||
|
@ -143,19 +145,12 @@ class MonkeyDrops(object):
|
||||||
)
|
)
|
||||||
|
|
||||||
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
monkey_commandline = get_monkey_commandline_windows(
|
||||||
# the necessary parameters and returns a list of arguments.
|
self._config["destination_path"], monkey_options
|
||||||
monkey_cmdline = (
|
|
||||||
MONKEY_CMDLINE_WINDOWS % {"monkey_path": self._config["destination_path"]}
|
|
||||||
+ monkey_options
|
|
||||||
)
|
|
||||||
monkey_cmdline_split = shlex.split(
|
|
||||||
monkey_cmdline,
|
|
||||||
posix=False, # won't try resolving "\" in paths as part of escape sequences
|
|
||||||
)
|
)
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_commandline,
|
||||||
stdin=subprocess.PIPE,
|
stdin=subprocess.PIPE,
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE,
|
stderr=subprocess.PIPE,
|
||||||
|
@ -166,16 +161,11 @@ class MonkeyDrops(object):
|
||||||
dest_path = self._config["destination_path"]
|
dest_path = self._config["destination_path"]
|
||||||
# In Linux, we need to change the directory first, which is done
|
# In Linux, we need to change the directory first, which is done
|
||||||
# using thw `cwd` argument in `subprocess.Popen` below
|
# using thw `cwd` argument in `subprocess.Popen` below
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
|
||||||
# the necessary parameters and returns a list of arguments.
|
monkey_commandline = get_monkey_commandline_linux(dest_path, monkey_options)
|
||||||
monkey_cmdline = (
|
|
||||||
MONKEY_CMDLINE_LINUX % {"monkey_filename": dest_path.split("/")[-1]}
|
|
||||||
+ monkey_options
|
|
||||||
)
|
|
||||||
monkey_cmdline_split = shlex.split(monkey_cmdline)
|
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_commandline,
|
||||||
stdin=subprocess.PIPE,
|
stdin=subprocess.PIPE,
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE,
|
stderr=subprocess.PIPE,
|
||||||
|
@ -187,7 +177,7 @@ class MonkeyDrops(object):
|
||||||
LOG.info(
|
LOG.info(
|
||||||
"Executed monkey process (PID=%d) with command line: %s",
|
"Executed monkey process (PID=%d) with command line: %s",
|
||||||
monkey_process.pid,
|
monkey_process.pid,
|
||||||
monkey_cmdline,
|
" ".join(monkey_commandline),
|
||||||
)
|
)
|
||||||
|
|
||||||
time.sleep(3)
|
time.sleep(3)
|
||||||
|
|
|
@ -13,7 +13,7 @@ from random import SystemRandom
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.exploit.web_rce import WebRCE
|
from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
|
@ -22,6 +22,7 @@ from infection_monkey.model import (
|
||||||
ID_STRING,
|
ID_STRING,
|
||||||
MONKEY_ARG,
|
MONKEY_ARG,
|
||||||
)
|
)
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
|
@ -8,14 +8,11 @@ import pymssql
|
||||||
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_monkey_dest_path
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_monkey_dest_path,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
||||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -36,16 +36,13 @@ from impacket.smbconnection import SMBConnection
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey_by_os
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey_by_os,
|
|
||||||
)
|
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.network.smbfinger import SMB_SERVICE
|
from infection_monkey.network.smbfinger import SMB_SERVICE
|
||||||
from infection_monkey.network.tools import get_interface_to_target
|
from infection_monkey.network.tools import get_interface_to_target
|
||||||
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
|
||||||
|
|
|
@ -10,14 +10,11 @@ import requests
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "danielg"
|
__author__ = "danielg"
|
||||||
|
|
||||||
|
|
|
@ -5,16 +5,13 @@ from impacket.dcerpc.v5 import scmr, transport
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -9,15 +9,12 @@ from common.utils.attack_utils import ScanStatus
|
||||||
from common.utils.exceptions import FailedExploitationError
|
from common.utils.exceptions import FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.model import MONKEY_ARG
|
from infection_monkey.model import MONKEY_ARG
|
||||||
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "hoffer"
|
__author__ = "hoffer"
|
||||||
|
|
||||||
|
|
|
@ -45,42 +45,6 @@ def get_target_monkey_by_os(is_windows, is_32bit):
|
||||||
return ControlClient.download_monkey_exe_by_os(is_windows, is_32bit)
|
return ControlClient.download_monkey_exe_by_os(is_windows, is_32bit)
|
||||||
|
|
||||||
|
|
||||||
def build_monkey_commandline_explicitly(
|
|
||||||
parent=None, tunnel=None, server=None, depth=None, location=None, vulnerable_port=None
|
|
||||||
):
|
|
||||||
cmdline = ""
|
|
||||||
|
|
||||||
if parent is not None:
|
|
||||||
cmdline += f" -p {parent}"
|
|
||||||
if tunnel is not None:
|
|
||||||
cmdline += f" -t {tunnel}"
|
|
||||||
if server is not None:
|
|
||||||
cmdline += f" -s {server}"
|
|
||||||
if depth is not None:
|
|
||||||
if int(depth) < 0:
|
|
||||||
depth = 0
|
|
||||||
cmdline += f" -d {depth}"
|
|
||||||
if location is not None:
|
|
||||||
cmdline += f" -l {location}"
|
|
||||||
if vulnerable_port is not None:
|
|
||||||
cmdline += f" -vp {vulnerable_port}"
|
|
||||||
|
|
||||||
return cmdline
|
|
||||||
|
|
||||||
|
|
||||||
def build_monkey_commandline(target_host, depth, vulnerable_port, location=None):
|
|
||||||
from infection_monkey.config import GUID
|
|
||||||
|
|
||||||
return build_monkey_commandline_explicitly(
|
|
||||||
GUID,
|
|
||||||
target_host.default_tunnel,
|
|
||||||
target_host.default_server,
|
|
||||||
depth,
|
|
||||||
location,
|
|
||||||
vulnerable_port,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_depth():
|
def get_monkey_depth():
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
|
|
||||||
|
|
|
@ -11,11 +11,7 @@ from logging import getLogger
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
CHMOD_MONKEY,
|
CHMOD_MONKEY,
|
||||||
|
@ -25,6 +21,7 @@ from infection_monkey.model import (
|
||||||
WGET_HTTP_UPLOAD,
|
WGET_HTTP_UPLOAD,
|
||||||
)
|
)
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,7 @@ from posixpath import join
|
||||||
|
|
||||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
BITSADMIN_CMDLINE_HTTP,
|
BITSADMIN_CMDLINE_HTTP,
|
||||||
|
@ -28,6 +24,7 @@ from infection_monkey.model import (
|
||||||
from infection_monkey.network.tools import tcp_port_to_service
|
from infection_monkey.network.tools import tcp_port_to_service
|
||||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
|
@ -16,15 +16,12 @@ from impacket.dcerpc.v5 import transport
|
||||||
|
|
||||||
from common.utils.shellcode_obfuscator import clarify
|
from common.utils.shellcode_obfuscator import clarify
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
from infection_monkey.utils.random_password_generator import get_random_password
|
from infection_monkey.utils.random_password_generator import get_random_password
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
|
@ -7,14 +7,11 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||||
|
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,9 @@ DROPPER_ARG = "dr0pp3r"
|
||||||
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
||||||
|
|
||||||
# CMD prefix for windows commands
|
# CMD prefix for windows commands
|
||||||
CMD_PREFIX = "cmd.exe /c"
|
CMD_EXE = "cmd.exe"
|
||||||
|
CMD_CARRY_OUT = "/c"
|
||||||
|
CMD_PREFIX = CMD_EXE + " " + CMD_CARRY_OUT
|
||||||
DROPPER_CMDLINE_WINDOWS = "%s %%(dropper_path)s %s" % (
|
DROPPER_CMDLINE_WINDOWS = "%s %%(dropper_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
DROPPER_ARG,
|
DROPPER_ARG,
|
||||||
|
@ -16,7 +18,6 @@ MONKEY_CMDLINE_WINDOWS = "%s %%(monkey_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
MONKEY_ARG,
|
MONKEY_ARG,
|
||||||
)
|
)
|
||||||
MONKEY_CMDLINE_LINUX = "./%%(monkey_filename)s %s" % (MONKEY_ARG,)
|
|
||||||
DROPPER_CMDLINE_DETACHED_WINDOWS = "%s start cmd /c %%(dropper_path)s %s" % (
|
DROPPER_CMDLINE_DETACHED_WINDOWS = "%s start cmd /c %%(dropper_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
DROPPER_ARG,
|
DROPPER_ARG,
|
||||||
|
|
|
@ -0,0 +1,65 @@
|
||||||
|
from infection_monkey.config import GUID
|
||||||
|
from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
|
||||||
|
from infection_monkey.model.host import VictimHost
|
||||||
|
|
||||||
|
|
||||||
|
def build_monkey_commandline(
|
||||||
|
target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None
|
||||||
|
) -> str:
|
||||||
|
|
||||||
|
return " " + " ".join(
|
||||||
|
build_monkey_commandline_explicitly(
|
||||||
|
GUID,
|
||||||
|
target_host.default_tunnel,
|
||||||
|
target_host.default_server,
|
||||||
|
depth,
|
||||||
|
location,
|
||||||
|
vulnerable_port,
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def build_monkey_commandline_explicitly(
|
||||||
|
parent: str = None,
|
||||||
|
tunnel: str = None,
|
||||||
|
server: str = None,
|
||||||
|
depth: int = None,
|
||||||
|
location: str = None,
|
||||||
|
vulnerable_port: str = None,
|
||||||
|
) -> list:
|
||||||
|
cmdline = []
|
||||||
|
|
||||||
|
if parent is not None:
|
||||||
|
cmdline.append("-p")
|
||||||
|
cmdline.append(str(parent))
|
||||||
|
if tunnel is not None:
|
||||||
|
cmdline.append("-t")
|
||||||
|
cmdline.append(str(tunnel))
|
||||||
|
if server is not None:
|
||||||
|
cmdline.append("-s")
|
||||||
|
cmdline.append(str(server))
|
||||||
|
if depth is not None:
|
||||||
|
if int(depth) < 0:
|
||||||
|
depth = 0
|
||||||
|
cmdline.append("-d")
|
||||||
|
cmdline.append(str(depth))
|
||||||
|
if location is not None:
|
||||||
|
cmdline.append("-l")
|
||||||
|
cmdline.append(str(location))
|
||||||
|
if vulnerable_port is not None:
|
||||||
|
cmdline.append("-vp")
|
||||||
|
cmdline.append(str(vulnerable_port))
|
||||||
|
|
||||||
|
return cmdline
|
||||||
|
|
||||||
|
|
||||||
|
def get_monkey_commandline_windows(destination_path: str, monkey_cmd_args: list) -> list:
|
||||||
|
monkey_cmdline = [CMD_EXE, CMD_CARRY_OUT, destination_path, MONKEY_ARG]
|
||||||
|
|
||||||
|
return monkey_cmdline + monkey_cmd_args
|
||||||
|
|
||||||
|
|
||||||
|
def get_monkey_commandline_linux(destination_path: str, monkey_cmd_args: list) -> list:
|
||||||
|
monkey_cmdline = [destination_path, MONKEY_ARG]
|
||||||
|
|
||||||
|
return monkey_cmdline + monkey_cmd_args
|
|
@ -1,5 +1,4 @@
|
||||||
import logging
|
import logging
|
||||||
import shlex
|
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
@ -8,8 +7,10 @@ import time
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
from infection_monkey.utils.commands import (
|
||||||
from infection_monkey.model import MONKEY_CMDLINE_WINDOWS
|
build_monkey_commandline_explicitly,
|
||||||
|
get_monkey_commandline_windows,
|
||||||
|
)
|
||||||
from infection_monkey.utils.environment import is_64bit_python, is_64bit_windows_os, is_windows_os
|
from infection_monkey.utils.environment import is_64bit_python, is_64bit_windows_os, is_windows_os
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -46,20 +47,12 @@ class WindowsUpgrader(object):
|
||||||
opts.parent, opts.tunnel, opts.server, opts.depth
|
opts.parent, opts.tunnel, opts.server, opts.depth
|
||||||
)
|
)
|
||||||
|
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
monkey_cmdline = get_monkey_commandline_windows(
|
||||||
# the necessary parameters and returns a list of arguments.
|
WormConfiguration.dropper_target_path_win_64, monkey_options
|
||||||
monkey_cmdline = (
|
|
||||||
MONKEY_CMDLINE_WINDOWS % {"monkey_path": WormConfiguration.dropper_target_path_win_64}
|
|
||||||
+ monkey_options
|
|
||||||
)
|
|
||||||
|
|
||||||
monkey_cmdline_split = shlex.split(
|
|
||||||
monkey_cmdline,
|
|
||||||
posix=False, # won't try resolving "\" in paths as part of escape sequences
|
|
||||||
)
|
)
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_cmdline,
|
||||||
stdin=None,
|
stdin=None,
|
||||||
stdout=None,
|
stdout=None,
|
||||||
stderr=None,
|
stderr=None,
|
||||||
|
@ -70,7 +63,7 @@ class WindowsUpgrader(object):
|
||||||
LOG.info(
|
LOG.info(
|
||||||
"Executed 64bit monkey process (PID=%d) with command line: %s",
|
"Executed 64bit monkey process (PID=%d) with command line: %s",
|
||||||
monkey_process.pid,
|
monkey_process.pid,
|
||||||
monkey_cmdline,
|
" ".join(monkey_cmdline),
|
||||||
)
|
)
|
||||||
|
|
||||||
time.sleep(WindowsUpgrader.__UPGRADE_WAIT_TIME__)
|
time.sleep(WindowsUpgrader.__UPGRADE_WAIT_TIME__)
|
||||||
|
|
|
@ -1,23 +0,0 @@
|
||||||
import unittest
|
|
||||||
|
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
|
||||||
|
|
||||||
|
|
||||||
class TestHelpers(unittest.TestCase):
|
|
||||||
def test_build_monkey_commandline_explicitly(self):
|
|
||||||
test1 = " -p 101010 -t 10.10.101.10 -s 127.127.127.127:5000 -d 0 -l C:\\windows\\abc -vp 80"
|
|
||||||
result1 = build_monkey_commandline_explicitly(
|
|
||||||
101010, "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", 80
|
|
||||||
)
|
|
||||||
|
|
||||||
test2 = " -p parent -s 127.127.127.127:5000 -d 0 -vp 80"
|
|
||||||
result2 = build_monkey_commandline_explicitly(
|
|
||||||
parent="parent", server="127.127.127.127:5000", depth="0", vulnerable_port="80"
|
|
||||||
)
|
|
||||||
|
|
||||||
self.assertEqual(test1, result1)
|
|
||||||
self.assertEqual(test2, result2)
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
unittest.main()
|
|
|
@ -0,0 +1,108 @@
|
||||||
|
from infection_monkey.config import GUID
|
||||||
|
from infection_monkey.model.host import VictimHost
|
||||||
|
from infection_monkey.utils.commands import (
|
||||||
|
build_monkey_commandline,
|
||||||
|
build_monkey_commandline_explicitly,
|
||||||
|
get_monkey_commandline_linux,
|
||||||
|
get_monkey_commandline_windows,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_monkey_commandline_explicitly_arguments():
|
||||||
|
expected = [
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
"-s",
|
||||||
|
"127.127.127.127:5000",
|
||||||
|
"-d",
|
||||||
|
"0",
|
||||||
|
"-l",
|
||||||
|
"C:\\windows\\abc",
|
||||||
|
"-vp",
|
||||||
|
"80",
|
||||||
|
]
|
||||||
|
actual = build_monkey_commandline_explicitly(
|
||||||
|
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80"
|
||||||
|
)
|
||||||
|
|
||||||
|
assert expected == actual
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_monkey_commandline_explicitly_depth_condition_less():
|
||||||
|
expected = [
|
||||||
|
"-d",
|
||||||
|
"0",
|
||||||
|
]
|
||||||
|
actual = build_monkey_commandline_explicitly(depth=-50)
|
||||||
|
|
||||||
|
assert expected == actual
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_monkey_commandline_explicitly_depth_condition_greater():
|
||||||
|
expected = [
|
||||||
|
"-d",
|
||||||
|
"50",
|
||||||
|
]
|
||||||
|
actual = build_monkey_commandline_explicitly(depth=50)
|
||||||
|
|
||||||
|
assert expected == actual
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_monkey_commandline_windows():
|
||||||
|
expected = [
|
||||||
|
"cmd.exe",
|
||||||
|
"/c",
|
||||||
|
"C:\\windows\\abc",
|
||||||
|
"m0nk3y",
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
]
|
||||||
|
actual = get_monkey_commandline_windows(
|
||||||
|
"C:\\windows\\abc",
|
||||||
|
[
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
assert expected == actual
|
||||||
|
|
||||||
|
|
||||||
|
def test_get_monkey_commandline_linux():
|
||||||
|
expected = [
|
||||||
|
"/home/user/monkey-linux-64",
|
||||||
|
"m0nk3y",
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
]
|
||||||
|
actual = get_monkey_commandline_linux(
|
||||||
|
"/home/user/monkey-linux-64",
|
||||||
|
[
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
assert expected == actual
|
||||||
|
|
||||||
|
|
||||||
|
def test_build_monkey_commandline():
|
||||||
|
example_host = VictimHost(ip_addr="bla")
|
||||||
|
example_host.set_default_server("101010")
|
||||||
|
|
||||||
|
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80"
|
||||||
|
actual = build_monkey_commandline(
|
||||||
|
target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla"
|
||||||
|
)
|
||||||
|
|
||||||
|
assert expected == actual
|
Loading…
Reference in New Issue