From e6f4c74b79e092b84ff410db6fad0bff0bd4497e Mon Sep 17 00:00:00 2001 From: Shreya Malviya Date: Mon, 21 Feb 2022 16:45:17 +0530 Subject: [PATCH] Agent: Remove `skip_exploit_if_file_exist` option --- monkey/infection_monkey/config.py | 6 --- monkey/infection_monkey/example.conf | 1 - monkey/infection_monkey/exploit/shellshock.py | 9 ----- monkey/infection_monkey/exploit/sshexec.py | 14 ------- .../exploit/tools/smb_tools.py | 18 --------- monkey/infection_monkey/exploit/web_rce.py | 40 ------------------- 6 files changed, 88 deletions(-) diff --git a/monkey/infection_monkey/config.py b/monkey/infection_monkey/config.py index fca494e36..be56985e3 100644 --- a/monkey/infection_monkey/config.py +++ b/monkey/infection_monkey/config.py @@ -140,12 +140,6 @@ class Configuration(object): # Ping Scanner ping_scan_timeout = 1000 - ########################### - # exploiters config - ########################### - - skip_exploit_if_file_exist = False - ########################### # ransomware config ########################### diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 2133be9e3..a0bf5f414 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -47,7 +47,6 @@ "smb_download_timeout": 300, "smb_service_name": "InfectionMonkey", "self_delete_in_cleanup": true, - "skip_exploit_if_file_exist": false, "exploit_user_list": [], "exploit_password_list": [], "exploit_lm_hash_list": [], diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index 2f1284201..f76739e1d 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -36,7 +36,6 @@ class ShellShockExploiter(HostExploiter): self.success_flag = "".join( safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20) ) - self.skip_exist = self._config.skip_exploit_if_file_exist def _exploit_host(self): # start by picking ports @@ -108,14 +107,6 @@ class ShellShockExploiter(HostExploiter): # copy the monkey dropper_target_path_linux = self._config.dropper_target_path_linux - if self.skip_exist and ( - self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux) - ): - logger.info( - "Host %s was already infected under the current configuration, " - "done" % self.host - ) - return True # return already infected src_path = get_target_monkey(self.host) if not src_path: diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index 0af7f7174..a989ea66c 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -29,7 +29,6 @@ class SSHExploiter(HostExploiter): def __init__(self, host): super(SSHExploiter, self).__init__(host) self._update_timestamp = 0 - self.skip_exist = self._config.skip_exploit_if_file_exist def log_transfer(self, transferred, total): # TODO: Replace with infection_monkey.utils.timer.Timer @@ -147,19 +146,6 @@ class SSHExploiter(HostExploiter): "Error running uname machine command on victim %r: (%s)", self.host, exc ) - if self.skip_exist: - _, stdout, stderr = ssh.exec_command( - "head -c 1 %s" % self._config.dropper_target_path_linux - ) - stdout_res = stdout.read().strip() - if stdout_res: - # file exists - logger.info( - "Host %s was already infected under the current configuration, " - "done" % self.host - ) - return True # return already infected - src_path = get_target_monkey(self.host) if not src_path: diff --git a/monkey/infection_monkey/exploit/tools/smb_tools.py b/monkey/infection_monkey/exploit/tools/smb_tools.py index d9ca57108..362c1b083 100644 --- a/monkey/infection_monkey/exploit/tools/smb_tools.py +++ b/monkey/infection_monkey/exploit/tools/smb_tools.py @@ -6,7 +6,6 @@ from impacket.dcerpc.v5 import srvs, transport from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21 from impacket.smbconnection import SMB_DIALECT, SMBConnection -import infection_monkey.config import infection_monkey.monkeyfs as monkeyfs from common.utils.attack_utils import ScanStatus from infection_monkey.config import Configuration @@ -22,8 +21,6 @@ class SmbTools(object): host, src_path, dst_path, username, password, lm_hash="", ntlm_hash="", timeout=60 ): assert monkeyfs.isfile(src_path), "Source file to copy (%s) is missing" % (src_path,) - config = infection_monkey.config.WormConfiguration - src_file_size = monkeyfs.getsize(src_path) smb, dialect = SmbTools.new_smb_connection( host, username, password, lm_hash, ntlm_hash, timeout @@ -140,21 +137,6 @@ class SmbTools(object): remote_full_path = ntpath.join(share_path, remote_path.strip(ntpath.sep)) - # check if file is found on destination - if config.skip_exploit_if_file_exist: - try: - file_info = smb.listPath(share_name, remote_path) - if file_info: - if src_file_size == file_info[0].get_filesize(): - logger.debug("Remote monkey file is same as source, skipping copy") - return remote_full_path - - logger.debug( - "Remote monkey file is found but different, moving along with " "attack" - ) - except Exception: - pass # file isn't found on remote victim, moving on - try: with monkeyfs.open(src_path, "rb") as source_file: # make sure of the timeout diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index a66e22ba7..5c315e61d 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -31,7 +31,6 @@ from infection_monkey.utils.commands import build_monkey_commandline logger = logging.getLogger(__name__) # Command used to check if monkeys already exists -LOOK_FOR_FILE = "ls %s" POWERSHELL_NOT_FOUND = "powershell is not recognized" @@ -52,7 +51,6 @@ class WebRCE(HostExploiter): "win64": self._config.dropper_target_path_win_64, } self.HTTP = [str(port) for port in self._config.HTTP_PORTS] - self.skip_exist = self._config.skip_exploit_if_file_exist self.vulnerable_urls = [] self.target_url = None @@ -110,17 +108,6 @@ class WebRCE(HostExploiter): self.target_url = self.get_target_url() - # Skip if monkey already exists and this option is given - if ( - not exploit_config["blind_exploit"] - and self.skip_exist - and self.check_remote_files(self.target_url) - ): - logger.info( - "Host %s was already infected under the current configuration, done" % self.host - ) - return True - # Check for targets architecture (if it's 32 or 64 bit) if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()): return False @@ -299,33 +286,6 @@ class WebRCE(HostExploiter): else: return False - def check_remote_monkey_file(self, url, path): - command = LOOK_FOR_FILE % path - resp = self.exploit(url, command) - if "No such file" in resp: - return False - else: - logger.info( - "Host %s was already infected under the current configuration, done" - % str(self.host) - ) - return True - - def check_remote_files(self, url): - """ - :param url: Url for exploiter to use - :return: True if at least one file is found, False otherwise - """ - paths = [] - if "linux" in self.host.os["type"]: - paths.append(self.monkey_target_paths["linux"]) - else: - paths.extend([self.monkey_target_paths["win32"], self.monkey_target_paths["win64"]]) - for path in paths: - if self.check_remote_monkey_file(url, path): - return True - return False - # Wrapped functions: def get_ports_w(self, ports, names): """