From 3d332c7d6608e247898df8672e212fdf53c9b37c Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Mon, 21 Oct 2019 17:38:39 +0300 Subject: [PATCH] More python3 outdated decorators and bytes-string mixup fixes --- monkey/common/cloud/aws_instance.py | 7 ++++--- monkey/infection_monkey/exploit/sshexec.py | 2 +- monkey/infection_monkey/exploit/struts2.py | 5 +---- monkey/infection_monkey/monkey.spec | 1 + monkey/infection_monkey/network/tools.py | 2 +- .../post_breach/actions/communicate_as_new_user.py | 2 +- monkey/infection_monkey/post_breach/pba.py | 5 +++-- monkey/monkey_island/cc/resources/remote_run.py | 4 ++-- .../cc/services/attack/technique_reports/__init__.py | 12 ++++++++---- 9 files changed, 22 insertions(+), 18 deletions(-) diff --git a/monkey/common/cloud/aws_instance.py b/monkey/common/cloud/aws_instance.py index 6b13b69bb..ac4fe633e 100644 --- a/monkey/common/cloud/aws_instance.py +++ b/monkey/common/cloud/aws_instance.py @@ -27,16 +27,17 @@ class AwsInstance(object): try: self.instance_id = urllib.request.urlopen( - AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read() + AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode() self.region = self._parse_region( - urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read()) + urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read(). + decode()) except (urllib.error.URLError, IOError) as e: logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e)) try: self.account_id = self._extract_account_id( urllib.request.urlopen( - AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read()) + AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read().decode()) except (urllib.error.URLError, IOError) as e: logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e)) diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index f7abd3ce0..ce2e0d13c 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -125,7 +125,7 @@ class SSHExploiter(HostExploiter): if not self.host.os.get('type'): try: _, stdout, _ = ssh.exec_command('uname -o') - uname_os = stdout.read().lower().strip() + uname_os = stdout.read().lower().strip().decode() if 'linux' in uname_os: self.host.os['type'] = 'linux' else: diff --git a/monkey/infection_monkey/exploit/struts2.py b/monkey/infection_monkey/exploit/struts2.py index 4be2d0acd..fc2fd764d 100644 --- a/monkey/infection_monkey/exploit/struts2.py +++ b/monkey/infection_monkey/exploit/struts2.py @@ -79,9 +79,6 @@ class Struts2Exploiter(WebRCE): "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \ "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \ "(#ros.flush())}" % cmd - # Turns payload ascii just for consistency - if isinstance(payload, str): - payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore') headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload} try: request = urllib.request.Request(url, headers=headers) @@ -91,6 +88,6 @@ class Struts2Exploiter(WebRCE): # If url does not exist return False except http.client.IncompleteRead as e: - page = e.partial + page = e.partial.decode() return page diff --git a/monkey/infection_monkey/monkey.spec b/monkey/infection_monkey/monkey.spec index d29adddb1..0ada7f403 100644 --- a/monkey/infection_monkey/monkey.spec +++ b/monkey/infection_monkey/monkey.spec @@ -38,6 +38,7 @@ def main(): debug=False, strip=get_exe_strip(), upx=True, + upx_exclude=['vcruntime140.dll'], console=True, icon=get_exe_icon()) diff --git a/monkey/infection_monkey/network/tools.py b/monkey/infection_monkey/network/tools.py index 075babb60..0cac7b627 100644 --- a/monkey/infection_monkey/network/tools.py +++ b/monkey/infection_monkey/network/tools.py @@ -71,7 +71,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False): if get_banner: read_ready, _, _ = select.select([sock], [], [], timeout) if len(read_ready) > 0: - banner = sock.recv(BANNER_READ) + banner = sock.recv(BANNER_READ).decode() except socket.error: pass diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index 94241e30a..2a1a79b91 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -38,7 +38,7 @@ class CommunicateAsNewUser(PBA): exit_status = new_user.run_as(ping_commandline) self.send_ping_result_telemetry(exit_status, ping_commandline, username) except subprocess.CalledProcessError as e: - PostBreachTelem(self, (e.output, False)).send() + PostBreachTelem(self, (e.output.decode(), False)).send() except NewUserError as e: PostBreachTelem(self, (str(e), False)).send() diff --git a/monkey/infection_monkey/post_breach/pba.py b/monkey/infection_monkey/post_breach/pba.py index 8d7723df2..73b8a3221 100644 --- a/monkey/infection_monkey/post_breach/pba.py +++ b/monkey/infection_monkey/post_breach/pba.py @@ -14,6 +14,7 @@ __author__ = 'VakarisZ' EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)" + class PBA(object): """ Post breach action object. Can be extended to support more than command execution on target machine. @@ -75,13 +76,13 @@ class PBA(object): :return: Tuple of command's output string and boolean, indicating if it succeeded """ try: - output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True) + output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode() if not output: output = EXECUTION_WITHOUT_OUTPUT return output, True except subprocess.CalledProcessError as e: # Return error output of the command - return e.output, False + return e.output.decode(), False @staticmethod def choose_command(linux_cmd, windows_cmd): diff --git a/monkey/monkey_island/cc/resources/remote_run.py b/monkey/monkey_island/cc/resources/remote_run.py index 675c292c1..c41699add 100644 --- a/monkey/monkey_island/cc/resources/remote_run.py +++ b/monkey/monkey_island/cc/resources/remote_run.py @@ -34,10 +34,10 @@ class RemoteRun(flask_restful.Resource): try: resp['instances'] = AwsService.get_instances() except NoCredentialsError as e: - resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message) + resp['error'] = NO_CREDS_ERROR_FORMAT.format(e) return jsonify(resp) except ClientError as e: - resp['error'] = CLIENT_ERROR_FORMAT.format(e.message) + resp['error'] = CLIENT_ERROR_FORMAT.format(e) return jsonify(resp) return jsonify(resp) diff --git a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py index b5f100bd1..b9a2fd795 100644 --- a/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py +++ b/monkey/monkey_island/cc/services/attack/technique_reports/__init__.py @@ -12,28 +12,32 @@ logger = logging.getLogger(__name__) class AttackTechnique(object, metaclass=abc.ABCMeta): """ Abstract class for ATT&CK report components """ - @abc.abstractproperty + @property + @abc.abstractmethod def unscanned_msg(self): """ :return: Message that will be displayed in case attack technique was not scanned. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def scanned_msg(self): """ :return: Message that will be displayed in case attack technique was scanned. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def used_msg(self): """ :return: Message that will be displayed in case attack technique was used by the scanner. """ pass - @abc.abstractproperty + @property + @abc.abstractmethod def tech_id(self): """ :return: Message that will be displayed in case of attack technique not being scanned.