From 4ac7c0197654ba26b4ba7136921a3533db75d218 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:32:52 -0500 Subject: [PATCH 1/3] agent: add 2 new log statements to the dropper --- monkey/infection_monkey/dropper.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index cb7be181d..d98eb8e9e 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -145,6 +145,8 @@ class MonkeyDrops(object): LOG.warning("Seems like monkey died too soon") def cleanup(self): + LOG.info("Cleaning up the dropper") + try: if (self._config['source_path'].lower() != self._config['destination_path'].lower()) and \ os.path.exists(self._config['source_path']) and \ @@ -166,5 +168,7 @@ class MonkeyDrops(object): LOG.debug("Dropper source file '%s' is marked for deletion on next boot", self._config['source_path']) T1106Telem(ScanStatus.USED, UsageEnum.DROPPER_WINAPI).send() + + LOG.info("Dropper cleanup complete") except AttributeError: LOG.error("Invalid configuration options. Failing") From e7528e95448e2298a191ca6930f9eaea1a895186 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:35:38 -0500 Subject: [PATCH 2/3] agent: Use PIPE for stdin, stdout, and stderr in dropper The dropper is expected to detatch the child monkey agent process. If stdin, stdout, and stderr are set to `None`, the child process inherits them. Since the child process inherits the parent's file descriptors and holds them open, issues like #1026 can occur. --- monkey/infection_monkey/dropper.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index d98eb8e9e..9b374c9f1 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -134,7 +134,9 @@ class MonkeyDrops(object): 'monkey_commandline': inner_monkey_cmdline} monkey_process = subprocess.Popen(monkey_cmdline, shell=True, - stdin=None, stdout=None, stderr=None, + stdin=subprocess.PIPE, + stdout=subprocess.PIPE, + stderr=subprocess.PIPE, close_fds=True, creationflags=DETACHED_PROCESS) LOG.info("Executed monkey process (PID=%d) with command line: %s", From 3714dd2f6f184a2c4f625e54abb820ed768981db Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Tue, 9 Mar 2021 11:39:44 -0500 Subject: [PATCH 3/3] agent: Use the dropper in the DrupalExploiter Fixes #1026 --- monkey/infection_monkey/exploit/drupal.py | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/exploit/drupal.py b/monkey/infection_monkey/exploit/drupal.py index 5872f4703..04b0ce431 100644 --- a/monkey/infection_monkey/exploit/drupal.py +++ b/monkey/infection_monkey/exploit/drupal.py @@ -36,6 +36,7 @@ class DrupalExploiter(WebRCE): exploit_config = super(DrupalExploiter, self).get_exploit_config() exploit_config['url_extensions'] = ['node/', # In Linux, no path is added 'drupal/node/'] # However, Bitnami installations are under /drupal + exploit_config['dropper'] = True return exploit_config def add_vulnerable_urls(self, potential_urls, stop_checking=False):