p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More python3 outdated decorators and bytes-string mixup fixes

This commit is contained in:
VakarisZ 2019-10-21 17:38:39 +03:00
parent c0f661d337
commit 3d332c7d66
9 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
monkey/common/cloud/aws_instance.py
View File

@ -27,16 +27,17 @@ class AwsInstance(object):
try: try:
self.instance_id = urllib.request.urlopen( self.instance_id = urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read() AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode()
self.region = self._parse_region( self.region = self._parse_region(
urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read()) urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().
decode())
except (urllib.error.URLError, IOError) as e: except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e)) logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e))
try: try:
self.account_id = self._extract_account_id( self.account_id = self._extract_account_id(
urllib.request.urlopen( urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read()) AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read().decode())
except (urllib.error.URLError, IOError) as e: except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e)) logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e))

2
monkey/infection_monkey/exploit/sshexec.py
View File

@ -125,7 +125,7 @@ class SSHExploiter(HostExploiter):
if not self.host.os.get('type'): if not self.host.os.get('type'):
try: try:
_, stdout, _ = ssh.exec_command('uname -o') _, stdout, _ = ssh.exec_command('uname -o')
uname_os = stdout.read().lower().strip() uname_os = stdout.read().lower().strip().decode()
if 'linux' in uname_os: if 'linux' in uname_os:
self.host.os['type'] = 'linux' self.host.os['type'] = 'linux'
else: else:

5
monkey/infection_monkey/exploit/struts2.py
View File

@ -79,9 +79,6 @@ class Struts2Exploiter(WebRCE):
"(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \ "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \
"(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \ "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \
"(#ros.flush())}" % cmd "(#ros.flush())}" % cmd
# Turns payload ascii just for consistency
if isinstance(payload, str):
payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore')
headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload} headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
try: try:
request = urllib.request.Request(url, headers=headers) request = urllib.request.Request(url, headers=headers)
@ -91,6 +88,6 @@ class Struts2Exploiter(WebRCE):
# If url does not exist # If url does not exist
return False return False
except http.client.IncompleteRead as e: except http.client.IncompleteRead as e:
page = e.partial page = e.partial.decode()
return page return page

1
monkey/infection_monkey/monkey.spec
View File

@ -38,6 +38,7 @@ def main():
debug=False, debug=False,
strip=get_exe_strip(), strip=get_exe_strip(),
upx=True, upx=True,
upx_exclude=['vcruntime140.dll'],
console=True, console=True,
icon=get_exe_icon()) icon=get_exe_icon())

2
monkey/infection_monkey/network/tools.py
View File

@ -71,7 +71,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
if get_banner: if get_banner:
read_ready, _, _ = select.select([sock], [], [], timeout) read_ready, _, _ = select.select([sock], [], [], timeout)
if len(read_ready) > 0: if len(read_ready) > 0:
banner = sock.recv(BANNER_READ) banner = sock.recv(BANNER_READ).decode()
except socket.error: except socket.error:
pass pass

2
monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
View File

@ -38,7 +38,7 @@ class CommunicateAsNewUser(PBA):
exit_status = new_user.run_as(ping_commandline) exit_status = new_user.run_as(ping_commandline)
self.send_ping_result_telemetry(exit_status, ping_commandline, username) self.send_ping_result_telemetry(exit_status, ping_commandline, username)
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
PostBreachTelem(self, (e.output, False)).send() PostBreachTelem(self, (e.output.decode(), False)).send()
except NewUserError as e: except NewUserError as e:
PostBreachTelem(self, (str(e), False)).send() PostBreachTelem(self, (str(e), False)).send()

5
monkey/infection_monkey/post_breach/pba.py
View File

@ -14,6 +14,7 @@ __author__ = 'VakarisZ'
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)" EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class PBA(object): class PBA(object):
""" """
Post breach action object. Can be extended to support more than command execution on target machine. Post breach action object. Can be extended to support more than command execution on target machine.
@ -75,13 +76,13 @@ class PBA(object):
:return: Tuple of command's output string and boolean, indicating if it succeeded :return: Tuple of command's output string and boolean, indicating if it succeeded
""" """
try: try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True) output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
if not output: if not output:
output = EXECUTION_WITHOUT_OUTPUT output = EXECUTION_WITHOUT_OUTPUT
return output, True return output, True
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
# Return error output of the command # Return error output of the command
return e.output, False return e.output.decode(), False
@staticmethod @staticmethod
def choose_command(linux_cmd, windows_cmd): def choose_command(linux_cmd, windows_cmd):

4
monkey/monkey_island/cc/resources/remote_run.py
View File

@ -34,10 +34,10 @@ class RemoteRun(flask_restful.Resource):
try: try:
resp['instances'] = AwsService.get_instances() resp['instances'] = AwsService.get_instances()
except NoCredentialsError as e: except NoCredentialsError as e:
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message) resp['error'] = NO_CREDS_ERROR_FORMAT.format(e)
return jsonify(resp) return jsonify(resp)
except ClientError as e: except ClientError as e:
resp['error'] = CLIENT_ERROR_FORMAT.format(e.message) resp['error'] = CLIENT_ERROR_FORMAT.format(e)
return jsonify(resp) return jsonify(resp)
return jsonify(resp) return jsonify(resp)

12
monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
View File

@ -12,28 +12,32 @@ logger = logging.getLogger(__name__)
class AttackTechnique(object, metaclass=abc.ABCMeta): class AttackTechnique(object, metaclass=abc.ABCMeta):
""" Abstract class for ATT&CK report components """ """ Abstract class for ATT&CK report components """
@abc.abstractproperty @property
@abc.abstractmethod
def unscanned_msg(self): def unscanned_msg(self):
""" """
:return: Message that will be displayed in case attack technique was not scanned. :return: Message that will be displayed in case attack technique was not scanned.
""" """
pass pass
@abc.abstractproperty @property
@abc.abstractmethod
def scanned_msg(self): def scanned_msg(self):
""" """
:return: Message that will be displayed in case attack technique was scanned. :return: Message that will be displayed in case attack technique was scanned.
""" """
pass pass
@abc.abstractproperty @property
@abc.abstractmethod
def used_msg(self): def used_msg(self):
""" """
:return: Message that will be displayed in case attack technique was used by the scanner. :return: Message that will be displayed in case attack technique was used by the scanner.
""" """
pass pass
@abc.abstractproperty @property
@abc.abstractmethod
def tech_id(self): def tech_id(self):
""" """
:return: Message that will be displayed in case of attack technique not being scanned. :return: Message that will be displayed in case of attack technique not being scanned.