forked from p15670423/monkey
Agent: Use random instead of random.SystemRandom
The calls to random doesn't need to be cryptographically secure. SystemRandom can block in Linux indefinitely.
This commit is contained in:
Ilija Lazoroski
parent
747365818f
commit
55f969b44f
|
|
@ -6,8 +6,8 @@
|
||||||
|
|
||||||
import json
|
import json
|
||||||
import posixpath
|
import posixpath
|
||||||
|
import random
|
||||||
import string
|
import string
|
||||||
from random import SystemRandom
|
|
||||||
|
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
|
|
@ -71,10 +71,11 @@ class HadoopExploiter(WebRCE):
|
||||||
)
|
)
|
||||||
resp = json.loads(resp.content)
|
resp = json.loads(resp.content)
|
||||||
app_id = resp["application-id"]
|
app_id = resp["application-id"]
|
||||||
|
|
||||||
# Create a random name for our application in YARN
|
# Create a random name for our application in YARN
|
||||||
safe_random = SystemRandom()
|
# random.SystemRandom can block indefinitely in Linux
|
||||||
rand_name = ID_STRING + "".join(
|
rand_name = ID_STRING + "".join(
|
||||||
[safe_random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
|
[random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)] # noqa: DUO102
|
||||||
)
|
)
|
||||||
payload = self._build_payload(app_id, rand_name, command)
|
payload = self._build_payload(app_id, rand_name, command)
|
||||||
resp = requests.post(
|
resp = requests.post(
|
||||||
|
|
|
||||||
|
|
@ -114,6 +114,8 @@ class PowerShellExploiter(HostExploiter):
|
||||||
self._try_ssl_login(use_ssl=True)
|
self._try_ssl_login(use_ssl=True)
|
||||||
|
|
||||||
def _try_ssl_login(self, use_ssl: bool):
|
def _try_ssl_login(self, use_ssl: bool):
|
||||||
|
# '.\' is machine qualifier if the user is in the local domain
|
||||||
|
# which happens if we try to exploit a machine on second hop
|
||||||
credentials = Credentials(
|
credentials = Credentials(
|
||||||
username=".\\dummy_username",
|
username=".\\dummy_username",
|
||||||
secret="dummy_password",
|
secret="dummy_password",
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
import logging
|
import logging
|
||||||
|
import random
|
||||||
|
import string
|
||||||
from typing import Any, Mapping
|
from typing import Any, Mapping
|
||||||
|
|
||||||
from infection_monkey.model import VictimHost
|
from infection_monkey.model import VictimHost
|
||||||
import string
|
|
||||||
from random import SystemRandom
|
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
@ -27,8 +27,8 @@ def get_target_monkey_by_os(is_windows, is_32bit):
|
||||||
|
|
||||||
def get_random_file_suffix() -> str:
|
def get_random_file_suffix() -> str:
|
||||||
character_set = list(string.ascii_letters + string.digits + "_" + "-")
|
character_set = list(string.ascii_letters + string.digits + "_" + "-")
|
||||||
safe_random = SystemRandom()
|
# random.SystemRandom can block indefinitely in Linux
|
||||||
random_string = "".join(safe_random.choices(character_set, k=8))
|
random_string = "".join(random.choices(character_set, k=8)) # noqa: DUO102
|
||||||
return random_string
|
return random_string
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue