Powershell started

2019-06-10 17:31:47 +03:00 · 2019-06-10 17:31:47 +03:00 · dbf469f50f
parent 6ca33fff68
commit dbf469f50f
5 changed files with 14 additions and 4 deletions
--- a/monkey/infection_monkey/exploit/init.py
+++ b/monkey/infection_monkey/exploit/init.py
@ -62,6 +62,15 @@ class HostExploiter(object):
    def add_example_cmd(self, cmd):
        self._exploit_info['executed_cmds']['example'] = cmd

+    def add_powershell_cmd(self, cmd):
+        """
+        Determines if command uses powershell and if so adds that command to exploiter info
+        :param cmd: Command used
+        :return: None
+        """
+        if "powershell" in cmd.lower():
+            self._exploit_info['executed_cmds']['powershell'] = cmd
+

 from infection_monkey.exploit.win_ms08_067 import Ms08_067_Exploiter
 from infection_monkey.exploit.wmiexec import WmiExploiter
--- a/monkey/infection_monkey/exploit/hadoop.py
+++ b/monkey/infection_monkey/exploit/hadoop.py
@ -49,6 +49,7 @@ class HadoopExploiter(WebRCE):
            return False
        http_thread.join(self.DOWNLOAD_TIMEOUT)
        http_thread.stop()
+        self.add_powershell_cmd(command)
        self.add_example_cmd(command)
        return True

--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -65,7 +65,7 @@ class MSSQLExploiter(HostExploiter):
            "xp_cmdshell \"<nul set /p=, ^\'%s^\') >>%s\"" % (dst_path, tmp_file_path)]
        MSSQLExploiter.execute_command(cursor, commands)
        MSSQLExploiter.run_file(cursor, tmp_file_path)
-
+        self.add_powershell_cmd(' '.join(commands))
        # Form monkey's command in a file
        monkey_args = tools.build_monkey_commandline(self.host,
                                                     tools.get_monkey_depth() - 1,
--- a/monkey/infection_monkey/exploit/web_rce.py
+++ b/monkey/infection_monkey/exploit/web_rce.py
@ -337,7 +337,7 @@ class WebRCE(HostExploiter):
        command = self.get_command(paths['dest_path'], http_path, commands)

        resp = self.exploit(url, command)
-
+        self.add_powershell_cmd(command)
        resp = self.run_backup_commands(resp, url, paths['dest_path'], http_path)

        http_thread.join(DOWNLOAD_TIMEOUT)
--- a/monkey/infection_monkey/exploit/weblogic.py
+++ b/monkey/infection_monkey/exploit/weblogic.py
@ -20,8 +20,8 @@ __author__ = "VakarisZ"
 LOG = logging.getLogger(__name__)
 # How long server waits for get request in seconds
 SERVER_TIMEOUT = 4
-# How long should be wait after each request in seconds
-REQUEST_DELAY = 0.0001
+# How long should we wait after each request in seconds
+REQUEST_DELAY = 0.1
 # How long to wait for a sign(request from host) that server is vulnerable. In seconds
 REQUEST_TIMEOUT = 5
 # How long to wait for response in exploitation. In seconds