p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent, UT: Remove --vulnerable-port CLI argument

This commit is contained in:
Shreya Malviya 2021-12-03 17:39:37 +05:30 committed by Mike Salvatore
parent 84c6f6ee01
commit db58b0b27d
15 changed files with 12 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/infection_monkey/dropper.py
View File

@ -139,7 +139,6 @@ class MonkeyDrops(object):
server=self.opts.server,
depth=self.opts.depth,
location=None,
vulnerable_port=self.opts.vulnerable_port,
)
if OperatingSystem.Windows == SystemInfoCollector.get_os():

4
monkey/infection_monkey/exploit/hadoop.py
View File

@ -87,9 +87,7 @@ class HadoopExploiter(WebRCE):
def build_command(self, path, http_path):
# Build command to execute
monkey_cmd = build_monkey_commandline(
self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
)
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
if "linux" in self.host.os["type"]:
base_command = HADOOP_LINUX_COMMAND
else:

4
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -147,9 +147,7 @@ class MSSQLExploiter(HostExploiter):
def get_monkey_launch_command(self):
dst_path = get_monkey_dest_path(self.monkey_server.http_path)
# Form monkey's launch command
monkey_args = build_monkey_commandline(
self.host, get_monkey_depth() - 1, MSSQLExploiter.SQL_DEFAULT_TCP_PORT, dst_path
)
monkey_args = build_monkey_commandline(self.host, get_monkey_depth() - 1, dst_path)
suffix = ">>{}".format(self.payload_file_path)
prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
return MSSQLLimitedSizePayload(

1
monkey/infection_monkey/exploit/powershell.py
View File

@ -208,7 +208,6 @@ def build_monkey_execution_command(host: VictimHost, depth: int, executable_path
monkey_params = build_monkey_commandline(
target_host=host,
depth=depth,
vulnerable_port=None,
location=executable_path,
)

1
monkey/infection_monkey/exploit/shellshock.py
View File

@ -164,7 +164,6 @@ class ShellShockExploiter(HostExploiter):
cmdline += build_monkey_commandline(
self.host,
get_monkey_depth() - 1,
HTTPTools.get_port_from_url(url),
dropper_target_path_linux,
)
cmdline += " & "

15
monkey/infection_monkey/exploit/smbexec.py
View File

@ -28,7 +28,6 @@ class SmbExploiter(HostExploiter):
def __init__(self, host):
super(SmbExploiter, self).__init__(host)
self.vulnerable_port = None
def is_os_supported(self):
if super(SmbExploiter, self).is_os_supported():
@ -112,7 +111,6 @@ class SmbExploiter(HostExploiter):
logger.debug("Exploiter SmbExec is giving up...")
return False
self.set_vulnerable_port()
# execute the remote dropper in case the path isn't final
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {
@ -120,15 +118,12 @@ class SmbExploiter(HostExploiter):
} + build_monkey_commandline(
self.host,
get_monkey_depth() - 1,
self.vulnerable_port,
self._config.dropper_target_path_win_32,
)
else:
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {
"monkey_path": remote_full_path
} + build_monkey_commandline(
self.host, get_monkey_depth() - 1, vulnerable_port=self.vulnerable_port
)
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
smb_conn = False
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
@ -198,11 +193,3 @@ class SmbExploiter(HostExploiter):
)
)
return True
def set_vulnerable_port(self):
if "tcp-445" in self.host.services:
self.vulnerable_port = "445"
elif "tcp-139" in self.host.services:
self.vulnerable_port = "139"
else:
self.vulnerable_port = None

4
monkey/infection_monkey/exploit/sshexec.py
View File

@ -197,9 +197,7 @@ class SSHExploiter(HostExploiter):
try:
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
cmdline += build_monkey_commandline(
self.host, get_monkey_depth() - 1, vulnerable_port=SSH_PORT
)
cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
cmdline += " > /dev/null 2>&1 &"
ssh.exec_command(cmdline)

4
monkey/infection_monkey/exploit/tools/http_tools.py
View File

@ -80,10 +80,6 @@ class HTTPTools(object):
httpd,
)
@staticmethod
def get_port_from_url(url: str) -> int:
return urllib.parse.urlparse(url).port
class MonkeyHTTPServer(HTTPTools):
def __init__(self, host):

10
monkey/infection_monkey/exploit/web_rce.py
View File

@ -53,7 +53,6 @@ class WebRCE(HostExploiter):
self.skip_exist = self._config.skip_exploit_if_file_exist
self.vulnerable_urls = []
self.target_url = None
self.vulnerable_port = None
def get_exploit_config(self):
"""
@ -106,7 +105,6 @@ class WebRCE(HostExploiter):
return False
self.target_url = self.get_target_url()
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
# Skip if monkey already exists and this option is given
if (
@ -455,18 +453,14 @@ class WebRCE(HostExploiter):
default_path = self.get_default_dropper_path()
if default_path is False:
return False
monkey_cmd = build_monkey_commandline(
self.host, get_monkey_depth() - 1, self.vulnerable_port, default_path
)
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
command = RUN_MONKEY % {
"monkey_path": path,
"monkey_type": DROPPER_ARG,
"parameters": monkey_cmd,
}
else:
monkey_cmd = build_monkey_commandline(
self.host, get_monkey_depth() - 1, self.vulnerable_port
)
monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
command = RUN_MONKEY % {
"monkey_path": path,
"monkey_type": MONKEY_ARG,

5
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -289,15 +289,12 @@ class Ms08_067_Exploiter(HostExploiter):
} + build_monkey_commandline(
self.host,
get_monkey_depth() - 1,
SRVSVC_Exploit.TELNET_PORT,
self._config.dropper_target_path_win_32,
)
else:
cmdline = MONKEY_CMDLINE_WINDOWS % {
"monkey_path": remote_full_path
} + build_monkey_commandline(
self.host, get_monkey_depth() - 1, vulnerable_port=SRVSVC_Exploit.TELNET_PORT
)
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
try:
sock.send(("start %s\r\n" % (cmdline,)).encode())

6
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -20,7 +20,6 @@ class WmiExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"]
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
VULNERABLE_PORT = 135
def __init__(self, host):
super(WmiExploiter, self).__init__(host)
@ -113,15 +112,12 @@ class WmiExploiter(HostExploiter):
} + build_monkey_commandline(
self.host,
get_monkey_depth() - 1,
WmiExploiter.VULNERABLE_PORT,
self._config.dropper_target_path_win_32,
)
else:
cmdline = MONKEY_CMDLINE_WINDOWS % {
"monkey_path": remote_full_path
} + build_monkey_commandline(
self.host, get_monkey_depth() - 1, WmiExploiter.VULNERABLE_PORT
)
} + build_monkey_commandline(self.host, get_monkey_depth() - 1)
# execute the remote monkey
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(

1
monkey/infection_monkey/exploit/zerologon.py
View File

@ -36,7 +36,6 @@ class ZerologonExploiter(HostExploiter):
def __init__(self, host: object):
super().__init__(host)
self.vulnerable_port = None
self.exploit_info["credentials"] = {}
self.exploit_info["password_restored"] = None
self._extracted_creds = {}

1
monkey/infection_monkey/monkey.py
View File

@ -50,7 +50,6 @@ class InfectionMonkey:
arg_parser.add_argument("-t", "--tunnel")
arg_parser.add_argument("-s", "--server")
arg_parser.add_argument("-d", "--depth", type=int)
arg_parser.add_argument("-vp", "--vulnerable-port")
opts, _ = arg_parser.parse_known_args(args)
InfectionMonkey._log_arguments(opts)
return opts

9
monkey/infection_monkey/utils/commands.py
View File

@ -3,9 +3,7 @@ from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
from infection_monkey.model.host import VictimHost
def build_monkey_commandline(
target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None
) -> str:
def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
return " " + " ".join(
build_monkey_commandline_explicitly(
@ -14,7 +12,6 @@ def build_monkey_commandline(
target_host.default_server,
depth,
location,
vulnerable_port,
)
)
@ -25,7 +22,6 @@ def build_monkey_commandline_explicitly(
server: str = None,
depth: int = None,
location: str = None,
vulnerable_port: str = None,
) -> list:
cmdline = []
@ -46,9 +42,6 @@ def build_monkey_commandline_explicitly(
if location is not None:
cmdline.append("-l")
cmdline.append(str(location))
if vulnerable_port is not None:
cmdline.append("-vp")
cmdline.append(str(vulnerable_port))
return cmdline

10
monkey/tests/unit_tests/infection_monkey/utils/test_commands.py
View File

@ -20,11 +20,9 @@ def test_build_monkey_commandline_explicitly_arguments():
"0",
"-l",
"C:\\windows\\abc",
"-vp",
"80",
]
actual = build_monkey_commandline_explicitly(
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80"
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc"
)
assert expected == actual
@ -100,9 +98,7 @@ def test_build_monkey_commandline():
example_host = VictimHost(ip_addr="bla")
example_host.set_default_server("101010")
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80"
actual = build_monkey_commandline(
target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla"
)
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla"
actual = build_monkey_commandline(target_host=example_host, depth=0, location="/home/bla")
assert expected == actual