From c5506f98e84089f62b0f0cc2aaea429c6869debb Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Tue, 4 Oct 2022 13:25:23 +0200 Subject: [PATCH 01/15] Agent: Publish Propagation and Exploitation events from Log4Shell --- monkey/infection_monkey/exploit/log4shell.py | 30 ++++++++++++++++---- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 399a2706e..e77bbce62 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -39,6 +39,10 @@ class Log4ShellExploiter(WebRCE): if not self._open_ports: logger.info("Could not find any open web ports to exploit") + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=False, + ) return self.exploit_result self._configure_servers() @@ -115,7 +119,9 @@ class Log4ShellExploiter(WebRCE): def _build_command(self, path: PurePath, http_path) -> str: # Build command to execute - monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1, location=path) + monkey_cmd = build_monkey_commandline( + self.servers, self.current_depth + 1, location=str(path) + ) if self.host.is_windows(): base_command = LOG4SHELL_WINDOWS_COMMAND else: @@ -147,10 +153,16 @@ class Log4ShellExploiter(WebRCE): ) try: url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) - except Exception as ex: - logger.warning( - "An error occurred while attempting to exploit log4shell on a " - f"potential {exploit.service_name} service: {ex}" + except Exception as err: + error_message = "An error occurred while attempting to exploit log4shell on a " + f"potential {exploit.service_name} service: {err}" + + logger.warning(error_message) + + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=False, + error_message=error_message, ) if self._wait_for_victim(): @@ -173,6 +185,10 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._exploit_class_http_server.exploit_class_downloaded(): + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=True, + ) self.exploit_result.exploitation_success = True return True @@ -187,6 +203,10 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._agent_http_server_thread.downloads > 0: + self._publish_propagation_event( + target=self.host.ip_addr, + propagation_success=True, + ) self.exploit_result.propagation_success = True break From ef4a465515e062f9383ea0373c2b236e79da99f4 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Tue, 4 Oct 2022 16:24:03 +0200 Subject: [PATCH 02/15] Agent: Add tags to exploitation and propagation events in Log4Shell --- monkey/infection_monkey/exploit/log4shell.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index e77bbce62..cd273810c 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -4,6 +4,7 @@ from pathlib import PurePath from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT +from common.tags import T1203_ATTACK_TECHINQUE_TAG from common.utils import Timer from infection_monkey.exploit.log4shell_utils import ( LINUX_EXPLOIT_TEMPLATE_PATH, @@ -26,6 +27,8 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) +LOG4SHELL_EXPLOITER_TAG = "log4shel-exploiter" + class Log4ShellExploiter(WebRCE): _EXPLOITED_SERVICE = "Log4j" @@ -163,6 +166,7 @@ class Log4ShellExploiter(WebRCE): target=self.host.ip_addr, exploitation_success=False, error_message=error_message, + tags=(LOG4SHELL_EXPLOITER_TAG,), ) if self._wait_for_victim(): @@ -188,6 +192,7 @@ class Log4ShellExploiter(WebRCE): self._publish_exploitation_event( target=self.host.ip_addr, exploitation_success=True, + tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG), ) self.exploit_result.exploitation_success = True return True @@ -206,6 +211,7 @@ class Log4ShellExploiter(WebRCE): self._publish_propagation_event( target=self.host.ip_addr, propagation_success=True, + tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG), ) self.exploit_result.propagation_success = True break From c5d5418af47ff9ca309b46d28c8f12635490d81a Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Tue, 4 Oct 2022 16:38:26 +0200 Subject: [PATCH 03/15] Agent: Fix typo in t1203 attack technique in Log4Shell --- monkey/infection_monkey/exploit/log4shell.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index cd273810c..d47553d0d 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -4,7 +4,7 @@ from pathlib import PurePath from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT -from common.tags import T1203_ATTACK_TECHINQUE_TAG +from common.tags import T1203_ATTACK_TECHNIQUE_TAG from common.utils import Timer from infection_monkey.exploit.log4shell_utils import ( LINUX_EXPLOIT_TEMPLATE_PATH, @@ -192,7 +192,7 @@ class Log4ShellExploiter(WebRCE): self._publish_exploitation_event( target=self.host.ip_addr, exploitation_success=True, - tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG), + tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), ) self.exploit_result.exploitation_success = True return True @@ -211,7 +211,7 @@ class Log4ShellExploiter(WebRCE): self._publish_propagation_event( target=self.host.ip_addr, propagation_success=True, - tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG), + tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), ) self.exploit_result.propagation_success = True break From 0c4b90beb5599ba71609569cf470bf68f1dc681d Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 12:23:00 +0000 Subject: [PATCH 04/15] Agent: Fix typo --- monkey/infection_monkey/exploit/log4shell.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index d47553d0d..daed11652 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -27,7 +27,7 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) -LOG4SHELL_EXPLOITER_TAG = "log4shel-exploiter" +LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" class Log4ShellExploiter(WebRCE): From ac69064dece1ff0a1af4c5d4d6b742de618b329c Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 12:31:19 +0000 Subject: [PATCH 05/15] Agent: Send failed exploitation event --- monkey/infection_monkey/exploit/log4shell.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index daed11652..1a3dc9d61 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -199,7 +199,14 @@ class Log4ShellExploiter(WebRCE): time.sleep(1) - logger.debug("Timed out while waiting for victim to download the java bytecode") + error_message = "Timed out while waiting for victim to download the java bytecode" + logger.debug(error_message) + self._publish_exploitation_event( + target=self.host.ip_addr, + exploitation_success=False, + error_message=error_message, + tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), + ) return False def _wait_for_victim_to_download_agent(self): From 48e6e95271be5504896af709e03de1ce55833755 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 12:48:16 +0000 Subject: [PATCH 06/15] Agent: Update propagation tags for log4shell --- monkey/infection_monkey/exploit/log4shell.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 1a3dc9d61..9b4aec6f5 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -4,7 +4,7 @@ from pathlib import PurePath from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT -from common.tags import T1203_ATTACK_TECHNIQUE_TAG +from common.tags import T1105_ATTACK_TECHNIQUE_TAG, T1203_ATTACK_TECHNIQUE_TAG from common.utils import Timer from infection_monkey.exploit.log4shell_utils import ( LINUX_EXPLOIT_TEMPLATE_PATH, @@ -28,6 +28,7 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" +PROPAGATION_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG) class Log4ShellExploiter(WebRCE): @@ -218,7 +219,7 @@ class Log4ShellExploiter(WebRCE): self._publish_propagation_event( target=self.host.ip_addr, propagation_success=True, - tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), + tags=PROPAGATION_TAGS, ) self.exploit_result.propagation_success = True break From 016bf5c795e3e00c9a711abd20348d41ee9d4c67 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 19:55:56 +0000 Subject: [PATCH 07/15] Agent: Stamp times before the exploit runs --- monkey/infection_monkey/exploit/log4shell.py | 54 ++++++++------------ 1 file changed, 21 insertions(+), 33 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 9b4aec6f5..c5bee65a8 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -1,6 +1,7 @@ import logging import time from pathlib import PurePath +from typing import Tuple from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT @@ -28,7 +29,6 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" -PROPAGATION_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG) class Log4ShellExploiter(WebRCE): @@ -36,6 +36,12 @@ class Log4ShellExploiter(WebRCE): SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT + def _exploiter_tags(self) -> Tuple[str, ...]: + return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG) + + def _propagation_tags(self) -> Tuple[str, ...]: + return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG) + def _exploit_host(self) -> ExploiterResultData: self._open_ports = [ int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"]) @@ -43,10 +49,6 @@ class Log4ShellExploiter(WebRCE): if not self._open_ports: logger.info("Could not find any open web ports to exploit") - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=False, - ) return self.exploit_result self._configure_servers() @@ -156,31 +158,34 @@ class Log4ShellExploiter(WebRCE): f"on port {port}" ) try: + timestamp = time.time() url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) except Exception as err: - error_message = "An error occurred while attempting to exploit log4shell on a " - f"potential {exploit.service_name} service: {err}" + error_message = ( + "An error occurred while attempting to exploit log4shell on a " + f"potential {exploit.service_name} service: {err}" + ) logger.warning(error_message) - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=False, - error_message=error_message, - tags=(LOG4SHELL_EXPLOITER_TAG,), - ) + self._publish_exploitation_event(timestamp, False, error_message=error_message) - if self._wait_for_victim(): + if self._wait_for_victim(timestamp): self.exploit_info["vulnerable_service"] = { "service_name": exploit.service_name, "port": port, } self.exploit_info["vulnerable_urls"].append(url) - def _wait_for_victim(self) -> bool: + def _wait_for_victim(self, timestamp: float) -> bool: victim_called_back = self._wait_for_victim_to_download_java_bytecode() if victim_called_back: + self._publish_exploitation_event(timestamp, True) self._wait_for_victim_to_download_agent() + else: + error_message = "Timed out while waiting for victim to download the java bytecode" + logger.debug(error_message) + self._publish_exploitation_event(timestamp, False, error_message=error_message) return victim_called_back @@ -190,24 +195,11 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._exploit_class_http_server.exploit_class_downloaded(): - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=True, - tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), - ) self.exploit_result.exploitation_success = True return True time.sleep(1) - error_message = "Timed out while waiting for victim to download the java bytecode" - logger.debug(error_message) - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=False, - error_message=error_message, - tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG), - ) return False def _wait_for_victim_to_download_agent(self): @@ -216,11 +208,7 @@ class Log4ShellExploiter(WebRCE): while not timer.is_expired(): if self._agent_http_server_thread.downloads > 0: - self._publish_propagation_event( - target=self.host.ip_addr, - propagation_success=True, - tags=PROPAGATION_TAGS, - ) + self._publish_propagation_event(success=True) self.exploit_result.propagation_success = True break From 0f3f45e92f0b07cfe64a02ea2c2d972de214de29 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 6 Oct 2022 13:26:48 +0200 Subject: [PATCH 08/15] Agent: Modify Log4Shell tags to be properties --- monkey/infection_monkey/exploit/log4shell.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index c5bee65a8..780665047 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -1,7 +1,6 @@ import logging import time from pathlib import PurePath -from typing import Tuple from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT @@ -36,11 +35,12 @@ class Log4ShellExploiter(WebRCE): SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT - def _exploiter_tags(self) -> Tuple[str, ...]: - return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG) - - def _propagation_tags(self) -> Tuple[str, ...]: - return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG) + _EXPLOITER_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG) + _PROPAGATION_TAGS = ( + LOG4SHELL_EXPLOITER_TAG, + T1203_ATTACK_TECHNIQUE_TAG, + T1105_ATTACK_TECHNIQUE_TAG, + ) def _exploit_host(self) -> ExploiterResultData: self._open_ports = [ From d8fca72f28044752773b17d8e9c1ba9d93d378a4 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:41:20 -0400 Subject: [PATCH 09/15] Agent: Publish all prop/exploit events from _wait_for_victim() --- monkey/infection_monkey/exploit/log4shell.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 780665047..4bb2c2777 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -181,7 +181,9 @@ class Log4ShellExploiter(WebRCE): victim_called_back = self._wait_for_victim_to_download_java_bytecode() if victim_called_back: self._publish_exploitation_event(timestamp, True) - self._wait_for_victim_to_download_agent() + + victim_downloaded_agent = self._wait_for_victim_to_download_agent() + self._publish_propagation_event(success=victim_downloaded_agent) else: error_message = "Timed out while waiting for victim to download the java bytecode" logger.debug(error_message) @@ -202,15 +204,16 @@ class Log4ShellExploiter(WebRCE): return False - def _wait_for_victim_to_download_agent(self): + def _wait_for_victim_to_download_agent(self) -> bool: timer = Timer() timer.set(LONG_REQUEST_TIMEOUT) while not timer.is_expired(): if self._agent_http_server_thread.downloads > 0: - self._publish_propagation_event(success=True) self.exploit_result.propagation_success = True - break + return True # TODO: if the http server got an error we're waiting for nothing here time.sleep(1) + + return False From 6bd7042444c602f205657f275db6a535cf5507d5 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:42:33 -0400 Subject: [PATCH 10/15] Agent: Add VICTIM_WAIT_SLEEP_TIME_SEC constant in log4shell exlpoiter --- monkey/infection_monkey/exploit/log4shell.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 4bb2c2777..a3af75372 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -28,6 +28,7 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" +VICTIM_WAIT_SLEEP_TIME_SEC = 1 class Log4ShellExploiter(WebRCE): @@ -200,7 +201,7 @@ class Log4ShellExploiter(WebRCE): self.exploit_result.exploitation_success = True return True - time.sleep(1) + time.sleep(VICTIM_WAIT_SLEEP_TIME_SEC) return False @@ -214,6 +215,6 @@ class Log4ShellExploiter(WebRCE): return True # TODO: if the http server got an error we're waiting for nothing here - time.sleep(1) + time.sleep(VICTIM_WAIT_SLEEP_TIME_SEC) return False From 7bc9993c6f3ab78a5ab294c874ace0259c3d6b77 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:43:05 -0400 Subject: [PATCH 11/15] Agent: Reduce VICTIM_WAIT_SLEEP_TIME_SEC to 0.050 seconds 1 second is a long time to wait, and we want our event timestamps to be more accurate. 0.050 is 10 x sys.getswitchinterval(). It's reasonably accurate but will also share the CPU nicely. --- monkey/infection_monkey/exploit/log4shell.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index a3af75372..47d2e7db4 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -28,7 +28,7 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" -VICTIM_WAIT_SLEEP_TIME_SEC = 1 +VICTIM_WAIT_SLEEP_TIME_SEC = 0.050 class Log4ShellExploiter(WebRCE): From eac30768289c98ff7767b5516110574cde7bc7ba Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:50:05 -0400 Subject: [PATCH 12/15] Agent: Change typehint for build_monkey_commandline's location The function can handle str, PurePath, or None. This typehint change reflects that capability --- monkey/infection_monkey/utils/commands.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/utils/commands.py b/monkey/infection_monkey/utils/commands.py index c290b3893..c8e1ad695 100644 --- a/monkey/infection_monkey/utils/commands.py +++ b/monkey/infection_monkey/utils/commands.py @@ -1,4 +1,5 @@ -from typing import List, Optional +from pathlib import PurePath +from typing import List, Optional, Union from infection_monkey.config import GUID from infection_monkey.exploit.tools.helpers import AGENT_BINARY_PATH_LINUX, AGENT_BINARY_PATH_WIN64 @@ -9,7 +10,9 @@ DROPPER_TARGET_PATH_LINUX = AGENT_BINARY_PATH_LINUX DROPPER_TARGET_PATH_WIN64 = AGENT_BINARY_PATH_WIN64 -def build_monkey_commandline(servers: List[str], depth: int, location: Optional[str] = None) -> str: +def build_monkey_commandline( + servers: List[str], depth: int, location: Union[str, PurePath, None] = None +) -> str: return " " + " ".join( build_monkey_commandline_explicitly( @@ -25,7 +28,7 @@ def build_monkey_commandline_explicitly( parent: Optional[str] = None, servers: Optional[List[str]] = None, depth: Optional[int] = None, - location: Optional[str] = None, + location: Union[str, PurePath, None] = None, ) -> List[str]: cmdline = [] From 03c6c5ea4b53a041511d40f0ba7ddf463467c832 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:51:14 -0400 Subject: [PATCH 13/15] Agent: Remove unnecessary Path -> str in Log4ShellExploiter --- monkey/infection_monkey/exploit/log4shell.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 47d2e7db4..a79554271 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -126,9 +126,7 @@ class Log4ShellExploiter(WebRCE): def _build_command(self, path: PurePath, http_path) -> str: # Build command to execute - monkey_cmd = build_monkey_commandline( - self.servers, self.current_depth + 1, location=str(path) - ) + monkey_cmd = build_monkey_commandline(self.servers, self.current_depth + 1, location=path) if self.host.is_windows(): base_command = LOG4SHELL_WINDOWS_COMMAND else: From ead979c6caf00f32dc475ed84b8cece1d117e572 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 16:54:02 -0400 Subject: [PATCH 14/15] Agent: Add T1110 to Log4Shell exploiter tags --- monkey/infection_monkey/exploit/log4shell.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index a79554271..262915530 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -4,7 +4,11 @@ from pathlib import PurePath from common import OperatingSystem from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT -from common.tags import T1105_ATTACK_TECHNIQUE_TAG, T1203_ATTACK_TECHNIQUE_TAG +from common.tags import ( + T1105_ATTACK_TECHNIQUE_TAG, + T1110_ATTACK_TECHNIQUE_TAG, + T1203_ATTACK_TECHNIQUE_TAG, +) from common.utils import Timer from infection_monkey.exploit.log4shell_utils import ( LINUX_EXPLOIT_TEMPLATE_PATH, @@ -36,7 +40,11 @@ class Log4ShellExploiter(WebRCE): SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT - _EXPLOITER_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG) + _EXPLOITER_TAGS = ( + LOG4SHELL_EXPLOITER_TAG, + T1110_ATTACK_TECHNIQUE_TAG, + T1203_ATTACK_TECHNIQUE_TAG, + ) _PROPAGATION_TAGS = ( LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, From 9c2cdf15e2ed648ca204c66a4708411170f21751 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 6 Oct 2022 17:01:06 -0400 Subject: [PATCH 15/15] Agent: Add TODO in Log4ShellExploiter --- monkey/infection_monkey/exploit/log4shell.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/monkey/infection_monkey/exploit/log4shell.py b/monkey/infection_monkey/exploit/log4shell.py index 262915530..95fb7952d 100644 --- a/monkey/infection_monkey/exploit/log4shell.py +++ b/monkey/infection_monkey/exploit/log4shell.py @@ -174,9 +174,10 @@ class Log4ShellExploiter(WebRCE): ) logger.warning(error_message) - self._publish_exploitation_event(timestamp, False, error_message=error_message) + # TODO: _wait_for_victim() gets called even if trigger_exploit() raises an + # exception. Is that the desired behavior? if self._wait_for_victim(timestamp): self.exploit_info["vulnerable_service"] = { "service_name": exploit.service_name,