p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Code clean up

This commit is contained in:
Shreya 2020-11-21 13:19:44 +05:30
parent 6cb9d4808f
commit e8a2a37690
2 changed files with 48 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
monkey/infection_monkey/network/postgresql_fingerprint.py
View File

@ -1,7 +1,3 @@
"""
Implementation from https://github.com/SecuraBV/CVE-2020-1472
"""
import logging import logging
import psycopg2 import psycopg2
@ -18,8 +14,8 @@ class PostgreSQLFinger(HostFinger):
# Class related consts # Class related consts
_SCANNED_SERVICE = 'PostgreSQL' _SCANNED_SERVICE = 'PostgreSQL'
POSTGRESQL_DEFAULT_PORT = 5432 POSTGRESQL_DEFAULT_PORT = 5432
CREDS = {'username': 'monkeySaysHello', CREDS = {'username': "monkeySaysHello",
'password': 'monkeySaysXXX'} 'password': "monkeySaysXXX"}
def get_host_fingerprint(self, host): def get_host_fingerprint(self, host):
try: try:
@ -31,6 +27,7 @@ class PostgreSQLFinger(HostFinger):
except psycopg2.OperationalError as ex: except psycopg2.OperationalError as ex:
# try block will throw an OperationalError since the credentials are wrong, which we then analyze # try block will throw an OperationalError since the credentials are wrong, which we then analyze
try:
self.relevant_ex_substrings = ["password authentication failed", self.relevant_ex_substrings = ["password authentication failed",
"entry for host"] # "no pg_hba.conf entry for host" but filename may be diff "entry for host"] # "no pg_hba.conf entry for host" but filename may be diff
exception_string = str(ex) exception_string = str(ex)
@ -39,43 +36,52 @@ class PostgreSQLFinger(HostFinger):
# OperationalError due to some other reason # OperationalError due to some other reason
return False return False
# all's well; start analysing errors
self.init_service(host.services, self._SCANNED_SERVICE, self.POSTGRESQL_DEFAULT_PORT) self.init_service(host.services, self._SCANNED_SERVICE, self.POSTGRESQL_DEFAULT_PORT)
ssl_connection_details = []
exceptions = exception_string.split("\n") exceptions = exception_string.split("\n")
ssl_conf_on_server = self.is_ssl_configured(exceptions) connection_details = {'ssl_conf': "SSL is configured on the PostgreSQL server.\n",
'ssl_not_conf': "SSL is NOT configured on the PostgreSQL server.\n",
'all_ssl': "SSL connections can be made by all.\n",
'all_non_ssl': "Non-SSL connections can be made by all.\n",
'selected_ssl': "SSL connections can be made by selected hosts only OR "
"non-SSL usage is forced.\n",
'selected_non_ssl': "Non-SSL connections can be made by selected hosts only OR "
"SSL usage is forced.\n"}
""" Make this part cleaner and better! """ ssl_connection_details = []
ssl_conf_on_server = self.is_ssl_configured(exceptions)
# SSL configured # SSL configured
if ssl_conf_on_server: if ssl_conf_on_server:
ssl_connection_details.append("SSL is configured on the PostgreSQL server.\n") ssl_connection_details.append(connection_details['ssl_conf'])
# SSL # SSL
if self.found_entry_for_host_but_pwd_auth_failed(exceptions[0]): if self.found_entry_for_host_but_pwd_auth_failed(exceptions[0]):
ssl_connection_details.append("SSL connections can be made by all.\n") ssl_connection_details.append(connection_details['all_ssl'])
else: else:
ssl_connection_details.append( ssl_connection_details.append(connection_details['selected_ssl'])
"SSL connections can be made by selected hosts only OR non-SSL usage is forced.\n")
# non-SSL # non-SSL
if self.found_entry_for_host_but_pwd_auth_failed(exceptions[1]): if self.found_entry_for_host_but_pwd_auth_failed(exceptions[1]):
ssl_connection_details.append("Non-SSL connections can be made by all.\n") ssl_connection_details.append(connection_details['all_non_ssl'])
else: else:
ssl_connection_details.append( ssl_connection_details.append(connection_details['selected_non_ssl'])
"Non-SSL connections can be made by selected hosts only OR SSL usage is forced.\n")
# SSL not configured # SSL not configured
else: else:
ssl_connection_details.append("SSL is NOT configured on the PostgreSQL server.\n") ssl_connection_details.append(connection_details['ssl_not_conf'])
if self.found_entry_for_host_but_pwd_auth_failed(exceptions[0]): if self.found_entry_for_host_but_pwd_auth_failed(exceptions[0]):
ssl_connection_details.append("Non-SSL connections can be made by all.\n") ssl_connection_details.append(connection_details['all_non_ssl'])
else: else:
ssl_connection_details.append( ssl_connection_details.append(connection_details['selected_non_ssl'])
"Non-SSL connections can be made by selected hosts only OR SSL usage is forced.\n")
host.services[self._SCANNED_SERVICE]['communication_encryption_details'] = ''.join(ssl_connection_details) host.services[self._SCANNED_SERVICE]['communication_encryption_details'] = ''.join(ssl_connection_details)
return True return True
except Exception as err:
LOG.debug("Error getting PostgreSQL fingerprint: %s", err)
return False
def is_ssl_configured(self, exceptions): def is_ssl_configured(self, exceptions):
# when trying to authenticate, it checks pg_hba.conf file: # when trying to authenticate, it checks pg_hba.conf file:
# first, for a record where it can connect with SSL and second, without SSL # first, for a record where it can connect with SSL and second, without SSL

1
monkey/infection_monkey/requirements.txt
View File

@ -8,6 +8,7 @@ netifaces>=0.10.9
odict==1.7.0 odict==1.7.0
paramiko>=2.7.1 paramiko>=2.7.1
psutil>=5.7.0 psutil>=5.7.0
psycopg2-binary==2.8.6
pycryptodome==3.9.8 pycryptodome==3.9.8
pyftpdlib==1.5.6 pyftpdlib==1.5.6
pymssql<3.0 pymssql<3.0