Agent: Use random instead of random.SystemRandom

The calls to random doesn't need to be cryptographically secure. SystemRandom can block in Linux indefinitely.
2022-03-16 13:02:48 +01:00 · 2022-03-16 13:02:48 +01:00 · 55f969b44f
parent 747365818f
commit 55f969b44f
3 changed files with 10 additions and 7 deletions
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -6,8 +6,8 @@

 import json
 import posixpath
+import random
 import string
-from random import SystemRandom

 import requests

@ -71,10 +71,11 @@ class HadoopExploiter(WebRCE):
        )
        resp = json.loads(resp.content)
        app_id = resp["application-id"]
+
        # Create a random name for our application in YARN
-        safe_random = SystemRandom()
+        # random.SystemRandom can block indefinitely in Linux
        rand_name = ID_STRING + "".join(
-            [safe_random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
+            [random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]  # noqa: DUO102
        )
        payload = self._build_payload(app_id, rand_name, command)
        resp = requests.post(
--- a/monkey/infection_monkey/exploit/powershell.py
+++ b/monkey/infection_monkey/exploit/powershell.py
@ -114,6 +114,8 @@ class PowerShellExploiter(HostExploiter):
        self._try_ssl_login(use_ssl=True)

    def _try_ssl_login(self, use_ssl: bool):
+        # '.\' is machine qualifier if the user is in the local domain
+        # which happens if we try to exploit a machine on second hop
        credentials = Credentials(
            username=".\\dummy_username",
            secret="dummy_password",
--- a/monkey/infection_monkey/exploit/tools/helpers.py
+++ b/monkey/infection_monkey/exploit/tools/helpers.py
@ -1,9 +1,9 @@
 import logging
+import random
+import string
 from typing import Any, Mapping

 from infection_monkey.model import VictimHost
-import string
-from random import SystemRandom

 logger = logging.getLogger(__name__)

@ -27,8 +27,8 @@ def get_target_monkey_by_os(is_windows, is_32bit):

 def get_random_file_suffix() -> str:
    character_set = list(string.ascii_letters + string.digits + "_" + "-")
-    safe_random = SystemRandom()
-    random_string = "".join(safe_random.choices(character_set, k=8))
+    # random.SystemRandom can block indefinitely in Linux
+    random_string = "".join(random.choices(character_set, k=8))  # noqa: DUO102
    return random_string