From 79e6a440081dbb18a450d9f6f397a2b2acbd1cb7 Mon Sep 17 00:00:00 2001
From: Daniel Goldberg <danielg@guardicore.com>
Date: Mon, 25 Sep 2017 17:34:19 +0300
Subject: [PATCH] Fix CR comments, see
 https://github.com/guardicore/monkey/pull/47#pullrequestreview-64871377

---
 chaos_monkey/config.py              | 22 ++++++++++++----------
 chaos_monkey/example.conf           |  1 +
 chaos_monkey/network/mysqlfinger.py | 21 ++++++++++++++-------
 chaos_monkey/network/tools.py       |  3 +--
 4 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/chaos_monkey/config.py b/chaos_monkey/config.py
index b0f615552..33c514190 100644
--- a/chaos_monkey/config.py
+++ b/chaos_monkey/config.py
@@ -1,13 +1,14 @@
 import os
 import sys
-from network.range import FixedRange, RelativeRange, ClassCRange
-from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter,\
-    SambaCryExploiter
-from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger
+import types
+import uuid
 from abc import ABCMeta
 from itertools import product
-import uuid
-import types
+
+from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter, \
+    SambaCryExploiter
+from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger, MySQLFinger
+from network.range import FixedRange
 
 __author__ = 'itamar'
 
@@ -15,6 +16,7 @@ GUID = str(uuid.getnode())
 
 EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
 
+
 def _cast_by_example(value, example):
     """
     a method that casts a value to the type of the parameter given as example
@@ -178,7 +180,7 @@ class Configuration(object):
 
     range_class = FixedRange
     range_size = 1
-    range_fixed = ['',]
+    range_fixed = ['10.0.1.63', ]
 
     blocked_ips = ['', ]
 
@@ -186,7 +188,7 @@ class Configuration(object):
     HTTP_PORTS = [80, 8080, 443,
                   8008,  # HTTP alternate
                   ]
-    tcp_target_ports = [22, 2222, 445, 135, 3389]
+    tcp_target_ports = [22, 2222, 445, 135, 3389, 3306, ]
     tcp_target_ports.extend(HTTP_PORTS)
     tcp_scan_timeout = 3000  # 3000 Milliseconds
     tcp_scan_interval = 200
@@ -217,7 +219,7 @@ class Configuration(object):
     exploit_password_list = ["Password1!", "1234", "password", "12345678"]
 
     # smb/wmi exploiter
-    smb_download_timeout = 300 # timeout in seconds
+    smb_download_timeout = 300  # timeout in seconds
     smb_service_name = "InfectionMonkey"
 
     # Timeout (in seconds) for sambacry's trigger to yield results.
@@ -243,7 +245,6 @@ class Configuration(object):
     # Monkey copy filename on share (64 bit)
     sambacry_monkey_copy_filename_64 = "monkey64_2"
 
-
     # system info collection
     collect_system_info = True
 
@@ -253,4 +254,5 @@ class Configuration(object):
 
     mimikatz_dll_name = "mk.dll"
 
+
 WormConfiguration = Configuration()
diff --git a/chaos_monkey/example.conf b/chaos_monkey/example.conf
index 55a716c7c..6ef9558ae 100644
--- a/chaos_monkey/example.conf
+++ b/chaos_monkey/example.conf
@@ -84,6 +84,7 @@
         80,
         8080,
         443,
+        3306,
         8008
     ],
     "timeout_between_iterations": 10,
diff --git a/chaos_monkey/network/mysqlfinger.py b/chaos_monkey/network/mysqlfinger.py
index 0bda6c5ac..39baa05ac 100644
--- a/chaos_monkey/network/mysqlfinger.py
+++ b/chaos_monkey/network/mysqlfinger.py
@@ -1,8 +1,9 @@
-import socket
 import logging
+import socket
+
+from model.host import VictimHost
 from network import HostFinger
 from .tools import struct_unpack_tracker, struct_unpack_tracker_string
-from model.host import VictimHost
 
 MYSQL_PORT = 3306
 SQL_SERVICE = 'mysqld-3306'
@@ -15,6 +16,9 @@ class MySQLFinger(HostFinger):
         Fingerprints mysql databases, only on port 3306
     """
 
+    SOCKET_TIMEOUT = 0.5
+    HEADER_SIZE = 4  # in bytes
+
     def __init__(self):
         self._config = __import__('config').WormConfiguration
 
@@ -26,15 +30,15 @@ class MySQLFinger(HostFinger):
         """
         assert isinstance(host, VictimHost)
         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        s.settimeout(0.5)
+        s.settimeout(self.SOCKET_TIMEOUT)
 
         try:
             s.connect((host.ip_addr, MYSQL_PORT))
-            header = s.recv(4)  # max header size?
+            header = s.recv(self.HEADER_SIZE)  # max header size?
 
-            tmp, curpos = struct_unpack_tracker(header, 0, "I")
-            tmp = tmp[0]
-            response_length = tmp & 0xff
+            response, curpos = struct_unpack_tracker(header, 0, "I")
+            response = response[0]
+            response_length = response & 0xff  # first byte is significant
             data = s.recv(response_length)
             # now we can start parsing
             protocol, curpos = struct_unpack_tracker(data, 0, "B")
@@ -47,6 +51,7 @@ class MySQLFinger(HostFinger):
 
             version, curpos = struct_unpack_tracker_string(data, curpos)  # special coded to solve string parsing
             version = version[0]
+            host.services[SQL_SERVICE] = {}
             host.services[SQL_SERVICE]['version'] = version
             version = version.split('-')[0].split('.')
             host.services[SQL_SERVICE]['major_version'] = version[0]
@@ -54,6 +59,8 @@ class MySQLFinger(HostFinger):
             host.services[SQL_SERVICE]['build_version'] = version[2]
             thread_id, curpos = struct_unpack_tracker(data, curpos, "<I")  # ignore thread id
 
+            # protocol parsing taken from
+            # https://nmap.org/nsedoc/scripts/mysql-info.html
             if protocol == 10:
                 # new protocol
                 self._parse_protocol_10(curpos, data, host)
diff --git a/chaos_monkey/network/tools.py b/chaos_monkey/network/tools.py
index 3d7fe64ef..66f4eef57 100644
--- a/chaos_monkey/network/tools.py
+++ b/chaos_monkey/network/tools.py
@@ -32,8 +32,7 @@ def struct_unpack_tracker_string(data, index):
     """
     ascii_len = data[index:].find('\0')
     fmt = "%ds" % ascii_len
-    unpacked = struct.unpack_from(fmt, data, index)
-    return unpacked, struct.calcsize(fmt)
+    return struct_unpack_tracker(data,index,fmt)
 
 
 def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):