p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

More python3 outdated decorators and bytes-string mixup fixes

This commit is contained in:
VakarisZ 2019-10-21 17:38:39 +03:00
parent c0f661d337
commit 3d332c7d66
9 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
monkey/common/cloud/aws_instance.py
View File

@ -27,16 +27,17 @@ class AwsInstance(object):
try:
self.instance_id = urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read()
AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/instance-id', timeout=2).read().decode()
self.region = self._parse_region(
urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read())
urllib.request.urlopen(AWS_LATEST_METADATA_URI_PREFIX + 'meta-data/placement/availability-zone').read().
decode())
except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting metadata: {}".format(e))
try:
self.account_id = self._extract_account_id(
urllib.request.urlopen(
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read())
AWS_LATEST_METADATA_URI_PREFIX + 'dynamic/instance-identity/document', timeout=2).read().decode())
except (urllib.error.URLError, IOError) as e:
logger.debug("Failed init of AwsInstance while getting dynamic instance data: {}".format(e))

2
monkey/infection_monkey/exploit/sshexec.py
View File

@ -125,7 +125,7 @@ class SSHExploiter(HostExploiter):
if not self.host.os.get('type'):
try:
_, stdout, _ = ssh.exec_command('uname -o')
uname_os = stdout.read().lower().strip()
uname_os = stdout.read().lower().strip().decode()
if 'linux' in uname_os:
self.host.os['type'] = 'linux'
else:

5
monkey/infection_monkey/exploit/struts2.py
View File

@ -79,9 +79,6 @@ class Struts2Exploiter(WebRCE):
"(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))." \
"(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))." \
"(#ros.flush())}" % cmd
# Turns payload ascii just for consistency
if isinstance(payload, str):
payload = unicodedata.normalize('NFKD', payload).encode('ascii', 'ignore')
headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
try:
request = urllib.request.Request(url, headers=headers)
@ -91,6 +88,6 @@ class Struts2Exploiter(WebRCE):
# If url does not exist
return False
except http.client.IncompleteRead as e:
page = e.partial
page = e.partial.decode()
return page

1
monkey/infection_monkey/monkey.spec
View File

@ -38,6 +38,7 @@ def main():
debug=False,
strip=get_exe_strip(),
upx=True,
upx_exclude=['vcruntime140.dll'],
console=True,
icon=get_exe_icon())

2
monkey/infection_monkey/network/tools.py
View File

@ -71,7 +71,7 @@ def check_tcp_port(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
if get_banner:
read_ready, _, _ = select.select([sock], [], [], timeout)
if len(read_ready) > 0:
banner = sock.recv(BANNER_READ)
banner = sock.recv(BANNER_READ).decode()
except socket.error:
pass

2
monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py
View File

@ -38,7 +38,7 @@ class CommunicateAsNewUser(PBA):
exit_status = new_user.run_as(ping_commandline)
self.send_ping_result_telemetry(exit_status, ping_commandline, username)
except subprocess.CalledProcessError as e:
PostBreachTelem(self, (e.output, False)).send()
PostBreachTelem(self, (e.output.decode(), False)).send()
except NewUserError as e:
PostBreachTelem(self, (str(e), False)).send()

5
monkey/infection_monkey/post_breach/pba.py
View File

@ -14,6 +14,7 @@ __author__ = 'VakarisZ'
EXECUTION_WITHOUT_OUTPUT = "(PBA execution produced no output)"
class PBA(object):
"""
Post breach action object. Can be extended to support more than command execution on target machine.
@ -75,13 +76,13 @@ class PBA(object):
:return: Tuple of command's output string and boolean, indicating if it succeeded
"""
try:
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True)
output = subprocess.check_output(self.command, stderr=subprocess.STDOUT, shell=True).decode()
if not output:
output = EXECUTION_WITHOUT_OUTPUT
return output, True
except subprocess.CalledProcessError as e:
# Return error output of the command
return e.output, False
return e.output.decode(), False
@staticmethod
def choose_command(linux_cmd, windows_cmd):

4
monkey/monkey_island/cc/resources/remote_run.py
View File

@ -34,10 +34,10 @@ class RemoteRun(flask_restful.Resource):
try:
resp['instances'] = AwsService.get_instances()
except NoCredentialsError as e:
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e.message)
resp['error'] = NO_CREDS_ERROR_FORMAT.format(e)
return jsonify(resp)
except ClientError as e:
resp['error'] = CLIENT_ERROR_FORMAT.format(e.message)
resp['error'] = CLIENT_ERROR_FORMAT.format(e)
return jsonify(resp)
return jsonify(resp)

12
monkey/monkey_island/cc/services/attack/technique_reports/__init__.py
View File

@ -12,28 +12,32 @@ logger = logging.getLogger(__name__)
class AttackTechnique(object, metaclass=abc.ABCMeta):
""" Abstract class for ATT&CK report components """
@abc.abstractproperty
@property
@abc.abstractmethod
def unscanned_msg(self):
"""
:return: Message that will be displayed in case attack technique was not scanned.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def scanned_msg(self):
"""
:return: Message that will be displayed in case attack technique was scanned.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def used_msg(self):
"""
:return: Message that will be displayed in case attack technique was used by the scanner.
"""
pass
@abc.abstractproperty
@property
@abc.abstractmethod
def tech_id(self):
"""
:return: Message that will be displayed in case of attack technique not being scanned.