forked from p34709852/monkey
commit
5ba1bf1db8
|
@ -4,6 +4,7 @@ import requests
|
|||
|
||||
from common.cloud.environment_names import Environment
|
||||
from common.cloud.instance import CloudInstance
|
||||
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||
|
||||
LATEST_AZURE_METADATA_API_VERSION = "2019-04-30"
|
||||
AZURE_METADATA_SERVICE_URL = "http://169.254.169.254/metadata/instance?api-version=%s" % LATEST_AZURE_METADATA_API_VERSION
|
||||
|
@ -32,7 +33,9 @@ class AzureInstance(CloudInstance):
|
|||
self.on_azure = False
|
||||
|
||||
try:
|
||||
response = requests.get(AZURE_METADATA_SERVICE_URL, headers={"Metadata": "true"})
|
||||
response = requests.get(AZURE_METADATA_SERVICE_URL,
|
||||
headers={"Metadata": "true"},
|
||||
timeout=SHORT_REQUEST_TIMEOUT)
|
||||
self.on_azure = True
|
||||
|
||||
# If not on cloud, the metadata URL is non-routable and the connection will fail.
|
||||
|
|
|
@ -4,6 +4,7 @@ import requests
|
|||
|
||||
from common.cloud.environment_names import Environment
|
||||
from common.cloud.instance import CloudInstance
|
||||
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
@ -26,7 +27,7 @@ class GcpInstance(CloudInstance):
|
|||
|
||||
try:
|
||||
# If not on GCP, this domain shouldn't resolve.
|
||||
response = requests.get(GCP_METADATA_SERVICE_URL)
|
||||
response = requests.get(GCP_METADATA_SERVICE_URL, timeout=SHORT_REQUEST_TIMEOUT)
|
||||
|
||||
if response:
|
||||
logger.debug("Got ok metadata response: on GCP")
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
SHORT_REQUEST_TIMEOUT = 2.5 # Seconds. Use where we expect timeout.
|
||||
MEDIUM_REQUEST_TIMEOUT = 5 # Seconds. Use where we don't expect timeout.
|
||||
LONG_REQUEST_TIMEOUT = 15 # Seconds. Use where we don't expect timeout and operate heavy data.
|
|
@ -9,6 +9,9 @@ from requests.exceptions import ConnectionError
|
|||
|
||||
import infection_monkey.monkeyfs as monkeyfs
|
||||
import infection_monkey.tunnel as tunnel
|
||||
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
|
||||
MEDIUM_REQUEST_TIMEOUT,
|
||||
SHORT_REQUEST_TIMEOUT)
|
||||
from common.data.api_url_consts import T1216_PBA_FILE_DOWNLOAD_PATH
|
||||
from infection_monkey.config import GUID, WormConfiguration
|
||||
from infection_monkey.network.info import check_internet_access, local_ips
|
||||
|
@ -121,7 +124,8 @@ class ControlClient(object):
|
|||
data=json.dumps(monkey),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
except Exception as exc:
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
@ -138,7 +142,8 @@ class ControlClient(object):
|
|||
data=json.dumps(telemetry),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
except Exception as exc:
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
@ -153,7 +158,8 @@ class ControlClient(object):
|
|||
data=json.dumps(telemetry),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
except Exception as exc:
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
WormConfiguration.current_server, exc)
|
||||
|
@ -165,7 +171,8 @@ class ControlClient(object):
|
|||
try:
|
||||
reply = requests.get("https://%s/api/monkey/%s" % (WormConfiguration.current_server, GUID), # noqa: DUO123
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
|
||||
except Exception as exc:
|
||||
LOG.warning("Error connecting to control server %s: %s",
|
||||
|
@ -194,7 +201,8 @@ class ControlClient(object):
|
|||
data=json.dumps({'config_error': True}),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
except Exception as exc:
|
||||
LOG.warning("Error connecting to control server %s: %s", WormConfiguration.current_server, exc)
|
||||
return {}
|
||||
|
@ -255,7 +263,8 @@ class ControlClient(object):
|
|||
download = requests.get("https://%s/api/monkey/download/%s" % # noqa: DUO123
|
||||
(WormConfiguration.current_server, filename),
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
|
||||
with monkeyfs.open(dest_file, 'wb') as file_obj:
|
||||
for chunk in download.iter_content(chunk_size=DOWNLOAD_CHUNK):
|
||||
|
@ -281,7 +290,8 @@ class ControlClient(object):
|
|||
reply = requests.post("https://%s/api/monkey/download" % (WormConfiguration.current_server,), # noqa: DUO123
|
||||
data=json.dumps(host_dict),
|
||||
headers={'content-type': 'application/json'},
|
||||
verify=False, proxies=ControlClient.proxies)
|
||||
verify=False, proxies=ControlClient.proxies,
|
||||
timeout=LONG_REQUEST_TIMEOUT)
|
||||
if 200 == reply.status_code:
|
||||
result_json = reply.json()
|
||||
filename = result_json.get('filename')
|
||||
|
@ -323,7 +333,8 @@ class ControlClient(object):
|
|||
return requests.get(PBA_FILE_DOWNLOAD % # noqa: DUO123
|
||||
(WormConfiguration.current_server, filename),
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies)
|
||||
proxies=ControlClient.proxies,
|
||||
timeout=LONG_REQUEST_TIMEOUT)
|
||||
except requests.exceptions.RequestException:
|
||||
return False
|
||||
|
||||
|
@ -334,7 +345,8 @@ class ControlClient(object):
|
|||
T1216_PBA_FILE_DOWNLOAD_PATH),
|
||||
verify=False,
|
||||
proxies=ControlClient.proxies,
|
||||
stream=True)
|
||||
stream=True,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
except requests.exceptions.RequestException:
|
||||
return False
|
||||
|
||||
|
@ -352,7 +364,7 @@ class ControlClient(object):
|
|||
def can_island_see_port(port):
|
||||
try:
|
||||
url = f"https://{WormConfiguration.current_server}/api/monkey_control/check_remote_port/{port}"
|
||||
response = requests.get(url, verify=False)
|
||||
response = requests.get(url, verify=False, timeout=SHORT_REQUEST_TIMEOUT)
|
||||
response = json.loads(response.content.decode())
|
||||
return response['status'] == "port_visible"
|
||||
except requests.exceptions.RequestException:
|
||||
|
@ -362,4 +374,5 @@ class ControlClient(object):
|
|||
def report_start_on_island():
|
||||
requests.post(f"https://{WormConfiguration.current_server}/api/monkey_control/started_on_island",
|
||||
data=json.dumps({'started_on_island': True}),
|
||||
verify=False)
|
||||
verify=False,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
|
|
|
@ -9,6 +9,8 @@ from urllib.parse import urljoin
|
|||
|
||||
import requests
|
||||
|
||||
from common.common_consts.timeouts import (LONG_REQUEST_TIMEOUT,
|
||||
MEDIUM_REQUEST_TIMEOUT)
|
||||
from common.network.network_utils import remove_port
|
||||
from infection_monkey.exploit.web_rce import WebRCE
|
||||
from infection_monkey.model import ID_STRING
|
||||
|
@ -75,7 +77,8 @@ class DrupalExploiter(WebRCE):
|
|||
response = requests.get(f'{url}?_format=hal_json', # noqa: DUO123
|
||||
json=payload,
|
||||
headers={"Content-Type": "application/hal+json"},
|
||||
verify=False)
|
||||
verify=False,
|
||||
timeout=MEDIUM_REQUEST_TIMEOUT)
|
||||
|
||||
if is_response_cached(response):
|
||||
LOG.info(f'Checking if node {url} is vuln returned cache HIT, ignoring')
|
||||
|
@ -92,7 +95,8 @@ class DrupalExploiter(WebRCE):
|
|||
r = requests.get(f'{url}?_format=hal_json', # noqa: DUO123
|
||||
json=payload,
|
||||
headers={"Content-Type": "application/hal+json"},
|
||||
verify=False)
|
||||
verify=False,
|
||||
timeout=LONG_REQUEST_TIMEOUT)
|
||||
|
||||
if is_response_cached(r):
|
||||
LOG.info(f'Exploiting {url} returned cache HIT, may have failed')
|
||||
|
@ -136,7 +140,9 @@ def find_exploitbale_article_ids(base_url: str, lower: int = 1, upper: int = 100
|
|||
articles = set()
|
||||
while lower < upper:
|
||||
node_url = urljoin(base_url, str(lower))
|
||||
response = requests.get(node_url, verify=False) # noqa: DUO123
|
||||
response = requests.get(node_url,
|
||||
verify=False,
|
||||
timeout=LONG_REQUEST_TIMEOUT) # noqa: DUO123
|
||||
if response.status_code == 200:
|
||||
if is_response_cached(response):
|
||||
LOG.info(f'Found a cached article at: {node_url}, skipping')
|
||||
|
|
|
@ -11,6 +11,7 @@ import string
|
|||
|
||||
import requests
|
||||
|
||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||
from infection_monkey.exploit.tools.helpers import (build_monkey_commandline,
|
||||
get_monkey_depth)
|
||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||
|
@ -59,18 +60,20 @@ class HadoopExploiter(WebRCE):
|
|||
|
||||
def exploit(self, url, command):
|
||||
# Get the newly created application id
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"))
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"),
|
||||
timeout=LONG_REQUEST_TIMEOUT)
|
||||
resp = json.loads(resp.content)
|
||||
app_id = resp['application-id']
|
||||
# Create a random name for our application in YARN
|
||||
rand_name = ID_STRING + "".join([random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)])
|
||||
payload = self.build_payload(app_id, rand_name, command)
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/"), json=payload)
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/"), json=payload, timeout=LONG_REQUEST_TIMEOUT)
|
||||
return resp.status_code == 202
|
||||
|
||||
def check_if_exploitable(self, url):
|
||||
try:
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"))
|
||||
resp = requests.post(posixpath.join(url, "ws/v1/cluster/apps/new-application"),
|
||||
timeout=LONG_REQUEST_TIMEOUT)
|
||||
except requests.ConnectionError:
|
||||
return False
|
||||
return resp.status_code == 200
|
||||
|
|
|
@ -3,14 +3,11 @@ Implementation from https://github.com/SecuraBV/CVE-2020-1472
|
|||
"""
|
||||
|
||||
import logging
|
||||
import subprocess
|
||||
|
||||
import nmb.NetBIOS
|
||||
from impacket.dcerpc.v5 import epm, nrpc, transport
|
||||
|
||||
import infection_monkey.config
|
||||
from infection_monkey.network.HostFinger import HostFinger
|
||||
from infection_monkey.utils.environment import is_windows_os
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ import requests
|
|||
|
||||
import infection_monkey.control
|
||||
import infection_monkey.monkeyfs as monkeyfs
|
||||
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||
from infection_monkey.network.tools import get_interface_to_target
|
||||
from infection_monkey.transport.base import (TransportProxyBase,
|
||||
update_last_serve_time)
|
||||
|
@ -123,7 +124,8 @@ class HTTPConnectProxyHandler(http.server.BaseHTTPRequestHandler):
|
|||
r = requests.post(url=dest_path,
|
||||
data=post_data,
|
||||
verify=False,
|
||||
proxies=infection_monkey.control.ControlClient.proxies)
|
||||
proxies=infection_monkey.control.ControlClient.proxies,
|
||||
timeout=SHORT_REQUEST_TIMEOUT)
|
||||
self.send_response(r.status_code)
|
||||
except requests.exceptions.ConnectionError as e:
|
||||
LOG.error("Couldn't forward request to the island: {}".format(e))
|
||||
|
|
|
@ -7,6 +7,7 @@ import pymongo
|
|||
import requests
|
||||
import urllib3
|
||||
|
||||
from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT
|
||||
from monkey_island.cc.environment import Environment
|
||||
|
||||
# Disable "unverified certificate" warnings when sending requests to island
|
||||
|
@ -32,7 +33,10 @@ class BootloaderHTTPRequestHandler(BaseHTTPRequestHandler):
|
|||
# The island server doesn't always have a correct SSL cert installed
|
||||
# (By default it comes with a self signed one),
|
||||
# that's why we're not verifying the cert in this request.
|
||||
r = requests.post(url=island_server_path, data=post_data, verify=False) # noqa: DUO123
|
||||
r = requests.post(url=island_server_path,
|
||||
data=post_data,
|
||||
verify=False,
|
||||
timeout=SHORT_REQUEST_TIMEOUT) # noqa: DUO123
|
||||
|
||||
try:
|
||||
if r.status_code != 200:
|
||||
|
|
Loading…
Reference in New Issue