forked from p15670423/monkey
Agent: Refactor mssqlexec.py to use agent repository
This commit is contained in:
parent
50a8bf8f4a
commit
ae8e0b6dbb
|
@ -9,7 +9,7 @@ from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
|
||||||
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.tools.helpers import get_monkey_dest_path, try_get_target_monkey
|
from infection_monkey.exploit.tools.helpers import get_agent_dest_path, try_get_target_monkey
|
||||||
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
from infection_monkey.exploit.tools.http_tools import HTTPTools
|
||||||
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
from infection_monkey.exploit.tools.payload_parsing import LimitedSizePayload
|
||||||
from infection_monkey.i_puppet import ExploiterResultData
|
from infection_monkey.i_puppet import ExploiterResultData
|
||||||
|
@ -139,9 +139,9 @@ class MSSQLExploiter(HostExploiter):
|
||||||
self.run_mssql_command(tmp_dir_removal_command)
|
self.run_mssql_command(tmp_dir_removal_command)
|
||||||
|
|
||||||
def start_monkey_server(self) -> LockedHTTPServer:
|
def start_monkey_server(self) -> LockedHTTPServer:
|
||||||
monkey_src = try_get_target_monkey(self.host)
|
dst_path = get_agent_dest_path(self.host, self.options)
|
||||||
self.agent_http_path, http_thread = HTTPTools.create_locked_transfer(
|
self.agent_http_path, http_thread = HTTPTools.create_locked_transfer(
|
||||||
self.host, monkey_src, self.agent_repository
|
self.host, dst_path, self.agent_repository
|
||||||
)
|
)
|
||||||
return http_thread
|
return http_thread
|
||||||
|
|
||||||
|
@ -156,7 +156,7 @@ class MSSQLExploiter(HostExploiter):
|
||||||
return monkey_download_command
|
return monkey_download_command
|
||||||
|
|
||||||
def get_monkey_launch_command(self):
|
def get_monkey_launch_command(self):
|
||||||
dst_path = get_monkey_dest_path(self.agent_http_path)
|
dst_path = get_agent_dest_path(self.host, self.options)
|
||||||
# Form monkey's launch command
|
# Form monkey's launch command
|
||||||
monkey_args = build_monkey_commandline(self.host, self.current_depth - 1, dst_path)
|
monkey_args = build_monkey_commandline(self.host, self.current_depth - 1, dst_path)
|
||||||
suffix = ">>{}".format(self.payload_file_path)
|
suffix = ">>{}".format(self.payload_file_path)
|
||||||
|
@ -168,7 +168,7 @@ class MSSQLExploiter(HostExploiter):
|
||||||
)
|
)
|
||||||
|
|
||||||
def get_monkey_download_command(self):
|
def get_monkey_download_command(self):
|
||||||
dst_path = get_monkey_dest_path(self.agent_http_path)
|
dst_path = get_agent_dest_path(self.host, self.options)
|
||||||
monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.format(
|
monkey_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.format(
|
||||||
http_path=self.agent_http_path, dst_path=dst_path
|
http_path=self.agent_http_path, dst_path=dst_path
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,4 +1,7 @@
|
||||||
import logging
|
import logging
|
||||||
|
from typing import Mapping, Any
|
||||||
|
|
||||||
|
from infection_monkey.model import VictimHost
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
@ -26,31 +29,8 @@ def get_monkey_depth():
|
||||||
return WormConfiguration.depth
|
return WormConfiguration.depth
|
||||||
|
|
||||||
|
|
||||||
def get_monkey_dest_path(url_to_monkey):
|
def get_agent_dest_path(host: VictimHost, options: Mapping[str, Any]) -> str:
|
||||||
"""
|
if host.os["type"] == "windows":
|
||||||
Gets destination path from monkey's source url.
|
return options["dropper_target_path_win_64"]
|
||||||
:param url_to_monkey: Hosted monkey's url. egz : http://localserver:9999/monkey/windows-64.exe
|
else:
|
||||||
:return: Corresponding monkey path from configuration
|
return options["dropper_target_path_linux"]
|
||||||
"""
|
|
||||||
from infection_monkey.config import WormConfiguration
|
|
||||||
|
|
||||||
if not url_to_monkey or ("linux" not in url_to_monkey and "windows" not in url_to_monkey):
|
|
||||||
logger.error("Can't get destination path because source path %s is invalid.", url_to_monkey)
|
|
||||||
return False
|
|
||||||
try:
|
|
||||||
if "linux" in url_to_monkey:
|
|
||||||
return WormConfiguration.dropper_target_path_linux
|
|
||||||
elif "windows-64" in url_to_monkey:
|
|
||||||
return WormConfiguration.dropper_target_path_win_64
|
|
||||||
else:
|
|
||||||
logger.error(
|
|
||||||
"Could not figure out what type of monkey server was trying to upload, "
|
|
||||||
"thus destination path can not be chosen."
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
except AttributeError:
|
|
||||||
logger.error(
|
|
||||||
"Seems like monkey's source configuration property names changed. "
|
|
||||||
"Can not get destination path to upload monkey"
|
|
||||||
)
|
|
||||||
return False
|
|
||||||
|
|
Loading…
Reference in New Issue