forked from p34709852/monkey
Resolved string templating in dropper and windows_upgrader.
This commit is contained in:
parent
0517f3e06f
commit
9fd27141f2
|
@ -12,11 +12,13 @@ from ctypes import c_char_p
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
|
||||||
from infection_monkey.model import MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
|
|
||||||
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
|
||||||
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
|
||||||
from infection_monkey.utils.commands import get_monkey_cmd_lines_linux, get_monkey_cmd_lines_windows
|
from infection_monkey.utils.commands import (
|
||||||
|
build_monkey_commandline_explicitly,
|
||||||
|
get_monkey_cmd_lines_linux,
|
||||||
|
get_monkey_cmd_lines_windows,
|
||||||
|
)
|
||||||
|
|
||||||
if "win32" == sys.platform:
|
if "win32" == sys.platform:
|
||||||
from win32process import DETACHED_PROCESS
|
from win32process import DETACHED_PROCESS
|
||||||
|
@ -143,15 +145,13 @@ class MonkeyDrops(object):
|
||||||
)
|
)
|
||||||
|
|
||||||
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
if OperatingSystem.Windows == SystemInfoCollector.get_os():
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
|
||||||
# the necessary parameters and returns a list of arguments.
|
|
||||||
|
|
||||||
monkey_cmdline, monkey_cmdline_split = get_monkey_cmd_lines_windows(
|
monkey_cmdline = get_monkey_cmd_lines_windows(
|
||||||
MONKEY_CMDLINE_WINDOWS, self._config["destination_path"], monkey_options
|
self._config["destination_path"], monkey_options
|
||||||
)
|
)
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_cmdline,
|
||||||
stdin=subprocess.PIPE,
|
stdin=subprocess.PIPE,
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE,
|
stderr=subprocess.PIPE,
|
||||||
|
@ -162,15 +162,13 @@ class MonkeyDrops(object):
|
||||||
dest_path = self._config["destination_path"]
|
dest_path = self._config["destination_path"]
|
||||||
# In Linux, we need to change the directory first, which is done
|
# In Linux, we need to change the directory first, which is done
|
||||||
# using thw `cwd` argument in `subprocess.Popen` below
|
# using thw `cwd` argument in `subprocess.Popen` below
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
|
||||||
# the necessary parameters and returns a list of arguments.
|
|
||||||
|
|
||||||
monkey_cmdline, monkey_cmdline_split = get_monkey_cmd_lines_linux(
|
monkey_cmdline = get_monkey_cmd_lines_linux(dest_path, monkey_options)
|
||||||
MONKEY_CMDLINE_LINUX, dest_path, monkey_options
|
|
||||||
)
|
LOG.info("Commands of monkey cmdline_split %s", monkey_cmdline)
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_cmdline,
|
||||||
stdin=subprocess.PIPE,
|
stdin=subprocess.PIPE,
|
||||||
stdout=subprocess.PIPE,
|
stdout=subprocess.PIPE,
|
||||||
stderr=subprocess.PIPE,
|
stderr=subprocess.PIPE,
|
||||||
|
@ -182,7 +180,7 @@ class MonkeyDrops(object):
|
||||||
LOG.info(
|
LOG.info(
|
||||||
"Executed monkey process (PID=%d) with command line: %s",
|
"Executed monkey process (PID=%d) with command line: %s",
|
||||||
monkey_process.pid,
|
monkey_process.pid,
|
||||||
monkey_cmdline,
|
" ".join(monkey_cmdline),
|
||||||
)
|
)
|
||||||
|
|
||||||
time.sleep(3)
|
time.sleep(3)
|
||||||
|
|
|
@ -13,7 +13,7 @@ from random import SystemRandom
|
||||||
import requests
|
import requests
|
||||||
|
|
||||||
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.exploit.web_rce import WebRCE
|
from infection_monkey.exploit.web_rce import WebRCE
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
|
@ -22,6 +22,7 @@ from infection_monkey.model import (
|
||||||
ID_STRING,
|
ID_STRING,
|
||||||
MONKEY_ARG,
|
MONKEY_ARG,
|
||||||
)
|
)
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
|
@ -8,14 +8,11 @@ import pymssql
|
||||||
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_monkey_dest_path
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_monkey_dest_path,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
|
||||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -36,16 +36,13 @@ from impacket.smbconnection import SMBConnection
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey_by_os
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey_by_os,
|
|
||||||
)
|
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.network.smbfinger import SMB_SERVICE
|
from infection_monkey.network.smbfinger import SMB_SERVICE
|
||||||
from infection_monkey.network.tools import get_interface_to_target
|
from infection_monkey.network.tools import get_interface_to_target
|
||||||
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
from infection_monkey.pyinstaller_utils import get_binary_file_path
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
|
||||||
|
|
|
@ -10,14 +10,11 @@ import requests
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
from infection_monkey.exploit.shellshock_resources import CGI_FILES
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import DROPPER_ARG
|
from infection_monkey.model import DROPPER_ARG
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "danielg"
|
__author__ = "danielg"
|
||||||
|
|
||||||
|
|
|
@ -5,16 +5,13 @@ from impacket.dcerpc.v5 import scmr, transport
|
||||||
from common.utils.attack_utils import ScanStatus, UsageEnum
|
from common.utils.attack_utils import ScanStatus, UsageEnum
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -9,15 +9,12 @@ from common.utils.attack_utils import ScanStatus
|
||||||
from common.utils.exceptions import FailedExploitationError
|
from common.utils.exceptions import FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.model import MONKEY_ARG
|
from infection_monkey.model import MONKEY_ARG
|
||||||
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
|
||||||
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "hoffer"
|
__author__ = "hoffer"
|
||||||
|
|
||||||
|
|
|
@ -45,42 +45,6 @@ def get_target_monkey_by_os(is_windows, is_32bit):
|
||||||
return ControlClient.download_monkey_exe_by_os(is_windows, is_32bit)
|
return ControlClient.download_monkey_exe_by_os(is_windows, is_32bit)
|
||||||
|
|
||||||
|
|
||||||
def build_monkey_commandline_explicitly(
|
|
||||||
parent=None, tunnel=None, server=None, depth=None, location=None, vulnerable_port=None
|
|
||||||
):
|
|
||||||
cmdline = ""
|
|
||||||
|
|
||||||
if parent is not None:
|
|
||||||
cmdline += f" -p {parent}"
|
|
||||||
if tunnel is not None:
|
|
||||||
cmdline += f" -t {tunnel}"
|
|
||||||
if server is not None:
|
|
||||||
cmdline += f" -s {server}"
|
|
||||||
if depth is not None:
|
|
||||||
if int(depth) < 0:
|
|
||||||
depth = 0
|
|
||||||
cmdline += f" -d {depth}"
|
|
||||||
if location is not None:
|
|
||||||
cmdline += f" -l {location}"
|
|
||||||
if vulnerable_port is not None:
|
|
||||||
cmdline += f" -vp {vulnerable_port}"
|
|
||||||
|
|
||||||
return cmdline
|
|
||||||
|
|
||||||
|
|
||||||
def build_monkey_commandline(target_host, depth, vulnerable_port, location=None):
|
|
||||||
from infection_monkey.config import GUID
|
|
||||||
|
|
||||||
return build_monkey_commandline_explicitly(
|
|
||||||
GUID,
|
|
||||||
target_host.default_tunnel,
|
|
||||||
target_host.default_server,
|
|
||||||
depth,
|
|
||||||
location,
|
|
||||||
vulnerable_port,
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_depth():
|
def get_monkey_depth():
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
|
|
||||||
|
|
|
@ -11,11 +11,7 @@ from logging import getLogger
|
||||||
|
|
||||||
from common.utils.attack_utils import ScanStatus
|
from common.utils.attack_utils import ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
CHMOD_MONKEY,
|
CHMOD_MONKEY,
|
||||||
|
@ -25,6 +21,7 @@ from infection_monkey.model import (
|
||||||
WGET_HTTP_UPLOAD,
|
WGET_HTTP_UPLOAD,
|
||||||
)
|
)
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,7 @@ from posixpath import join
|
||||||
|
|
||||||
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.model import (
|
from infection_monkey.model import (
|
||||||
BITSADMIN_CMDLINE_HTTP,
|
BITSADMIN_CMDLINE_HTTP,
|
||||||
|
@ -28,6 +24,7 @@ from infection_monkey.model import (
|
||||||
from infection_monkey.network.tools import tcp_port_to_service
|
from infection_monkey.network.tools import tcp_port_to_service
|
||||||
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
|
||||||
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
__author__ = "VakarisZ"
|
__author__ = "VakarisZ"
|
||||||
|
|
||||||
|
|
|
@ -16,15 +16,12 @@ from impacket.dcerpc.v5 import transport
|
||||||
|
|
||||||
from common.utils.shellcode_obfuscator import clarify
|
from common.utils.shellcode_obfuscator import clarify
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
from infection_monkey.network.smbfinger import SMBFinger
|
from infection_monkey.network.smbfinger import SMBFinger
|
||||||
from infection_monkey.network.tools import check_tcp_port
|
from infection_monkey.network.tools import check_tcp_port
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
from infection_monkey.utils.random_password_generator import get_random_password
|
from infection_monkey.utils.random_password_generator import get_random_password
|
||||||
|
|
||||||
LOG = getLogger(__name__)
|
LOG = getLogger(__name__)
|
||||||
|
|
|
@ -7,14 +7,11 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||||
|
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import (
|
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||||
build_monkey_commandline,
|
|
||||||
get_monkey_depth,
|
|
||||||
get_target_monkey,
|
|
||||||
)
|
|
||||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||||
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
||||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||||
|
from infection_monkey.utils.commands import build_monkey_commandline
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
|
@ -7,7 +7,9 @@ DROPPER_ARG = "dr0pp3r"
|
||||||
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
ID_STRING = "M0NK3Y3XPL0ITABLE"
|
||||||
|
|
||||||
# CMD prefix for windows commands
|
# CMD prefix for windows commands
|
||||||
CMD_PREFIX = "cmd.exe /c"
|
CMD_EXE = "cmd.exe"
|
||||||
|
CMD_CARRY_OUT = "/c"
|
||||||
|
CMD_PREFIX = CMD_EXE + " " + CMD_CARRY_OUT
|
||||||
DROPPER_CMDLINE_WINDOWS = "%s %%(dropper_path)s %s" % (
|
DROPPER_CMDLINE_WINDOWS = "%s %%(dropper_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
DROPPER_ARG,
|
DROPPER_ARG,
|
||||||
|
@ -16,7 +18,6 @@ MONKEY_CMDLINE_WINDOWS = "%s %%(monkey_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
MONKEY_ARG,
|
MONKEY_ARG,
|
||||||
)
|
)
|
||||||
MONKEY_CMDLINE_LINUX = "./%%(monkey_filename)s %s" % (MONKEY_ARG,)
|
|
||||||
DROPPER_CMDLINE_DETACHED_WINDOWS = "%s start cmd /c %%(dropper_path)s %s" % (
|
DROPPER_CMDLINE_DETACHED_WINDOWS = "%s start cmd /c %%(dropper_path)s %s" % (
|
||||||
CMD_PREFIX,
|
CMD_PREFIX,
|
||||||
DROPPER_ARG,
|
DROPPER_ARG,
|
||||||
|
|
|
@ -1,15 +1,61 @@
|
||||||
import shlex
|
import logging
|
||||||
|
|
||||||
|
from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
|
||||||
|
|
||||||
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_cmd_lines_windows(monkey_cmdline_windows, destination_path, monkey_options):
|
def build_monkey_commandline(target_host, depth, vulnerable_port, location=None):
|
||||||
monkey_cmdline = monkey_cmdline_windows % {"monkey_path": destination_path} + monkey_options
|
from infection_monkey.config import GUID
|
||||||
|
|
||||||
return monkey_cmdline, shlex.split(monkey_cmdline, posix=False)
|
return "".join(
|
||||||
|
build_monkey_commandline_explicitly(
|
||||||
|
GUID,
|
||||||
def get_monkey_cmd_lines_linux(monkey_cmdline_linux, destination_path, monkey_options):
|
target_host.default_tunnel,
|
||||||
monkey_cmdline = (
|
target_host.default_server,
|
||||||
monkey_cmdline_linux % {"monkey_filename": destination_path.split("/")[-1]} + monkey_options
|
depth,
|
||||||
|
location,
|
||||||
|
vulnerable_port,
|
||||||
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
return monkey_cmdline, shlex.split(monkey_cmdline, posix=False)
|
|
||||||
|
def build_monkey_commandline_explicitly(
|
||||||
|
parent=None, tunnel=None, server=None, depth=None, location=None, vulnerable_port=None
|
||||||
|
):
|
||||||
|
cmdline = []
|
||||||
|
|
||||||
|
if parent is not None:
|
||||||
|
cmdline.append("-p")
|
||||||
|
cmdline.append(f"{parent}")
|
||||||
|
if tunnel is not None:
|
||||||
|
cmdline.append("-t")
|
||||||
|
cmdline.append(f"{tunnel}")
|
||||||
|
if server is not None:
|
||||||
|
cmdline.append("-s")
|
||||||
|
cmdline.append(f"{server}")
|
||||||
|
if depth is not None:
|
||||||
|
if int(depth) < 0:
|
||||||
|
depth = 0
|
||||||
|
cmdline.append("-d")
|
||||||
|
cmdline.append(f"{depth}")
|
||||||
|
if location is not None:
|
||||||
|
cmdline.append("-l")
|
||||||
|
cmdline.append(f"{location}")
|
||||||
|
if vulnerable_port is not None:
|
||||||
|
cmdline.append("-vp")
|
||||||
|
cmdline.append(f"{vulnerable_port}")
|
||||||
|
|
||||||
|
return cmdline
|
||||||
|
|
||||||
|
|
||||||
|
def get_monkey_cmd_lines_windows(destination_path, monkey_options):
|
||||||
|
monkey_cmdline = [CMD_EXE, CMD_CARRY_OUT, destination_path, MONKEY_ARG]
|
||||||
|
|
||||||
|
return monkey_cmdline + monkey_options
|
||||||
|
|
||||||
|
|
||||||
|
def get_monkey_cmd_lines_linux(destination_path, monkey_options):
|
||||||
|
monkey_cmdline = [destination_path.split("/")[-1], MONKEY_ARG]
|
||||||
|
|
||||||
|
return monkey_cmdline + monkey_options
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
import logging
|
import logging
|
||||||
import shlex
|
|
||||||
import shutil
|
import shutil
|
||||||
import subprocess
|
import subprocess
|
||||||
import sys
|
import sys
|
||||||
|
@ -8,8 +7,10 @@ import time
|
||||||
import infection_monkey.monkeyfs as monkeyfs
|
import infection_monkey.monkeyfs as monkeyfs
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
from infection_monkey.control import ControlClient
|
from infection_monkey.control import ControlClient
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
from infection_monkey.utils.commands import (
|
||||||
from infection_monkey.model import MONKEY_CMDLINE_WINDOWS
|
build_monkey_commandline_explicitly,
|
||||||
|
get_monkey_cmd_lines_windows,
|
||||||
|
)
|
||||||
from infection_monkey.utils.environment import is_64bit_python, is_64bit_windows_os, is_windows_os
|
from infection_monkey.utils.environment import is_64bit_python, is_64bit_windows_os, is_windows_os
|
||||||
|
|
||||||
__author__ = "itay.mizeretz"
|
__author__ = "itay.mizeretz"
|
||||||
|
@ -46,20 +47,12 @@ class WindowsUpgrader(object):
|
||||||
opts.parent, opts.tunnel, opts.server, opts.depth
|
opts.parent, opts.tunnel, opts.server, opts.depth
|
||||||
)
|
)
|
||||||
|
|
||||||
# TODO: Replace all of this string templating with a function that accepts
|
monkey_cmdline = get_monkey_cmd_lines_windows(
|
||||||
# the necessary parameters and returns a list of arguments.
|
WormConfiguration.dropper_target_path_win_64, monkey_options
|
||||||
monkey_cmdline = (
|
|
||||||
MONKEY_CMDLINE_WINDOWS % {"monkey_path": WormConfiguration.dropper_target_path_win_64}
|
|
||||||
+ monkey_options
|
|
||||||
)
|
|
||||||
|
|
||||||
monkey_cmdline_split = shlex.split(
|
|
||||||
monkey_cmdline,
|
|
||||||
posix=False, # won't try resolving "\" in paths as part of escape sequences
|
|
||||||
)
|
)
|
||||||
|
|
||||||
monkey_process = subprocess.Popen(
|
monkey_process = subprocess.Popen(
|
||||||
monkey_cmdline_split,
|
monkey_cmdline,
|
||||||
stdin=None,
|
stdin=None,
|
||||||
stdout=None,
|
stdout=None,
|
||||||
stderr=None,
|
stderr=None,
|
||||||
|
@ -70,7 +63,7 @@ class WindowsUpgrader(object):
|
||||||
LOG.info(
|
LOG.info(
|
||||||
"Executed 64bit monkey process (PID=%d) with command line: %s",
|
"Executed 64bit monkey process (PID=%d) with command line: %s",
|
||||||
monkey_process.pid,
|
monkey_process.pid,
|
||||||
monkey_cmdline,
|
"".join(monkey_cmdline),
|
||||||
)
|
)
|
||||||
|
|
||||||
time.sleep(WindowsUpgrader.__UPGRADE_WAIT_TIME__)
|
time.sleep(WindowsUpgrader.__UPGRADE_WAIT_TIME__)
|
||||||
|
|
|
@ -1,16 +1,29 @@
|
||||||
import unittest
|
import unittest
|
||||||
|
|
||||||
from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
|
from infection_monkey.utils.commands import build_monkey_commandline_explicitly
|
||||||
|
|
||||||
|
|
||||||
class TestHelpers(unittest.TestCase):
|
class TestHelpers(unittest.TestCase):
|
||||||
def test_build_monkey_commandline_explicitly(self):
|
def test_build_monkey_commandline_explicitly(self):
|
||||||
test1 = " -p 101010 -t 10.10.101.10 -s 127.127.127.127:5000 -d 0 -l C:\\windows\\abc -vp 80"
|
test1 = [
|
||||||
|
"-p",
|
||||||
|
"101010",
|
||||||
|
"-t",
|
||||||
|
"10.10.101.10",
|
||||||
|
"-s",
|
||||||
|
"127.127.127.127:5000",
|
||||||
|
"-d",
|
||||||
|
"0",
|
||||||
|
"-l",
|
||||||
|
"C:\\windows\\abc",
|
||||||
|
"-vp",
|
||||||
|
"80",
|
||||||
|
]
|
||||||
result1 = build_monkey_commandline_explicitly(
|
result1 = build_monkey_commandline_explicitly(
|
||||||
101010, "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", 80
|
101010, "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", 80
|
||||||
)
|
)
|
||||||
|
|
||||||
test2 = " -p parent -s 127.127.127.127:5000 -d 0 -vp 80"
|
test2 = ["-p", "parent", "-s", "127.127.127.127:5000", "-d", "0", "-vp", "80"]
|
||||||
result2 = build_monkey_commandline_explicitly(
|
result2 = build_monkey_commandline_explicitly(
|
||||||
parent="parent", server="127.127.127.127:5000", depth="0", vulnerable_port="80"
|
parent="parent", server="127.127.127.127:5000", depth="0", vulnerable_port="80"
|
||||||
)
|
)
|
Loading…
Reference in New Issue