p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Agent, UT: Remove --vulnerable-port CLI argument

This commit is contained in:
Shreya Malviya 2021-12-03 17:39:37 +05:30 committed by Mike Salvatore
parent 84c6f6ee01
commit db58b0b27d
15 changed files with 12 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
monkey/infection_monkey/dropper.py
View File

@ -139,7 +139,6 @@ class MonkeyDrops(object):
server=self.opts.server, server=self.opts.server,
depth=self.opts.depth, depth=self.opts.depth,
location=None, location=None,
vulnerable_port=self.opts.vulnerable_port,
) )
if OperatingSystem.Windows == SystemInfoCollector.get_os(): if OperatingSystem.Windows == SystemInfoCollector.get_os():

4
monkey/infection_monkey/exploit/hadoop.py
View File

@ -87,9 +87,7 @@ class HadoopExploiter(WebRCE):
def build_command(self, path, http_path): def build_command(self, path, http_path):
# Build command to execute # Build command to execute
monkey_cmd = build_monkey_commandline( monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, vulnerable_port=HadoopExploiter.HADOOP_PORTS[0][0]
)
if "linux" in self.host.os["type"]: if "linux" in self.host.os["type"]:
base_command = HADOOP_LINUX_COMMAND base_command = HADOOP_LINUX_COMMAND
else: else:

4
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -147,9 +147,7 @@ class MSSQLExploiter(HostExploiter):
def get_monkey_launch_command(self): def get_monkey_launch_command(self):
dst_path = get_monkey_dest_path(self.monkey_server.http_path) dst_path = get_monkey_dest_path(self.monkey_server.http_path)
# Form monkey's launch command # Form monkey's launch command
monkey_args = build_monkey_commandline( monkey_args = build_monkey_commandline(self.host, get_monkey_depth() - 1, dst_path)
self.host, get_monkey_depth() - 1, MSSQLExploiter.SQL_DEFAULT_TCP_PORT, dst_path
)
suffix = ">>{}".format(self.payload_file_path) suffix = ">>{}".format(self.payload_file_path)
prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX prefix = MSSQLExploiter.EXPLOIT_COMMAND_PREFIX
return MSSQLLimitedSizePayload( return MSSQLLimitedSizePayload(

1
monkey/infection_monkey/exploit/powershell.py
View File

@ -208,7 +208,6 @@ def build_monkey_execution_command(host: VictimHost, depth: int, executable_path
monkey_params = build_monkey_commandline( monkey_params = build_monkey_commandline(
target_host=host, target_host=host,
depth=depth, depth=depth,
vulnerable_port=None,
location=executable_path, location=executable_path,
) )

1
monkey/infection_monkey/exploit/shellshock.py
View File

@ -164,7 +164,6 @@ class ShellShockExploiter(HostExploiter):
cmdline += build_monkey_commandline( cmdline += build_monkey_commandline(
self.host, self.host,
get_monkey_depth() - 1, get_monkey_depth() - 1,
HTTPTools.get_port_from_url(url),
dropper_target_path_linux, dropper_target_path_linux,
) )
cmdline += " & " cmdline += " & "

15
monkey/infection_monkey/exploit/smbexec.py
View File

@ -28,7 +28,6 @@ class SmbExploiter(HostExploiter):
def __init__(self, host): def __init__(self, host):
super(SmbExploiter, self).__init__(host) super(SmbExploiter, self).__init__(host)
self.vulnerable_port = None
def is_os_supported(self): def is_os_supported(self):
if super(SmbExploiter, self).is_os_supported(): if super(SmbExploiter, self).is_os_supported():
@ -112,7 +111,6 @@ class SmbExploiter(HostExploiter):
logger.debug("Exploiter SmbExec is giving up...") logger.debug("Exploiter SmbExec is giving up...")
return False return False
self.set_vulnerable_port()
# execute the remote dropper in case the path isn't final # execute the remote dropper in case the path isn't final
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower(): if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % { cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {
@ -120,15 +118,12 @@ class SmbExploiter(HostExploiter):
} + build_monkey_commandline( } + build_monkey_commandline(
self.host, self.host,
get_monkey_depth() - 1, get_monkey_depth() - 1,
self.vulnerable_port,
self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_32,
) )
else: else:
cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % { cmdline = MONKEY_CMDLINE_DETACHED_WINDOWS % {
"monkey_path": remote_full_path "monkey_path": remote_full_path
} + build_monkey_commandline( } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, vulnerable_port=self.vulnerable_port
)
smb_conn = False smb_conn = False
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
@ -198,11 +193,3 @@ class SmbExploiter(HostExploiter):
) )
) )
return True return True
def set_vulnerable_port(self):
if "tcp-445" in self.host.services:
self.vulnerable_port = "445"
elif "tcp-139" in self.host.services:
self.vulnerable_port = "139"
else:
self.vulnerable_port = None

4
monkey/infection_monkey/exploit/sshexec.py
View File

@ -197,9 +197,7 @@ class SSHExploiter(HostExploiter):
try: try:
cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG) cmdline = "%s %s" % (self._config.dropper_target_path_linux, MONKEY_ARG)
cmdline += build_monkey_commandline( cmdline += build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, vulnerable_port=SSH_PORT
)
cmdline += " > /dev/null 2>&1 &" cmdline += " > /dev/null 2>&1 &"
ssh.exec_command(cmdline) ssh.exec_command(cmdline)

4
monkey/infection_monkey/exploit/tools/http_tools.py
View File

@ -80,10 +80,6 @@ class HTTPTools(object):
httpd, httpd,
) )
@staticmethod
def get_port_from_url(url: str) -> int:
return urllib.parse.urlparse(url).port
class MonkeyHTTPServer(HTTPTools): class MonkeyHTTPServer(HTTPTools):
def __init__(self, host): def __init__(self, host):

10
monkey/infection_monkey/exploit/web_rce.py
View File

@ -53,7 +53,6 @@ class WebRCE(HostExploiter):
self.skip_exist = self._config.skip_exploit_if_file_exist self.skip_exist = self._config.skip_exploit_if_file_exist
self.vulnerable_urls = [] self.vulnerable_urls = []
self.target_url = None self.target_url = None
self.vulnerable_port = None
def get_exploit_config(self): def get_exploit_config(self):
""" """
@ -106,7 +105,6 @@ class WebRCE(HostExploiter):
return False return False
self.target_url = self.get_target_url() self.target_url = self.get_target_url()
self.vulnerable_port = HTTPTools.get_port_from_url(self.target_url)
# Skip if monkey already exists and this option is given # Skip if monkey already exists and this option is given
if ( if (
@ -455,18 +453,14 @@ class WebRCE(HostExploiter):
default_path = self.get_default_dropper_path() default_path = self.get_default_dropper_path()
if default_path is False: if default_path is False:
return False return False
monkey_cmd = build_monkey_commandline( monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1, default_path)
self.host, get_monkey_depth() - 1, self.vulnerable_port, default_path
)
command = RUN_MONKEY % { command = RUN_MONKEY % {
"monkey_path": path, "monkey_path": path,
"monkey_type": DROPPER_ARG, "monkey_type": DROPPER_ARG,
"parameters": monkey_cmd, "parameters": monkey_cmd,
} }
else: else:
monkey_cmd = build_monkey_commandline( monkey_cmd = build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, self.vulnerable_port
)
command = RUN_MONKEY % { command = RUN_MONKEY % {
"monkey_path": path, "monkey_path": path,
"monkey_type": MONKEY_ARG, "monkey_type": MONKEY_ARG,

5
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -289,15 +289,12 @@ class Ms08_067_Exploiter(HostExploiter):
} + build_monkey_commandline( } + build_monkey_commandline(
self.host, self.host,
get_monkey_depth() - 1, get_monkey_depth() - 1,
SRVSVC_Exploit.TELNET_PORT,
self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_32,
) )
else: else:
cmdline = MONKEY_CMDLINE_WINDOWS % { cmdline = MONKEY_CMDLINE_WINDOWS % {
"monkey_path": remote_full_path "monkey_path": remote_full_path
} + build_monkey_commandline( } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, vulnerable_port=SRVSVC_Exploit.TELNET_PORT
)
try: try:
sock.send(("start %s\r\n" % (cmdline,)).encode()) sock.send(("start %s\r\n" % (cmdline,)).encode())

6
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -20,7 +20,6 @@ class WmiExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"] _TARGET_OS_TYPE = ["windows"]
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)" _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
VULNERABLE_PORT = 135
def __init__(self, host): def __init__(self, host):
super(WmiExploiter, self).__init__(host) super(WmiExploiter, self).__init__(host)
@ -113,15 +112,12 @@ class WmiExploiter(HostExploiter):
} + build_monkey_commandline( } + build_monkey_commandline(
self.host, self.host,
get_monkey_depth() - 1, get_monkey_depth() - 1,
WmiExploiter.VULNERABLE_PORT,
self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_32,
) )
else: else:
cmdline = MONKEY_CMDLINE_WINDOWS % { cmdline = MONKEY_CMDLINE_WINDOWS % {
"monkey_path": remote_full_path "monkey_path": remote_full_path
} + build_monkey_commandline( } + build_monkey_commandline(self.host, get_monkey_depth() - 1)
self.host, get_monkey_depth() - 1, WmiExploiter.VULNERABLE_PORT
)
# execute the remote monkey # execute the remote monkey
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create( result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(

1
monkey/infection_monkey/exploit/zerologon.py
View File

@ -36,7 +36,6 @@ class ZerologonExploiter(HostExploiter):
def __init__(self, host: object): def __init__(self, host: object):
super().__init__(host) super().__init__(host)
self.vulnerable_port = None
self.exploit_info["credentials"] = {} self.exploit_info["credentials"] = {}
self.exploit_info["password_restored"] = None self.exploit_info["password_restored"] = None
self._extracted_creds = {} self._extracted_creds = {}

1
monkey/infection_monkey/monkey.py
View File

@ -50,7 +50,6 @@ class InfectionMonkey:
arg_parser.add_argument("-t", "--tunnel") arg_parser.add_argument("-t", "--tunnel")
arg_parser.add_argument("-s", "--server") arg_parser.add_argument("-s", "--server")
arg_parser.add_argument("-d", "--depth", type=int) arg_parser.add_argument("-d", "--depth", type=int)
arg_parser.add_argument("-vp", "--vulnerable-port")
opts, _ = arg_parser.parse_known_args(args) opts, _ = arg_parser.parse_known_args(args)
InfectionMonkey._log_arguments(opts) InfectionMonkey._log_arguments(opts)
return opts return opts

9
monkey/infection_monkey/utils/commands.py
View File

@ -3,9 +3,7 @@ from infection_monkey.model import CMD_CARRY_OUT, CMD_EXE, MONKEY_ARG
from infection_monkey.model.host import VictimHost from infection_monkey.model.host import VictimHost
def build_monkey_commandline( def build_monkey_commandline(target_host: VictimHost, depth: int, location: str = None) -> str:
target_host: VictimHost, depth: int, vulnerable_port: str, location: str = None
) -> str:
return " " + " ".join( return " " + " ".join(
build_monkey_commandline_explicitly( build_monkey_commandline_explicitly(
@ -14,7 +12,6 @@ def build_monkey_commandline(
target_host.default_server, target_host.default_server,
depth, depth,
location, location,
vulnerable_port,
) )
) )
@ -25,7 +22,6 @@ def build_monkey_commandline_explicitly(
server: str = None, server: str = None,
depth: int = None, depth: int = None,
location: str = None, location: str = None,
vulnerable_port: str = None,
) -> list: ) -> list:
cmdline = [] cmdline = []
@ -46,9 +42,6 @@ def build_monkey_commandline_explicitly(
if location is not None: if location is not None:
cmdline.append("-l") cmdline.append("-l")
cmdline.append(str(location)) cmdline.append(str(location))
if vulnerable_port is not None:
cmdline.append("-vp")
cmdline.append(str(vulnerable_port))
return cmdline return cmdline

10
monkey/tests/unit_tests/infection_monkey/utils/test_commands.py
View File

@ -20,11 +20,9 @@ def test_build_monkey_commandline_explicitly_arguments():
"0", "0",
"-l", "-l",
"C:\\windows\\abc", "C:\\windows\\abc",
"-vp",
"80",
] ]
actual = build_monkey_commandline_explicitly( actual = build_monkey_commandline_explicitly(
"101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc", "80" "101010", "10.10.101.10", "127.127.127.127:5000", 0, "C:\\windows\\abc"
) )
assert expected == actual assert expected == actual
@ -100,9 +98,7 @@ def test_build_monkey_commandline():
example_host = VictimHost(ip_addr="bla") example_host = VictimHost(ip_addr="bla")
example_host.set_default_server("101010") example_host.set_default_server("101010")
expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla -vp 80" expected = f" -p {GUID} -s 101010 -d 0 -l /home/bla"
actual = build_monkey_commandline( actual = build_monkey_commandline(target_host=example_host, depth=0, location="/home/bla")
target_host=example_host, depth=0, vulnerable_port="80", location="/home/bla"
)
assert expected == actual assert expected == actual