p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Remove arch checks from PowerShell exploiter

This commit is contained in:
Shreya Malviya 2022-03-11 19:23:00 +05:30 committed by Ilija Lazoroski
parent 7155896caa
commit 7d25bf711a
2 changed files with 2 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
monkey/infection_monkey/exploit/powershell.py
View File

@ -3,7 +3,6 @@ import os
from typing import List, Optional from typing import List, Optional
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.consts import WIN_ARCH_32
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.powershell_utils.auth_options import ( from infection_monkey.exploit.powershell_utils.auth_options import (
AUTH_NEGOTIATE, AUTH_NEGOTIATE,
@ -148,15 +147,7 @@ class PowerShellExploiter(HostExploiter):
raise ValueError(f"Unknown secret type {credentials.secret_type}") raise ValueError(f"Unknown secret type {credentials.secret_type}")
def _execute_monkey_agent_on_victim(self) -> bool: def _execute_monkey_agent_on_victim(self) -> bool:
arch = self._client.get_host_architecture() monkey_path_on_victim = self.options["dropper_target_path_win_64"]
self.is_32bit = arch == WIN_ARCH_32
logger.debug(f"Host architecture is {arch}")
monkey_path_on_victim = (
self._config.dropper_target_path_win_32
if self.is_32bit
else self.options["dropper_target_path_win_64"]
)
is_monkey_copy_successful = self._copy_monkey_binary_to_victim(monkey_path_on_victim) is_monkey_copy_successful = self._copy_monkey_binary_to_victim(monkey_path_on_victim)
if is_monkey_copy_successful: if is_monkey_copy_successful:

15
monkey/infection_monkey/exploit/powershell_utils/powershell_client.py
View File

@ -1,6 +1,6 @@
import abc import abc
import logging import logging
from typing import Optional, Union from typing import Optional
import pypsrp import pypsrp
import spnego import spnego
@ -10,10 +10,8 @@ from pypsrp.powershell import PowerShell, RunspacePool
from typing_extensions import Protocol from typing_extensions import Protocol
from urllib3 import connectionpool from urllib3 import connectionpool
from infection_monkey.exploit.consts import WIN_ARCH_32, WIN_ARCH_64
from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions
from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
from infection_monkey.model import GET_ARCH_WINDOWS
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -60,10 +58,6 @@ class IPowerShellClient(Protocol, metaclass=abc.ABCMeta):
def execute_cmd(self, cmd: str) -> str: def execute_cmd(self, cmd: str) -> str:
pass pass
@abc.abstractmethod
def get_host_architecture(self) -> Union[WIN_ARCH_32, WIN_ARCH_64]:
pass
@abc.abstractmethod @abc.abstractmethod
def copy_file(self, src: str, dest: str) -> bool: def copy_file(self, src: str, dest: str) -> bool:
pass pass
@ -93,13 +87,6 @@ class PowerShellClient(IPowerShellClient):
output, _, _ = self._client.execute_cmd(cmd) output, _, _ = self._client.execute_cmd(cmd)
return output return output
def get_host_architecture(self) -> Union[WIN_ARCH_32, WIN_ARCH_64]:
stdout, _, _ = self._client.execute_cmd(GET_ARCH_WINDOWS)
if "64-bit" in stdout:
return WIN_ARCH_64
return WIN_ARCH_32
def copy_file(self, src: str, dest: str) -> bool: def copy_file(self, src: str, dest: str) -> bool:
try: try:
self._client.copy(src, dest) self._client.copy(src, dest)