forked from p34709852/monkey
Agent: Separate dropper path from agent binary path
This commit is contained in:
parent
f7c2e903b8
commit
711cab5f38
|
@ -3,12 +3,25 @@ import random
|
|||
import string
|
||||
from pathlib import PurePath, PurePosixPath, PureWindowsPath
|
||||
|
||||
from infection_monkey.model import DROPPER_TARGET_PATH_LINUX, DROPPER_TARGET_PATH_WIN64, VictimHost
|
||||
from infection_monkey.model import VictimHost
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
RAND_SUFFIX_LEN = 8
|
||||
|
||||
# Where to upload agent binaries on victims
|
||||
AGENT_BINARY_PATH_LINUX = "/tmp/monkey"
|
||||
AGENT_BINARY_PATH_WIN64 = r"C:\Windows\temp\monkey64.exe"
|
||||
|
||||
|
||||
def get_agent_dest_path(host: VictimHost) -> PurePath:
|
||||
if host.os["type"] == "windows":
|
||||
path = PureWindowsPath(AGENT_BINARY_PATH_WIN64)
|
||||
else:
|
||||
path = PurePosixPath(AGENT_BINARY_PATH_LINUX)
|
||||
|
||||
return _add_random_suffix(path)
|
||||
|
||||
|
||||
def get_random_file_suffix() -> str:
|
||||
character_set = list(string.ascii_letters + string.digits + "_" + "-")
|
||||
|
@ -17,15 +30,6 @@ def get_random_file_suffix() -> str:
|
|||
return random_string
|
||||
|
||||
|
||||
def get_agent_dest_path(host: VictimHost) -> PurePath:
|
||||
if host.os["type"] == "windows":
|
||||
path = PureWindowsPath(DROPPER_TARGET_PATH_WIN64)
|
||||
else:
|
||||
path = PurePosixPath(DROPPER_TARGET_PATH_LINUX)
|
||||
|
||||
return _add_random_suffix(path)
|
||||
|
||||
|
||||
# Turns C:\\monkey.exe into C:\\monkey-<random_string>.exe
|
||||
# Useful to avoid duplicate file paths
|
||||
def _add_random_suffix(path: PurePath) -> PurePath:
|
||||
|
|
|
@ -12,8 +12,6 @@ from infection_monkey.model import (
|
|||
CHMOD_MONKEY,
|
||||
DOWNLOAD_TIMEOUT,
|
||||
DROPPER_ARG,
|
||||
DROPPER_TARGET_PATH_LINUX,
|
||||
DROPPER_TARGET_PATH_WIN64,
|
||||
ID_STRING,
|
||||
MONKEY_ARG,
|
||||
POWERSHELL_HTTP_UPLOAD,
|
||||
|
@ -24,7 +22,11 @@ from infection_monkey.model import (
|
|||
from infection_monkey.network.tools import tcp_port_to_service
|
||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||
from infection_monkey.utils.commands import build_monkey_commandline
|
||||
from infection_monkey.utils.commands import (
|
||||
DROPPER_TARGET_PATH_LINUX,
|
||||
DROPPER_TARGET_PATH_WIN64,
|
||||
build_monkey_commandline,
|
||||
)
|
||||
from infection_monkey.utils.threading import interruptible_iter
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
|
@ -10,16 +10,12 @@ from infection_monkey.exploit.tools.helpers import get_agent_dest_path
|
|||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
||||
from infection_monkey.i_puppet import ExploiterResultData
|
||||
from infection_monkey.model import (
|
||||
DROPPER_CMDLINE_WINDOWS,
|
||||
DROPPER_TARGET_PATH_WIN64,
|
||||
MONKEY_CMDLINE_WINDOWS,
|
||||
)
|
||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||
from infection_monkey.utils.brute_force import (
|
||||
generate_brute_force_combinations,
|
||||
get_credential_string,
|
||||
)
|
||||
from infection_monkey.utils.commands import build_monkey_commandline
|
||||
from infection_monkey.utils.commands import DROPPER_TARGET_PATH_WIN64, build_monkey_commandline
|
||||
from infection_monkey.utils.threading import interruptible_iter
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
|
|
@ -5,10 +5,6 @@ MONKEY_ARG = "m0nk3y"
|
|||
DROPPER_ARG = "dr0pp3r"
|
||||
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
||||
|
||||
# Dropper target paths
|
||||
DROPPER_TARGET_PATH_LINUX = "/tmp/monkey"
|
||||
DROPPER_TARGET_PATH_WIN64 = r"C:\Windows\temp\monkey64.exe"
|
||||
|
||||
# Username prefix for users created by Infection Monkey
|
||||
USERNAME_PREFIX = "somenewuser"
|
||||
|
||||
|
|
|
@ -1,7 +1,12 @@
|
|||
from infection_monkey.config import GUID
|
||||
from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_LINUX, AGENT_BINARY_PATH_WIN64
|
||||
from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
|
||||
from infection_monkey.model.host import VictimHost
|
||||
|
||||
# Dropper target paths
|
||||
DROPPER_TARGET_PATH_LINUX = AGENT_BINARY_PATH_LINUX
|
||||
DROPPER_TARGET_PATH_WIN64 = AGENT_BINARY_PATH_WIN64
|
||||
|
||||
|
||||
def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
|
||||
|
||||
|
|
|
@ -5,8 +5,7 @@ from unittest.mock import MagicMock
|
|||
import pytest
|
||||
|
||||
from infection_monkey.exploit import powershell
|
||||
from infection_monkey.exploit.tools.helpers import RAND_SUFFIX_LEN
|
||||
from infection_monkey.model import DROPPER_TARGET_PATH_WIN64
|
||||
from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_WIN64, RAND_SUFFIX_LEN
|
||||
from infection_monkey.model.host import VictimHost
|
||||
|
||||
# Use the path_win32api_get_user_name fixture for all tests in this module
|
||||
|
@ -115,7 +114,7 @@ def test_successful_copy(monkeypatch, powershell_exploiter, powershell_arguments
|
|||
exploit_result = powershell_exploiter.exploit_host(**powershell_arguments)
|
||||
|
||||
# Check if the copied agent name has randomness of 8 plus dash
|
||||
assert len(str(DROPPER_TARGET_PATH_WIN64)) + RAND_SUFFIX_LEN + 1 == len(
|
||||
assert len(str(AGENT_BINARY_PATH_WIN64)) + RAND_SUFFIX_LEN + 1 == len(
|
||||
str(mock_client.return_value.copy_file.call_args[0][1])
|
||||
)
|
||||
assert exploit_result.exploitation_success
|
||||
|
|
|
@ -2,8 +2,12 @@ from unittest.mock import Mock
|
|||
|
||||
import pytest
|
||||
|
||||
from infection_monkey.exploit.tools.helpers import RAND_SUFFIX_LEN, get_agent_dest_path
|
||||
from infection_monkey.model import DROPPER_TARGET_PATH_LINUX, DROPPER_TARGET_PATH_WIN64
|
||||
from infection_monkey.exploit.tools.helpers import (
|
||||
AGENT_BINARY_PATH_LINUX,
|
||||
AGENT_BINARY_PATH_WIN64,
|
||||
RAND_SUFFIX_LEN,
|
||||
get_agent_dest_path,
|
||||
)
|
||||
|
||||
|
||||
def _get_host(os):
|
||||
|
@ -13,7 +17,7 @@ def _get_host(os):
|
|||
|
||||
|
||||
@pytest.mark.parametrize(
|
||||
"os, path", [("linux", DROPPER_TARGET_PATH_LINUX), ("windows", DROPPER_TARGET_PATH_WIN64)]
|
||||
"os, path", [("linux", AGENT_BINARY_PATH_LINUX), ("windows", AGENT_BINARY_PATH_WIN64)]
|
||||
)
|
||||
def test_get_agent_dest_path(os, path):
|
||||
host = _get_host(os)
|
||||
|
|
Loading…
Reference in New Issue