diff --git a/monkey/infection_monkey/exploit/web_rce.py b/monkey/infection_monkey/exploit/web_rce.py index 5c315e61d..e03004942 100644 --- a/monkey/infection_monkey/exploit/web_rce.py +++ b/monkey/infection_monkey/exploit/web_rce.py @@ -1,11 +1,10 @@ import logging -import re from abc import abstractmethod from posixpath import join from typing import List, Tuple from common.utils.attack_utils import BITS_UPLOAD_STRING, ScanStatus -from infection_monkey.exploit.consts import WIN_ARCH_32, WIN_ARCH_64 +from infection_monkey.exploit.consts import WIN_ARCH_64 from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey from infection_monkey.exploit.tools.http_tools import HTTPTools @@ -15,8 +14,6 @@ from infection_monkey.model import ( CHMOD_MONKEY, DOWNLOAD_TIMEOUT, DROPPER_ARG, - GET_ARCH_LINUX, - GET_ARCH_WINDOWS, ID_STRING, MONKEY_ARG, POWERSHELL_HTTP_UPLOAD, @@ -109,7 +106,7 @@ class WebRCE(HostExploiter): self.target_url = self.get_target_url() # Check for targets architecture (if it's 32 or 64 bit) - if not exploit_config["blind_exploit"] and not self.set_host_arch(self.get_target_url()): + if not exploit_config["blind_exploit"]: return False # Upload the right monkey to target @@ -254,38 +251,6 @@ class WebRCE(HostExploiter): if not self.vulnerable_urls: logger.info("No vulnerable urls found, skipping.") - def get_host_arch(self, url): - """ - :param url: Url for exploiter to use - :return: Machine architecture string or false. Eg. 'i686', '64', 'x86_64', ... - """ - if "linux" in self.host.os["type"]: - resp = self.exploit(url, GET_ARCH_LINUX) - if resp: - # Pulls architecture string - arch = re.search(r"(?<=Architecture:)\s+(\w+)", resp) - try: - arch = arch.group(1) - except AttributeError: - logger.error("Looked for linux architecture but could not find it") - return False - if arch: - return arch - else: - logger.info("Could not pull machine architecture string from command's output") - return False - else: - return False - else: - resp = self.exploit(url, GET_ARCH_WINDOWS) - if resp: - if "64-bit" in resp: - return WIN_ARCH_64 - else: - return WIN_ARCH_32 - else: - return False - # Wrapped functions: def get_ports_w(self, ports, names): """ @@ -302,15 +267,6 @@ class WebRCE(HostExploiter): else: return ports - def set_host_arch(self, url): - arch = self.get_host_arch(url) - if not arch: - logger.error("Couldn't get host machine's architecture") - return False - else: - self.host.os["machine"] = arch - return True - def run_backup_commands(self, resp, url, dest_path, http_path): """ If you need multiple commands for the same os you can override this method to add backup @@ -520,6 +476,7 @@ class WebRCE(HostExploiter): return self._config.dropper_target_path_linux if self.host.os["type"] == "windows": try: + # remove now or when 32-bit binaries are removed? if self.host.os["machine"] == WIN_ARCH_64: return self._config.dropper_target_path_win_64 except KeyError: diff --git a/monkey/infection_monkey/model/__init__.py b/monkey/infection_monkey/model/__init__.py index c1469829b..580a5d7d0 100644 --- a/monkey/infection_monkey/model/__init__.py +++ b/monkey/infection_monkey/model/__init__.py @@ -44,8 +44,7 @@ RUN_MONKEY = "%(monkey_path)s %(monkey_type)s %(parameters)s" # Commands used to check for architecture and if machine is exploitable CHECK_COMMAND = "echo %s" % ID_STRING # Architecture checking commands -GET_ARCH_WINDOWS = "wmic os get osarchitecture" -GET_ARCH_LINUX = "lscpu" +GET_ARCH_WINDOWS = "wmic os get osarchitecture" # can't remove, powershell exploiter uses # All in one commands (upload, change permissions, run) HADOOP_WINDOWS_COMMAND = (