Fixed bug in HTTPFingering

Added support for skip_exploit_if_file_exists in linux exploiters.
Delayed/fixed a race in the monkey patching that gevents does.

chaos_monkey/exploit/shellshock.py

@@ -9,7 +9,6 @@ from model.host import VictimHost
 from shellshock_resources import CGI_FILES
 from model import MONKEY_ARG
 from exploit.tools import get_target_monkey, HTTPTools, report_failed_login
-import grequests
 import requests
 
 __author__ = 'danielg'
@@ -38,8 +37,10 @@ class ShellShockExploiter(HostExploiter):
     def exploit_host(self, host, depth=-1, src_path=None):
         assert isinstance(host, VictimHost)
         # start by picking ports
-        valid_ports = [(port, host.services['tcp-' + str(port)][1]) for port in self.HTTP if
-                       'tcp-' + str(port) in host.services]
+        candidate_services = {service: host.services[service] for service in host.services if host.services[service]['name'] == 'http'}
+
+        valid_ports = [(port, candidate_services['tcp-' + str(port)]['data'][1]) for port in self.HTTP if
+                       'tcp-' + str(port) in candidate_services]
         http_ports = [port[0] for port in valid_ports if not port[1]]
         https_ports = [port[0] for port in valid_ports if port[1]]
 
@@ -192,6 +193,7 @@ class ShellShockExploiter(HostExploiter):
         Checks if which urls exist
         :return: Sequence of URLs to try and attack
         """
+        import grequests
         attack_path = 'http://'
         if is_https:
             attack_path = 'https://'

chaos_monkey/exploit/sshexec.py

@@ -102,19 +102,20 @@ class SSHExploiter(HostExploiter):
             except Exception, exc:
                 LOG.debug("Error running uname machine commad on victim %r: (%s)", host, exc)
 
+        if self.skip_exist:
+            _, stdout, stderr = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux)
+            stdout_res = stdout.read().strip()
+            if stdout_res:
+                # file exists
+                LOG.info("Host %s was already infected under the current configuration, done" % host)
+                return True  # return already infected
+
         src_path = src_path or get_target_monkey(host)
 
         if not src_path:
             LOG.info("Can't find suitable monkey executable for host %r", host)
             return False
 
-        if self._config.skip_exploit_if_file_exist:
-            _, stdout, _ = ssh.exec_command("head -c 1 %s" % self._config.dropper_target_path_linux)
-            if stdout:
-                # file exists
-                LOG.info("Host %s was already infected under the current configuration, done" % host)
-                return True  # return already infected
-
         try:
             ftp = ssh.open_sftp()
 

chaos_monkey/network/httpfinger.py

@@ -32,7 +32,9 @@ class HTTPFinger(HostFinger):
                     with closing(head(url, verify=False, timeout=1)) as req:
                         server = req.headers.get('Server')
                         ssl = True if 'https://' in url else False
-                        host.services['tcp-' + port[1]] = (server,ssl)
+                        host.services['tcp-' + port[1]] = {}
+                        host.services['tcp-' + port[1]]['name'] = 'http'
+                        host.services['tcp-' + port[1]]['data'] = (server,ssl)
                         break  # https will be the same on the same port
                 except Timeout:
                     pass