From db58b0b27d38c87af561d5b3947d73cafec0cc66 Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Fri, 3 Dec 2021 17:39:37 +0530 Subject: [PATCH] Agent, UT: Remove --vulnerable-port CLI argument --- monkey/infection_monkey/dropper.py | 1 - monkey/infection_monkey/exploit/hadoop.py | 4 +--- monkey/infection_monkey/exploit/mssqlexec.py | 4 +--- monkey/infection_monkey/exploit/powershell.py | 1 - monkey/infection_monkey/exploit/shellshock.py | 1 - monkey/infection_monkey/exploit/smbexec.py | 15 +-------------- monkey/infection_monkey/exploit/sshexec.py | 4 +--- .../infection_monkey/exploit/tools/http_tools.py | 4 ---- monkey/infection_monkey/exploit/web_rce.py | 10 ++-------- monkey/infection_monkey/exploit/win_ms08_067.py | 5 +---- monkey/infection_monkey/exploit/wmiexec.py | 6 +----- monkey/infection_monkey/exploit/zerologon.py | 1 - monkey/infection_monkey/monkey.py | 1 - monkey/infection_monkey/utils/commands.py | 9 +-------- .../infection_monkey/utils/test_commands.py | 10 +++------- 15 files changed, 12 insertions(+), 64 deletions(-) diff --git a/monkey/infection_monkey/dropper.py b/monkey/infection_monkey/dropper.py index e2f59e601..3a153bf44 100644 --- a/monkey/infection_monkey/dropper.py +++ b/monkey/infection_monkey/dropper.py @@ -139,7 +139,6 @@ class MonkeyDrops(object): server=self.opts.server, depth=self.opts.depth, location=None, - vulnerable_port=self.opts.vulnerable_port, ) if OperatingSystem.Windows == SystemInfoCollector.get_os(): diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index f221ebe1f..53a98bd5a 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -87,9 +87,7 @@ class HadoopExploiter(WebRCE): def build_command(self, path, http_path): # Build command to execute - monkey_cmd = build_monkey_commandline( - self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0] - ) + monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1) if "linux" in self.host.os["type"]: base_command = HADOOP_LINUX_COMMAND else: diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index ef88d6cf2..a3b6d8191 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -147,9 +147,7 @@ class MSSQLExploiter(HostExploiter): def get_monkey_launch_command(self): dst_path = get_monkey_dest_path(self.monkey_server.http_path) # Form monkey's launch command - monkey_args = build_monkey_commandline( - self.host, get_monkey_depth() - 1, MSSQLExploiter.SQL_DEFAULT_TCP_PORT, dst_path - ) + monkey_args = build_monkey_commandline(self.host, get_monkey_depth() - 1, dst_path) suffix = ">>{}".format(self.payload_file_path) prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX return MSSQLLimitedSizePayload( diff --git a/monkey/infection_monkey/exploit/powershell.py b/monkey/infection_monkey/exploit/powershell.py index f2883bb63..6db20b6a4 100644 --- a/monkey/infection_monkey/exploit/powershell.py +++ b/monkey/infection_monkey/exploit/powershell.py @@ -208,7 +208,6 @@ def build_monkey_execution_command(host: VictimHost, depth: int, executable_path monkey_params = build_monkey_commandline( target_host=host, depth=depth, - vulnerable_port=None, location=executable_path, ) diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index efe0c10cc..2f1284201 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -164,7 +164,6 @@ class ShellShockExploiter(HostExploiter): cmdline += build_monkey_commandline( self.host, get_monkey_depth() - 1, - HTTPTools.get_port_from_url(url), dropper_target_path_linux, ) cmdline += " & " diff --git a/monkey/infection_monkey/exploit/smbexec.py b/monkey/infection_monkey/exploit/smbexec.py index 8dfe8ed75..4dac63cd9 100644 --- a/monkey/infection_monkey/exploit/smbexec.py +++ b/monkey/infection_monkey/exploit/smbexec.py @@ -28,7 +28,6 @@ class SmbExploiter(HostExploiter): def __init__(self, host): super(SmbExploiter, self).__init__(host) - self.vulnerable_port = None def is_os_supported(self): if super(SmbExploiter, self).is_os_supported(): @@ -112,7 +111,6 @@ class SmbExploiter(HostExploiter): logger.debug("Exploiter SmbExec is giving up...") return False - self.set_vulnerable_port() # execute the remote dropper in case the path isn't final if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower(): cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % { @@ -120,15 +118,12 @@ class SmbExploiter(HostExploiter): } + build_monkey_commandline( self.host, get_monkey_depth() - 1, - self.vulnerable_port, self._config.dropper_target_path_win_32, ) else: cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % { "monkey_path": remote_full_path - } + build_monkey_commandline( - self.host, get_monkey_depth() - 1, vulnerable_port=self.vulnerable_port - ) + } + build_monkey_commandline(self.host, get_monkey_depth() - 1) smb_conn = False for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): @@ -198,11 +193,3 @@ class SmbExploiter(HostExploiter): ) ) return True - - def set_vulnerable_port(self): - if "tcp-445" in self.host.services: - self.vulnerable_port = "445" - elif "tcp-139" in self.host.services: - self.vulnerable_port = "139" - else: - self.vulnerable_port = None diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index be59b0ca6..0af7f7174 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -197,9 +197,7 @@ class SSHExploiter(HostExploiter): try: cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) - cmdline += build_monkey_commandline( - self.host, get_monkey_depth() - 1, vulnerable_port=SSH_PORT - ) + cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1) cmdline += " > /dev/null 2>&1 &" ssh.exec_command(cmdline) diff --git a/monkey/infection_monkey/exploit/tools/http_tools.py b/monkey/infection_monkey/exploit/tools/http_tools.py index 9ef73090b..25aca3321 100644 --- a/monkey/infection_monkey/exploit/tools/http_tools.py +++ b/monkey/infection_monkey/exploit/tools/http_tools.py @@ -80,10 +80,6 @@ class HTTPTools(object): httpd, ) - @staticmethod - def get_port_from_url(url: str) -> int: - return urllib.parse.urlparse(url).port - class MonkeyHTTPServer(HTTPTools): def __init__(self, host): diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index a8ce60a40..48fd19573 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -53,7 +53,6 @@ class WebRCE(HostExploiter): self.skip_exist = self._config.skip_exploit_if_file_exist self.vulnerable_urls = [] self.target_url = None - self.vulnerable_port = None def get_exploit_config(self): """ @@ -106,7 +105,6 @@ class WebRCE(HostExploiter): return False self.target_url = self.get_target_url() - self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url) # Skip if monkey already exists and this option is given if ( @@ -455,18 +453,14 @@ class WebRCE(HostExploiter): default_path = self.get_default_dropper_path() if default_path is False: return False - monkey_cmd = build_monkey_commandline( - self.host, get_monkey_depth() - 1, self.vulnerable_port, default_path - ) + monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path) command = RUN_MONKEY % { "monkey_path": path, "monkey_type": DROPPER_ARG, "parameters": monkey_cmd, } else: - monkey_cmd = build_monkey_commandline( - self.host, get_monkey_depth() - 1, self.vulnerable_port - ) + monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1) command = RUN_MONKEY % { "monkey_path": path, "monkey_type": MONKEY_ARG, diff --git a/monkey/infection_monkey/exploit/win_ms08_067.py b/monkey/infection_monkey/exploit/win_ms08_067.py index cff31e083..db6df1212 100644 --- a/monkey/infection_monkey/exploit/win_ms08_067.py +++ b/monkey/infection_monkey/exploit/win_ms08_067.py @@ -289,15 +289,12 @@ class Ms08_067_Exploiter(HostExploiter): } + build_monkey_commandline( self.host, get_monkey_depth() - 1, - SRVSVC_Exploit.TELNET_PORT, self._config.dropper_target_path_win_32, ) else: cmdline = MONKEY_CMDLINE_WINDOWS % { "monkey_path": remote_full_path - } + build_monkey_commandline( - self.host, get_monkey_depth() - 1, vulnerable_port=SRVSVC_Exploit.TELNET_PORT - ) + } + build_monkey_commandline(self.host, get_monkey_depth() - 1) try: sock.send(("start %s\r\n" % (cmdline,)).encode()) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index 5af6606c4..54095d1e7 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -20,7 +20,6 @@ class WmiExploiter(HostExploiter): _TARGET_OS_TYPE = ["windows"] EXPLOIT_TYPE = ExploitType.BRUTE_FORCE _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)" - VULNERABLE_PORT = 135 def __init__(self, host): super(WmiExploiter, self).__init__(host) @@ -113,15 +112,12 @@ class WmiExploiter(HostExploiter): } + build_monkey_commandline( self.host, get_monkey_depth() - 1, - WmiExploiter.VULNERABLE_PORT, self._config.dropper_target_path_win_32, ) else: cmdline = MONKEY_CMDLINE_WINDOWS % { "monkey_path": remote_full_path - } + build_monkey_commandline( - self.host, get_monkey_depth() - 1, WmiExploiter.VULNERABLE_PORT - ) + } + build_monkey_commandline(self.host, get_monkey_depth() - 1) # execute the remote monkey result = WmiTools.get_object(wmi_connection, "Win32_Process").Create( diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py index a43639614..a882b17de 100644 --- a/monkey/infection_monkey/exploit/zerologon.py +++ b/monkey/infection_monkey/exploit/zerologon.py @@ -36,7 +36,6 @@ class ZerologonExploiter(HostExploiter): def __init__(self, host: object): super().__init__(host) - self.vulnerable_port = None self.exploit_info["credentials"] = {} self.exploit_info["password_restored"] = None self._extracted_creds = {} diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py index 4eb959129..7236af3fd 100644 --- a/monkey/infection_monkey/monkey.py +++ b/monkey/infection_monkey/monkey.py @@ -50,7 +50,6 @@ class InfectionMonkey: arg_parser.add_argument("-t", "--tunnel") arg_parser.add_argument("-s", "--server") arg_parser.add_argument("-d", "--depth", type=int) - arg_parser.add_argument("-vp", "--vulnerable-port") opts, _ = arg_parser.parse_known_args(args) InfectionMonkey._log_arguments(opts) return opts diff --git a/monkey/infection_monkey/utils/commands.py b/monkey/infection_monkey/utils/commands.py index ee2f0153a..284729206 100644 --- a/monkey/infection_monkey/utils/commands.py +++ b/monkey/infection_monkey/utils/commands.py @@ -3,9 +3,7 @@ from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG from infection_monkey.model.host import VictimHost -def build_monkey_commandline( - target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None -) -> str: +def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str: return " " + " ".join( build_monkey_commandline_explicitly( @@ -14,7 +12,6 @@ def build_monkey_commandline( target_host.default_server, depth, location, - vulnerable_port, ) ) @@ -25,7 +22,6 @@ def build_monkey_commandline_explicitly( server: str = None, depth: int = None, location: str = None, - vulnerable_port: str = None, ) -> list: cmdline = [] @@ -46,9 +42,6 @@ def build_monkey_commandline_explicitly( if location is not None: cmdline.append("-l") cmdline.append(str(location)) - if vulnerable_port is not None: - cmdline.append("-vp") - cmdline.append(str(vulnerable_port)) return cmdline diff --git a/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py b/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py index a3f210533..5d33cb8ae 100644 --- a/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py +++ b/monkey/tests/unit_tests/infection_monkey/utils/test_commands.py @@ -20,11 +20,9 @@ def test_build_monkey_commandline_explicitly_arguments(): "0", "-l", "C:\\windows\\abc", - "-vp", - "80", ] actual = build_monkey_commandline_explicitly( - "101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80" + "101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc" ) assert expected == actual @@ -100,9 +98,7 @@ def test_build_monkey_commandline(): example_host = VictimHost(ip_addr="bla") example_host.set_default_server("101010") - expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80" - actual = build_monkey_commandline( - target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla" - ) + expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla" + actual = build_monkey_commandline(target_host=example_host, depth=0, location="/home/bla") assert expected == actual