p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: refactor a couple web_rce methods to static

This commit is contained in:
vakarisz 2022-01-04 17:40:36 +02:00
parent e69639b426
commit 206abfa5e8
3 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/exploit/elasticgroovy.py
View File

@ -58,7 +58,7 @@ class ElasticGroovyExploiter(WebRCE):
def get_open_service_ports(self, port_list, names): def get_open_service_ports(self, port_list, names):
# We must append elastic port we get from elastic fingerprint module because It's not # We must append elastic port we get from elastic fingerprint module because It's not
# marked as 'http' service # marked as 'http' service
valid_ports = super(ElasticGroovyExploiter, self).get_open_service_ports(port_list, names) valid_ports = WebRCE.get_open_service_ports(self.host, port_list, names)
if ES_SERVICE in self.host.services: if ES_SERVICE in self.host.services:
valid_ports.append([ES_PORT, False]) valid_ports.append([ES_PORT, False])
return valid_ports return valid_ports

2
monkey/infection_monkey/exploit/struts2.py
View File

@ -39,7 +39,7 @@ class Struts2Exploiter(WebRCE):
:param extensions: What subdirectories to scan. www.domain.com[/extension] :param extensions: What subdirectories to scan. www.domain.com[/extension]
:return: Array of url's to try and attack :return: Array of url's to try and attack
""" """
url_list = super(Struts2Exploiter, self).build_potential_urls(ports) url_list = WebRCE.build_potential_urls(self.host.ip_addr, ports)
url_list = [self.get_redirected(url) for url in url_list] url_list = [self.get_redirected(url) for url in url_list]
return url_list return url_list

26
monkey/infection_monkey/exploit/web_rce.py
View File

@ -20,7 +20,7 @@ from infection_monkey.model import (
MONKEY_ARG, MONKEY_ARG,
POWERSHELL_HTTP_UPLOAD, POWERSHELL_HTTP_UPLOAD,
RUN_MONKEY, RUN_MONKEY,
WGET_HTTP_UPLOAD, WGET_HTTP_UPLOAD, VictimHost,
) )
from infection_monkey.network.tools import tcp_port_to_service from infection_monkey.network.tools import tcp_port_to_service
from infection_monkey.telemetry.attack.t1197_telem import T1197Telem from infection_monkey.telemetry.attack.t1197_telem import T1197Telem
@ -154,8 +154,10 @@ class WebRCE(HostExploiter):
""" """
raise NotImplementedError() raise NotImplementedError()
def get_open_service_ports(self, port_list, names): @staticmethod
def get_open_service_ports(victim_host: VictimHost, port_list, names): # noqa: F821
""" """
:param victim_host: VictimHost object that exploiter is targeting
:param port_list: Potential ports to exploit. For example _config.HTTP_PORTS :param port_list: Potential ports to exploit. For example _config.HTTP_PORTS
:param names: [] of service names. Example: ["http"] :param names: [] of service names. Example: ["http"]
:return: Returns all open ports from port list that are of service names :return: Returns all open ports from port list that are of service names
@ -163,12 +165,12 @@ class WebRCE(HostExploiter):
candidate_services = {} candidate_services = {}
candidate_services.update( candidate_services.update(
{ {
service: self.host.services[service] service: victim_host.services[service]
for service in self.host.services for service in victim_host.services
if ( if (
self.host.services[service] victim_host.services[service]
and "name" in self.host.services[service] and "name" in victim_host.services[service]
and self.host.services[service]["name"] in names and victim_host.services[service]["name"] in names
) )
} }
) )
@ -216,10 +218,12 @@ class WebRCE(HostExploiter):
logger.error("Host's exploitability check failed due to: %s" % e) logger.error("Host's exploitability check failed due to: %s" % e)
return False return False
def build_potential_urls(self, ports, extensions=None): @staticmethod
def build_potential_urls(ip: str, ports, extensions=None):
""" """
Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and Build all possibly-vulnerable URLs on a specific host, based on the relevant ports and
extensions. extensions.
:param ip: IP address of the victim
:param ports: Array of ports. One port is described as size 2 array: [port.no(int), :param ports: Array of ports. One port is described as size 2 array: [port.no(int),
isHTTPS?(bool)] isHTTPS?(bool)]
Eg. ports: [[80, False], [443, True]] Eg. ports: [[80, False], [443, True]]
@ -237,9 +241,7 @@ class WebRCE(HostExploiter):
protocol = "https" protocol = "https"
else: else:
protocol = "http" protocol = "http"
url_list.append( url_list.append(join(("%s://%s:%s" % (protocol, ip, port[0])), extension))
join(("%s://%s:%s" % (protocol, self.host.ip_addr, port[0])), extension)
)
if not url_list: if not url_list:
logger.info("No attack url's were built") logger.info("No attack url's were built")
return url_list return url_list
@ -329,7 +331,7 @@ class WebRCE(HostExploiter):
:return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [ :return: Array of ports: [[80, False], [443, True]] or False. Port always consists of [
port.nr, IsHTTPS?] port.nr, IsHTTPS?]
""" """
ports = self.get_open_service_ports(ports, names) ports = WebRCE.get_open_service_ports(self.host, ports, names)
if not ports: if not ports:
logger.info("All default web ports are closed on %r, skipping", str(self.host)) logger.info("All default web ports are closed on %r, skipping", str(self.host))
return False return False