Agent: Implement fingerprinting in Puppet

2022-02-07 12:56:54 -05:00 · 2022-02-07 12:56:54 -05:00 · 6d5b55be10
parent 46487be05d
commit 6d5b55be10
3 changed files with 10 additions and 3 deletions
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@ -18,6 +18,7 @@ from infection_monkey.master.control_channel import ControlChannel
 from infection_monkey.model import DELAY_DELETE_CMD, VictimHostFactory
 from infection_monkey.network import NetworkInterface
 from infection_monkey.network.firewall import app as firewall
+from infection_monkey.network.http_fingerprinter import HTTPFingerprinter
 from infection_monkey.network.info import get_local_network_interfaces
 from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload
 from infection_monkey.puppet.puppet import Puppet
@ -183,6 +184,7 @@ class InfectionMonkey:
    @staticmethod
    def _build_puppet() -> IPuppet:
        puppet = Puppet()
+        puppet.load_plugin("HTTPFinger", HTTPFingerprinter(), PluginType.FINGERPRINTER)
        puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD)

        return puppet
--- a/monkey/infection_monkey/network/http_fingerprinter.py
+++ b/monkey/infection_monkey/network/http_fingerprinter.py
@ -63,8 +63,12 @@ def _query_potential_http_server(host: str, port: int) -> Tuple[Optional[str], O

 def _get_server_from_headers(url: str) -> Optional[str]:
    try:
+        logger.debug(f"Sending request for headers to {url}")
        with closing(head(url, verify=False, timeout=1)) as req:  # noqa: DUO123
-            return req.headers.get("Server")
+            server = req.headers.get("Server")
+
+            logger.debug(f'Got server string "{server}" from {url}')
+            return server
    except Timeout:
        logger.debug(f"Timeout while requesting headers from {url}")
    except ConnectionError:  # Someone doesn't like us
@ -76,5 +80,5 @@ def _get_server_from_headers(url: str) -> Optional[str]:
 def _get_open_http_ports(
    allowed_http_ports: Set, port_scan_data: Dict[int, PortScanData]
 ) -> Iterable[int]:
-    open_ports = (psd.port for psd in port_scan_data.values() if psd.status == PortStatus.Open)
+    open_ports = (psd.port for psd in port_scan_data.values() if psd.status == PortStatus.OPEN)
    return (port for port in open_ports if port in allowed_http_ports)
--- a/monkey/infection_monkey/puppet/puppet.py
+++ b/monkey/infection_monkey/puppet/puppet.py
@ -49,7 +49,8 @@ class Puppet(IPuppet):
        port_scan_data: Dict[int, PortScanData],
        options: Dict,
    ) -> FingerprintData:
-        return self._mock_puppet.fingerprint(name, host, ping_scan_data, port_scan_data, options)
+        fingerprinter = self._plugin_registry.get_plugin(name, PluginType.FINGERPRINTER)
+        return fingerprinter.get_host_fingerprint(host, ping_scan_data, port_scan_data, options)

    def exploit_host(
        self, name: str, host: str, options: Dict, interrupt: threading.Event