Agent: Separate dropper path from agent binary path

monkey/infection_monkey/exploit/tools/helpers.py

@@ -3,12 +3,25 @@ import random
 import string
 from pathlib import PurePath, PurePosixPath, PureWindowsPath
 
-from infection_monkey.model import DROPPER_TARGET_PATH_LINUX, DROPPER_TARGET_PATH_WIN64, VictimHost
+from infection_monkey.model import VictimHost
 
 logger = logging.getLogger(__name__)
 
 RAND_SUFFIX_LEN = 8
 
+# Where to upload agent binaries on victims
+AGENT_BINARY_PATH_LINUX = "/tmp/monkey"
+AGENT_BINARY_PATH_WIN64 = r"C:\Windows\temp\monkey64.exe"
+
+
+def get_agent_dest_path(host: VictimHost) -> PurePath:
+    if host.os["type"] == "windows":
+        path = PureWindowsPath(AGENT_BINARY_PATH_WIN64)
+    else:
+        path = PurePosixPath(AGENT_BINARY_PATH_LINUX)
+
+    return _add_random_suffix(path)
+
 
 def get_random_file_suffix() -> str:
     character_set = list(string.ascii_letters + string.digits + "_" + "-")
@@ -17,15 +30,6 @@ def get_random_file_suffix() -> str:
     return random_string
 
 
-def get_agent_dest_path(host: VictimHost) -> PurePath:
-    if host.os["type"] == "windows":
-        path = PureWindowsPath(DROPPER_TARGET_PATH_WIN64)
-    else:
-        path = PurePosixPath(DROPPER_TARGET_PATH_LINUX)
-
-    return _add_random_suffix(path)
-
-
 #  Turns C:\\monkey.exe into C:\\monkey-<random_string>.exe
 #  Useful to avoid duplicate file paths
 def _add_random_suffix(path: PurePath) -> PurePath:

monkey/infection_monkey/exploit/web_rce.py

@@ -12,8 +12,6 @@ from infection_monkey.model import (
     CHMOD_MONKEY,
     DOWNLOAD_TIMEOUT,
     DROPPER_ARG,
-    DROPPER_TARGET_PATH_LINUX,
-    DROPPER_TARGET_PATH_WIN64,
     ID_STRING,
     MONKEY_ARG,
     POWERSHELL_HTTP_UPLOAD,
@@ -24,7 +22,11 @@ from infection_monkey.model import (
 from infection_monkey.network.tools import tcp_port_to_service
 from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
-from infection_monkey.utils.commands import build_monkey_commandline
+from infection_monkey.utils.commands import (
+    DROPPER_TARGET_PATH_LINUX,
+    DROPPER_TARGET_PATH_WIN64,
+    build_monkey_commandline,
+)
 from infection_monkey.utils.threading import interruptible_iter
 
 logger = logging.getLogger(__name__)

monkey/infection_monkey/exploit/wmiexec.py

@@ -10,16 +10,12 @@ from infection_monkey.exploit.tools.helpers import get_agent_dest_path
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
 from infection_monkey.i_puppet import ExploiterResultData
-from infection_monkey.model import (
+from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
-    DROPPER_CMDLINE_WINDOWS,
-    DROPPER_TARGET_PATH_WIN64,
-    MONKEY_CMDLINE_WINDOWS,
-)
 from infection_monkey.utils.brute_force import (
     generate_brute_force_combinations,
     get_credential_string,
 )
-from infection_monkey.utils.commands import build_monkey_commandline
+from infection_monkey.utils.commands import DROPPER_TARGET_PATH_WIN64, build_monkey_commandline
 from infection_monkey.utils.threading import interruptible_iter
 
 logger = logging.getLogger(__name__)

monkey/infection_monkey/model/__init__.py

@@ -5,10 +5,6 @@ MONKEY_ARG = "m0nk3y"
 DROPPER_ARG = "dr0pp3r"
 ID_STRING = "M0NK3Y3XPL0ITABLE"
 
-# Dropper target paths
-DROPPER_TARGET_PATH_LINUX = "/tmp/monkey"
-DROPPER_TARGET_PATH_WIN64 = r"C:\Windows\temp\monkey64.exe"
-
 # Username prefix for users created by Infection Monkey
 USERNAME_PREFIX = "somenewuser"
 

monkey/infection_monkey/utils/commands.py

@@ -1,7 +1,12 @@
 from infection_monkey.config import GUID
+from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_LINUX, AGENT_BINARY_PATH_WIN64
 from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
 from infection_monkey.model.host import VictimHost
 
+# Dropper target paths
+DROPPER_TARGET_PATH_LINUX = AGENT_BINARY_PATH_LINUX
+DROPPER_TARGET_PATH_WIN64 = AGENT_BINARY_PATH_WIN64
+
 
 def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
 

monkey/tests/unit_tests/infection_monkey/exploit/test_powershell.py

@@ -5,8 +5,7 @@ from unittest.mock import MagicMock
 import pytest
 
 from infection_monkey.exploit import powershell
-from infection_monkey.exploit.tools.helpers import RAND_SUFFIX_LEN
+from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_WIN64, RAND_SUFFIX_LEN
-from infection_monkey.model import DROPPER_TARGET_PATH_WIN64
 from infection_monkey.model.host import VictimHost
 
 # Use the path_win32api_get_user_name fixture for all tests in this module
@@ -115,7 +114,7 @@ def test_successful_copy(monkeypatch, powershell_exploiter, powershell_arguments
     exploit_result = powershell_exploiter.exploit_host(**powershell_arguments)
 
     # Check if the copied agent name has randomness of 8 plus dash
-    assert len(str(DROPPER_TARGET_PATH_WIN64)) + RAND_SUFFIX_LEN + 1 == len(
+    assert len(str(AGENT_BINARY_PATH_WIN64)) + RAND_SUFFIX_LEN + 1 == len(
         str(mock_client.return_value.copy_file.call_args[0][1])
     )
     assert exploit_result.exploitation_success

monkey/tests/unit_tests/infection_monkey/exploit/tools/test_helpers.py

@@ -2,8 +2,12 @@ from unittest.mock import Mock
 
 import pytest
 
-from infection_monkey.exploit.tools.helpers import RAND_SUFFIX_LEN, get_agent_dest_path
+from infection_monkey.exploit.tools.helpers import (
-from infection_monkey.model import DROPPER_TARGET_PATH_LINUX, DROPPER_TARGET_PATH_WIN64
+    AGENT_BINARY_PATH_LINUX,
+    AGENT_BINARY_PATH_WIN64,
+    RAND_SUFFIX_LEN,
+    get_agent_dest_path,
+)
 
 
 def _get_host(os):
@@ -13,7 +17,7 @@ def _get_host(os):
 
 
 @pytest.mark.parametrize(
-    "os, path", [("linux", DROPPER_TARGET_PATH_LINUX), ("windows", DROPPER_TARGET_PATH_WIN64)]
+    "os, path", [("linux", AGENT_BINARY_PATH_LINUX), ("windows", AGENT_BINARY_PATH_WIN64)]
 )
 def test_get_agent_dest_path(os, path):
     host = _get_host(os)