Resolved string templating in dropper and windows_upgrader.

monkey/infection_monkey/dropper.py

@@ -12,11 +12,13 @@ from ctypes import c_char_p
 
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from infection_monkey.config import WormConfiguration
-from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
-from infection_monkey.model import MONKEY_CMDLINE_LINUX, MONKEY_CMDLINE_WINDOWS
 from infection_monkey.system_info import OperatingSystem, SystemInfoCollector
 from infection_monkey.telemetry.attack.t1106_telem import T1106Telem
-from infection_monkey.utils.commands import get_monkey_cmd_lines_linux, get_monkey_cmd_lines_windows
+from infection_monkey.utils.commands import (
+    build_monkey_commandline_explicitly,
+    get_monkey_cmd_lines_linux,
+    get_monkey_cmd_lines_windows,
+)
 
 if "win32" == sys.platform:
     from win32process import DETACHED_PROCESS
@@ -143,15 +145,13 @@ class MonkeyDrops(object):
         )
 
         if OperatingSystem.Windows == SystemInfoCollector.get_os():
-            # TODO: Replace all of this string templating with a function that accepts
-            #       the necessary parameters and returns a list of arguments.
 
-            monkey_cmdline, monkey_cmdline_split = get_monkey_cmd_lines_windows(
+            monkey_cmdline = get_monkey_cmd_lines_windows(
-                MONKEY_CMDLINE_WINDOWS, self._config["destination_path"], monkey_options
+                self._config["destination_path"], monkey_options
             )
 
             monkey_process = subprocess.Popen(
-                monkey_cmdline_split,
+                monkey_cmdline,
                 stdin=subprocess.PIPE,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
@@ -162,15 +162,13 @@ class MonkeyDrops(object):
             dest_path = self._config["destination_path"]
             # In Linux, we need to change the directory first, which is done
             # using thw `cwd` argument in `subprocess.Popen` below
-            # TODO: Replace all of this string templating with a function that accepts
-            #       the necessary parameters and returns a list of arguments.
 
-            monkey_cmdline, monkey_cmdline_split = get_monkey_cmd_lines_linux(
+            monkey_cmdline = get_monkey_cmd_lines_linux(dest_path, monkey_options)
-                MONKEY_CMDLINE_LINUX, dest_path, monkey_options
+
-            )
+            LOG.info("Commands of monkey cmdline_split %s", monkey_cmdline)
 
             monkey_process = subprocess.Popen(
-                monkey_cmdline_split,
+                monkey_cmdline,
                 stdin=subprocess.PIPE,
                 stdout=subprocess.PIPE,
                 stderr=subprocess.PIPE,
@@ -182,7 +180,7 @@ class MonkeyDrops(object):
         LOG.info(
             "Executed monkey process (PID=%d) with command line: %s",
             monkey_process.pid,
-            monkey_cmdline,
+            " ".join(monkey_cmdline),
         )
 
         time.sleep(3)

monkey/infection_monkey/exploit/hadoop.py

@@ -13,7 +13,7 @@ from random import SystemRandom
 import requests
 
 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from infection_monkey.exploit.tools.helpers import build_monkey_commandline, get_monkey_depth
+from infection_monkey.exploit.tools.helpers import get_monkey_depth
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.model import (
@@ -22,6 +22,7 @@ from infection_monkey.model import (
     ID_STRING,
     MONKEY_ARG,
 )
+from infection_monkey.utils.commands import build_monkey_commandline
 
 __author__ = "VakarisZ"
 

monkey/infection_monkey/exploit/mssqlexec.py

@@ -8,14 +8,11 @@ import pymssql
 from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
 from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_monkey_dest_path
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_monkey_dest_path,
-)
 from infection_monkey.exploit.tools.http_tools import MonkeyHTTPServer
 from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
 from infection_monkey.model import DROPPER_ARG
+from infection_monkey.utils.commands import build_monkey_commandline
 
 LOG = logging.getLogger(__name__)
 

monkey/infection_monkey/exploit/sambacry.py

@@ -36,16 +36,13 @@ from impacket.smbconnection import SMBConnection
 import infection_monkey.monkeyfs as monkeyfs
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey_by_os
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey_by_os,
-)
 from infection_monkey.model import DROPPER_ARG
 from infection_monkey.network.smbfinger import SMB_SERVICE
 from infection_monkey.network.tools import get_interface_to_target
 from infection_monkey.pyinstaller_utils import get_binary_file_path
 from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 __author__ = "itay.mizeretz"
 

monkey/infection_monkey/exploit/shellshock.py

@@ -10,14 +10,11 @@ import requests
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.shellshock_resources import CGI_FILES
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.model import DROPPER_ARG
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 __author__ = "danielg"
 

monkey/infection_monkey/exploit/smbexec.py

@@ -5,16 +5,13 @@ from impacket.dcerpc.v5 import scmr, transport
 from common.utils.attack_utils import ScanStatus, UsageEnum
 from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.model import DROPPER_CMDLINE_DETACHED_WINDOWS, MONKEY_CMDLINE_DETACHED_WINDOWS
 from infection_monkey.network.smbfinger import SMBFinger
 from infection_monkey.network.tools import check_tcp_port
 from infection_monkey.telemetry.attack.t1035_telem import T1035Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 LOG = getLogger(__name__)
 

monkey/infection_monkey/exploit/sshexec.py

@@ -9,15 +9,12 @@ from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
 from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.model import MONKEY_ARG
 from infection_monkey.network.tools import check_tcp_port, get_interface_to_target
 from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 __author__ = "hoffer"
 

monkey/infection_monkey/exploit/tools/helpers.py

@@ -45,42 +45,6 @@ def get_target_monkey_by_os(is_windows, is_32bit):
     return ControlClient.download_monkey_exe_by_os(is_windows, is_32bit)
 
 
-def build_monkey_commandline_explicitly(
-    parent=None, tunnel=None, server=None, depth=None, location=None, vulnerable_port=None
-):
-    cmdline = ""
-
-    if parent is not None:
-        cmdline += f" -p {parent}"
-    if tunnel is not None:
-        cmdline += f" -t {tunnel}"
-    if server is not None:
-        cmdline += f" -s {server}"
-    if depth is not None:
-        if int(depth) < 0:
-            depth = 0
-        cmdline += f" -d {depth}"
-    if location is not None:
-        cmdline += f" -l {location}"
-    if vulnerable_port is not None:
-        cmdline += f" -vp {vulnerable_port}"
-
-    return cmdline
-
-
-def build_monkey_commandline(target_host, depth, vulnerable_port, location=None):
-    from infection_monkey.config import GUID
-
-    return build_monkey_commandline_explicitly(
-        GUID,
-        target_host.default_tunnel,
-        target_host.default_server,
-        depth,
-        location,
-        vulnerable_port,
-    )
-
-
 def get_monkey_depth():
     from infection_monkey.config import WormConfiguration
 

monkey/infection_monkey/exploit/vsftpd.py

@@ -11,11 +11,7 @@ from logging import getLogger
 
 from common.utils.attack_utils import ScanStatus
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.model import (
     CHMOD_MONKEY,
@@ -25,6 +21,7 @@ from infection_monkey.model import (
     WGET_HTTP_UPLOAD,
 )
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 LOG = getLogger(__name__)
 

monkey/infection_monkey/exploit/web_rce.py

@@ -5,11 +5,7 @@ from posixpath import join
 
 from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.model import (
     BITSADMIN_CMDLINE_HTTP,
@@ -28,6 +24,7 @@ from infection_monkey.model import (
 from infection_monkey.network.tools import tcp_port_to_service
 from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
 from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
+from infection_monkey.utils.commands import build_monkey_commandline
 
 __author__ = "VakarisZ"
 

monkey/infection_monkey/exploit/win_ms08_067.py

@@ -16,15 +16,12 @@ from impacket.dcerpc.v5 import transport
 
 from common.utils.shellcode_obfuscator import clarify
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
 from infection_monkey.network.smbfinger import SMBFinger
 from infection_monkey.network.tools import check_tcp_port
+from infection_monkey.utils.commands import build_monkey_commandline
 from infection_monkey.utils.random_password_generator import get_random_password
 
 LOG = getLogger(__name__)

monkey/infection_monkey/exploit/wmiexec.py

@@ -7,14 +7,11 @@ from impacket.dcerpc.v5.rpcrt import DCERPCException
 
 from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import (
+from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-    build_monkey_commandline,
-    get_monkey_depth,
-    get_target_monkey,
-)
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
 from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
+from infection_monkey.utils.commands import build_monkey_commandline
 
 LOG = logging.getLogger(__name__)
 

monkey/infection_monkey/model/__init__.py

@@ -7,7 +7,9 @@ DROPPER_ARG = "dr0pp3r"
 ID_STRING = "M0NK3Y3XPL0ITABLE"
 
 # CMD prefix for windows commands
-CMD_PREFIX = "cmd.exe /c"
+CMD_EXE = "cmd.exe"
+CMD_CARRY_OUT = "/c"
+CMD_PREFIX = CMD_EXE + " " + CMD_CARRY_OUT
 DROPPER_CMDLINE_WINDOWS = "%s %%(dropper_path)s %s" % (
     CMD_PREFIX,
     DROPPER_ARG,
@@ -16,7 +18,6 @@ MONKEY_CMDLINE_WINDOWS = "%s %%(monkey_path)s %s" % (
     CMD_PREFIX,
     MONKEY_ARG,
 )
-MONKEY_CMDLINE_LINUX = "./%%(monkey_filename)s %s" % (MONKEY_ARG,)
 DROPPER_CMDLINE_DETACHED_WINDOWS = "%s start cmd /c %%(dropper_path)s %s" % (
     CMD_PREFIX,
     DROPPER_ARG,

monkey/infection_monkey/utils/commands.py

@@ -1,15 +1,61 @@
-import shlex
+import logging
+
+from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
+
+LOG = logging.getLogger(__name__)
 
 
-def get_monkey_cmd_lines_windows(monkey_cmdline_windows, destination_path, monkey_options):
+def build_monkey_commandline(target_host, depth, vulnerable_port, location=None):
-    monkey_cmdline = monkey_cmdline_windows % {"monkey_path": destination_path} + monkey_options
+    from infection_monkey.config import GUID
 
-    return monkey_cmdline, shlex.split(monkey_cmdline, posix=False)
+    return "".join(
-
+        build_monkey_commandline_explicitly(
-
+            GUID,
-def get_monkey_cmd_lines_linux(monkey_cmdline_linux, destination_path, monkey_options):
+            target_host.default_tunnel,
-    monkey_cmdline = (
+            target_host.default_server,
-        monkey_cmdline_linux % {"monkey_filename": destination_path.split("/")[-1]} + monkey_options
+            depth,
+            location,
+            vulnerable_port,
+        )
     )
 
-    return monkey_cmdline, shlex.split(monkey_cmdline, posix=False)
+
+def build_monkey_commandline_explicitly(
+    parent=None, tunnel=None, server=None, depth=None, location=None, vulnerable_port=None
+):
+    cmdline = []
+
+    if parent is not None:
+        cmdline.append("-p")
+        cmdline.append(f"{parent}")
+    if tunnel is not None:
+        cmdline.append("-t")
+        cmdline.append(f"{tunnel}")
+    if server is not None:
+        cmdline.append("-s")
+        cmdline.append(f"{server}")
+    if depth is not None:
+        if int(depth) < 0:
+            depth = 0
+        cmdline.append("-d")
+        cmdline.append(f"{depth}")
+    if location is not None:
+        cmdline.append("-l")
+        cmdline.append(f"{location}")
+    if vulnerable_port is not None:
+        cmdline.append("-vp")
+        cmdline.append(f"{vulnerable_port}")
+
+    return cmdline
+
+
+def get_monkey_cmd_lines_windows(destination_path, monkey_options):
+    monkey_cmdline = [CMD_EXE, CMD_CARRY_OUT, destination_path, MONKEY_ARG]
+
+    return monkey_cmdline + monkey_options
+
+
+def get_monkey_cmd_lines_linux(destination_path, monkey_options):
+    monkey_cmdline = [destination_path.split("/")[-1], MONKEY_ARG]
+
+    return monkey_cmdline + monkey_options

monkey/infection_monkey/windows_upgrader.py

@@ -1,5 +1,4 @@
 import logging
-import shlex
 import shutil
 import subprocess
 import sys
@@ -8,8 +7,10 @@ import time
 import infection_monkey.monkeyfs as monkeyfs
 from infection_monkey.config import WormConfiguration
 from infection_monkey.control import ControlClient
-from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
+from infection_monkey.utils.commands import (
-from infection_monkey.model import MONKEY_CMDLINE_WINDOWS
+    build_monkey_commandline_explicitly,
+    get_monkey_cmd_lines_windows,
+)
 from infection_monkey.utils.environment import is_64bit_python, is_64bit_windows_os, is_windows_os
 
 __author__ = "itay.mizeretz"
@@ -46,20 +47,12 @@ class WindowsUpgrader(object):
             opts.parent, opts.tunnel, opts.server, opts.depth
         )
 
-        # TODO: Replace all of this string templating with a function that accepts
+        monkey_cmdline = get_monkey_cmd_lines_windows(
-        #       the necessary parameters and returns a list of arguments.
+            WormConfiguration.dropper_target_path_win_64, monkey_options
-        monkey_cmdline = (
-            MONKEY_CMDLINE_WINDOWS % {"monkey_path": WormConfiguration.dropper_target_path_win_64}
-            + monkey_options
-        )
-
-        monkey_cmdline_split = shlex.split(
-            monkey_cmdline,
-            posix=False,  # won't try resolving "\" in paths as part of escape sequences
         )
 
         monkey_process = subprocess.Popen(
-            monkey_cmdline_split,
+            monkey_cmdline,
             stdin=None,
             stdout=None,
             stderr=None,
@@ -70,7 +63,7 @@ class WindowsUpgrader(object):
         LOG.info(
             "Executed 64bit monkey process (PID=%d) with command line: %s",
             monkey_process.pid,
-            monkey_cmdline,
+            "".join(monkey_cmdline),
         )
 
         time.sleep(WindowsUpgrader.__UPGRADE_WAIT_TIME__)

monkey/tests/unit_tests/infection_monkey/utils/test_commands.py

@@ -1,16 +1,29 @@
 import unittest
 
-from infection_monkey.exploit.tools.helpers import build_monkey_commandline_explicitly
+from infection_monkey.utils.commands import build_monkey_commandline_explicitly
 
 
 class TestHelpers(unittest.TestCase):
     def test_build_monkey_commandline_explicitly(self):
-        test1 = " -p 101010 -t 10.10.101.10 -s 127.127.127.127:5000 -d 0 -l C:\\windows\\abc -vp 80"
+        test1 = [
+            "-p",
+            "101010",
+            "-t",
+            "10.10.101.10",
+            "-s",
+            "127.127.127.127:5000",
+            "-d",
+            "0",
+            "-l",
+            "C:\\windows\\abc",
+            "-vp",
+            "80",
+        ]
         result1 = build_monkey_commandline_explicitly(
             101010, "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", 80
         )
 
-        test2 = " -p parent -s 127.127.127.127:5000 -d 0 -vp 80"
+        test2 = ["-p", "parent", "-s", "127.127.127.127:5000", "-d", "0", "-vp", "80"]
         result2 = build_monkey_commandline_explicitly(
             parent="parent", server="127.127.127.127:5000", depth="0", vulnerable_port="80"
         )