Fixed grequsts/gevents monkey patching of socket code, which lead to paramiko being unable to function after a shellshock scan.

2016-09-07 10:16:17 +03:00 · 2016-09-07 10:16:17 +03:00 · ce3eaa9b2e
parent 39eaca300f
commit ce3eaa9b2e
1 changed files with 5 additions and 2 deletions
--- a/chaos_monkey/exploit/shellshock.py
+++ b/chaos_monkey/exploit/shellshock.py
@ -92,7 +92,6 @@ class ShellShockExploiter(HostExploiter):
                    LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
                    return False

-
            # copy the monkey
            dropper_target_path_linux = self._config.dropper_target_path_linux
            if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
@ -193,7 +192,7 @@ class ShellShockExploiter(HostExploiter):
        Checks if which urls exist
        :return: Sequence of URLs to try and attack
        """
-        import grequests
+        import grequests # at this point, it monkey patches half the world and we must stop it
        attack_path = 'http://'
        if is_https:
            attack_path = 'https://'
@ -203,6 +202,10 @@ class ShellShockExploiter(HostExploiter):
        resps = grequests.map(reqs, size=15)
        valid_resps = [resp for resp in resps if resp and resp.status_code == requests.codes.ok]
        urls = [resp.url for resp in valid_resps]
+
+        # revert monkey patch
+        import socket # this is the monkeypatched socket module
+        reload(socket)
        return urls

    @staticmethod