forked from p15670423/monkey
Fix CR comments, see
https://github.com/guardicore/monkey/pull/47#pullrequestreview-64871377
This commit is contained in:
parent
10c9648854
commit
79e6a44008
|
@ -1,13 +1,14 @@
|
|||
import os
|
||||
import sys
|
||||
from network.range import FixedRange, RelativeRange, ClassCRange
|
||||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter,\
|
||||
SambaCryExploiter
|
||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger
|
||||
import types
|
||||
import uuid
|
||||
from abc import ABCMeta
|
||||
from itertools import product
|
||||
import uuid
|
||||
import types
|
||||
|
||||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter, \
|
||||
SambaCryExploiter
|
||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger
|
||||
from network.range import FixedRange
|
||||
|
||||
__author__ = 'itamar'
|
||||
|
||||
|
@ -15,6 +16,7 @@ GUID = str(uuid.getnode())
|
|||
|
||||
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
|
||||
|
||||
|
||||
def _cast_by_example(value, example):
|
||||
"""
|
||||
a method that casts a value to the type of the parameter given as example
|
||||
|
@ -178,7 +180,7 @@ class Configuration(object):
|
|||
|
||||
range_class = FixedRange
|
||||
range_size = 1
|
||||
range_fixed = ['',]
|
||||
range_fixed = ['10.0.1.63', ]
|
||||
|
||||
blocked_ips = ['', ]
|
||||
|
||||
|
@ -186,7 +188,7 @@ class Configuration(object):
|
|||
HTTP_PORTS = [80, 8080, 443,
|
||||
8008, # HTTP alternate
|
||||
]
|
||||
tcp_target_ports = [22, 2222, 445, 135, 3389]
|
||||
tcp_target_ports = [22, 2222, 445, 135, 3389, 3306, ]
|
||||
tcp_target_ports.extend(HTTP_PORTS)
|
||||
tcp_scan_timeout = 3000 # 3000 Milliseconds
|
||||
tcp_scan_interval = 200
|
||||
|
@ -243,7 +245,6 @@ class Configuration(object):
|
|||
# Monkey copy filename on share (64 bit)
|
||||
sambacry_monkey_copy_filename_64 = "monkey64_2"
|
||||
|
||||
|
||||
# system info collection
|
||||
collect_system_info = True
|
||||
|
||||
|
@ -253,4 +254,5 @@ class Configuration(object):
|
|||
|
||||
mimikatz_dll_name = "mk.dll"
|
||||
|
||||
|
||||
WormConfiguration = Configuration()
|
||||
|
|
|
@ -84,6 +84,7 @@
|
|||
80,
|
||||
8080,
|
||||
443,
|
||||
3306,
|
||||
8008
|
||||
],
|
||||
"timeout_between_iterations": 10,
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
import socket
|
||||
import logging
|
||||
import socket
|
||||
|
||||
from model.host import VictimHost
|
||||
from network import HostFinger
|
||||
from .tools import struct_unpack_tracker, struct_unpack_tracker_string
|
||||
from model.host import VictimHost
|
||||
|
||||
MYSQL_PORT = 3306
|
||||
SQL_SERVICE = 'mysqld-3306'
|
||||
|
@ -15,6 +16,9 @@ class MySQLFinger(HostFinger):
|
|||
Fingerprints mysql databases, only on port 3306
|
||||
"""
|
||||
|
||||
SOCKET_TIMEOUT = 0.5
|
||||
HEADER_SIZE = 4 # in bytes
|
||||
|
||||
def __init__(self):
|
||||
self._config = __import__('config').WormConfiguration
|
||||
|
||||
|
@ -26,15 +30,15 @@ class MySQLFinger(HostFinger):
|
|||
"""
|
||||
assert isinstance(host, VictimHost)
|
||||
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
s.settimeout(0.5)
|
||||
s.settimeout(self.SOCKET_TIMEOUT)
|
||||
|
||||
try:
|
||||
s.connect((host.ip_addr, MYSQL_PORT))
|
||||
header = s.recv(4) # max header size?
|
||||
header = s.recv(self.HEADER_SIZE) # max header size?
|
||||
|
||||
tmp, curpos = struct_unpack_tracker(header, 0, "I")
|
||||
tmp = tmp[0]
|
||||
response_length = tmp & 0xff
|
||||
response, curpos = struct_unpack_tracker(header, 0, "I")
|
||||
response = response[0]
|
||||
response_length = response & 0xff # first byte is significant
|
||||
data = s.recv(response_length)
|
||||
# now we can start parsing
|
||||
protocol, curpos = struct_unpack_tracker(data, 0, "B")
|
||||
|
@ -47,6 +51,7 @@ class MySQLFinger(HostFinger):
|
|||
|
||||
version, curpos = struct_unpack_tracker_string(data, curpos) # special coded to solve string parsing
|
||||
version = version[0]
|
||||
host.services[SQL_SERVICE] = {}
|
||||
host.services[SQL_SERVICE]['version'] = version
|
||||
version = version.split('-')[0].split('.')
|
||||
host.services[SQL_SERVICE]['major_version'] = version[0]
|
||||
|
@ -54,6 +59,8 @@ class MySQLFinger(HostFinger):
|
|||
host.services[SQL_SERVICE]['build_version'] = version[2]
|
||||
thread_id, curpos = struct_unpack_tracker(data, curpos, "<I") # ignore thread id
|
||||
|
||||
# protocol parsing taken from
|
||||
# https://nmap.org/nsedoc/scripts/mysql-info.html
|
||||
if protocol == 10:
|
||||
# new protocol
|
||||
self._parse_protocol_10(curpos, data, host)
|
||||
|
|
|
@ -32,8 +32,7 @@ def struct_unpack_tracker_string(data, index):
|
|||
"""
|
||||
ascii_len = data[index:].find('\0')
|
||||
fmt = "%ds" % ascii_len
|
||||
unpacked = struct.unpack_from(fmt, data, index)
|
||||
return unpacked, struct.calcsize(fmt)
|
||||
return struct_unpack_tracker(data,index,fmt)
|
||||
|
||||
|
||||
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||
|
|
Loading…
Reference in New Issue