p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent: Change agent permissions to 700 in SSH exploiter 

Changing the permissions to 777 introduces a security risk into the
target host. A malicious attacker with local access can potentially
modify the binary, resulting in code execution and privilege escalation
when the attacking agent launches the agent on the victim.

Issue #1750
This commit is contained in:
Mike Salvatore 2022-02-28 11:51:34 -05:00
parent eea07461c5
commit caa6405315
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -56,6 +56,9 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
### Security ### Security
- Change SSH exploiter so that it does not set the permissions of the agent
binary in /tmp on the target system to 777, as this could allow a malicious
actor with local access to escalate their privileges. #1750
## [1.13.0] - 2022-01-25 ## [1.13.0] - 2022-01-25
### Added ### Added
- A new exploiter that allows propagation via the Log4Shell vulnerability - A new exploiter that allows propagation via the Log4Shell vulnerability

19
monkey/infection_monkey/exploit/sshexec.py
View File

@ -170,15 +170,8 @@ class SSHExploiter(HostExploiter):
file_size=monkeyfs.getsize(src_path), file_size=monkeyfs.getsize(src_path),
callback=self.log_transfer, callback=self.log_transfer,
) )
ftp.chmod(self.options["dropper_target_path_linux"], 0o777) self._make_agent_executable(ftp)
status = ScanStatus.USED status = ScanStatus.USED
self.telemetry_messenger.send_telemetry(
T1222Telem(
ScanStatus.USED,
"chmod 0777 %s" % self.options["dropper_target_path_linux"],
self.host,
)
)
ftp.close() ftp.close()
except Exception as exc: except Exception as exc:
self.exploit_result.error_message = ( self.exploit_result.error_message = (
@ -221,3 +214,13 @@ class SSHExploiter(HostExploiter):
logger.error(self.exploit_result.error_message) logger.error(self.exploit_result.error_message)
return self.exploit_result return self.exploit_result
def _make_agent_executable(self, ftp: paramiko.sftp_client.SFTPClient):
ftp.chmod(self.options["dropper_target_path_linux"], 0o700)
self.telemetry_messenger.send_telemetry(
T1222Telem(
ScanStatus.USED,
"chmod 0700 %s" % self.options["dropper_target_path_linux"],
self.host,
)
)