forked from p15670423/monkey
Agent: Remove max iters and timeout between iters options
This commit is contained in:
Shreya Malviya
Mike Salvatore
parent
03d3a22b42
commit
e774fc8a1e
|
|
@ -99,12 +99,6 @@ class Configuration(object):
|
|||
# sets whether or not the monkey is alive. if false will stop scanning and exploiting
|
||||
alive = True
|
||||
|
||||
# how long to wait between scan iterations
|
||||
timeout_between_iterations = 100
|
||||
|
||||
# how many scan iterations to perform on each run
|
||||
max_iterations = 1
|
||||
|
||||
finger_classes = []
|
||||
exploiter_classes = []
|
||||
system_info_collector_classes = []
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@
|
|||
"MSSQLFingerprint",
|
||||
"ElasticFinger"
|
||||
],
|
||||
"max_iterations": 3,
|
||||
"monkey_log_path_windows": "%temp%\\~df1563.tmp",
|
||||
"monkey_log_path_linux": "/tmp/user-1563",
|
||||
"ms08_067_exploit_attempts": 5,
|
||||
|
|
@ -77,7 +76,6 @@
|
|||
7001,
|
||||
8088
|
||||
],
|
||||
"timeout_between_iterations": 10,
|
||||
"victims_max_exploit": 100,
|
||||
"victims_max_find": 100,
|
||||
"post_breach_actions": []
|
||||
|
|
|
|||
|
|
@ -208,98 +208,86 @@ class InfectionMonkey(object):
|
|||
raise PlannedShutdownException("Marked 'not alive' from configuration.")
|
||||
|
||||
def propagate(self):
|
||||
for iteration_index in range(WormConfiguration.max_iterations):
|
||||
ControlClient.keepalive()
|
||||
ControlClient.load_control_config()
|
||||
ControlClient.keepalive()
|
||||
ControlClient.load_control_config()
|
||||
|
||||
self._network.initialize()
|
||||
self._network.initialize()
|
||||
|
||||
self._fingerprint = HostFinger.get_instances()
|
||||
self._fingerprint = HostFinger.get_instances()
|
||||
|
||||
self._exploiters = HostExploiter.get_classes()
|
||||
self._exploiters = HostExploiter.get_classes()
|
||||
|
||||
if not self._keep_running or not WormConfiguration.alive:
|
||||
if not WormConfiguration.alive:
|
||||
logger.info("Marked not alive from configuration")
|
||||
|
||||
machines = self._network.get_victim_machines(
|
||||
max_find=WormConfiguration.victims_max_find,
|
||||
stop_callback=ControlClient.check_for_stop,
|
||||
)
|
||||
for machine in machines:
|
||||
if ControlClient.check_for_stop():
|
||||
break
|
||||
|
||||
machines = self._network.get_victim_machines(
|
||||
max_find=WormConfiguration.victims_max_find,
|
||||
stop_callback=ControlClient.check_for_stop,
|
||||
)
|
||||
is_empty = True
|
||||
for machine in machines:
|
||||
if ControlClient.check_for_stop():
|
||||
break
|
||||
|
||||
is_empty = False
|
||||
for finger in self._fingerprint:
|
||||
logger.info(
|
||||
"Trying to get OS fingerprint from %r with module %s",
|
||||
machine,
|
||||
finger.__class__.__name__,
|
||||
)
|
||||
try:
|
||||
finger.get_host_fingerprint(machine)
|
||||
except BaseException as exc:
|
||||
logger.error(
|
||||
"Failed to run fingerprinter %s, exception %s"
|
||||
% finger.__class__.__name__,
|
||||
str(exc),
|
||||
)
|
||||
|
||||
ScanTelem(machine).send()
|
||||
|
||||
# skip machines that we've already exploited
|
||||
if machine in self._exploited_machines:
|
||||
logger.debug("Skipping %r - already exploited", machine)
|
||||
continue
|
||||
elif machine in self._fail_exploitation_machines:
|
||||
if WormConfiguration.retry_failed_explotation:
|
||||
logger.debug("%r - exploitation failed before, trying again", machine)
|
||||
else:
|
||||
logger.debug("Skipping %r - exploitation failed before", machine)
|
||||
continue
|
||||
|
||||
if self._monkey_tunnel:
|
||||
self._monkey_tunnel.set_tunnel_for_host(machine)
|
||||
if self._default_server:
|
||||
if self._network.on_island(self._default_server):
|
||||
machine.set_default_server(
|
||||
get_interface_to_target(machine.ip_addr)
|
||||
+ (":" + self._default_server_port if self._default_server_port else "")
|
||||
)
|
||||
else:
|
||||
machine.set_default_server(self._default_server)
|
||||
logger.debug(
|
||||
"Default server for machine: %r set to %s"
|
||||
% (machine, machine.default_server)
|
||||
)
|
||||
|
||||
# Order exploits according to their type
|
||||
self._exploiters = sorted(
|
||||
self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value
|
||||
for finger in self._fingerprint:
|
||||
logger.info(
|
||||
"Trying to get OS fingerprint from %r with module %s",
|
||||
machine,
|
||||
finger.__class__.__name__,
|
||||
)
|
||||
host_exploited = False
|
||||
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
||||
if self.try_exploiting(machine, exploiter):
|
||||
host_exploited = True
|
||||
VictimHostTelem("T1210", ScanStatus.USED, machine=machine).send()
|
||||
if exploiter.RUNS_AGENT_ON_SUCCESS:
|
||||
break # if adding machine to exploited, won't try other exploits
|
||||
# on it
|
||||
if not host_exploited:
|
||||
self._fail_exploitation_machines.add(machine)
|
||||
VictimHostTelem("T1210", ScanStatus.SCANNED, machine=machine).send()
|
||||
if not self._keep_running:
|
||||
break
|
||||
try:
|
||||
finger.get_host_fingerprint(machine)
|
||||
except BaseException as exc:
|
||||
logger.error(
|
||||
"Failed to run fingerprinter %s, exception %s" % finger.__class__.__name__,
|
||||
str(exc),
|
||||
)
|
||||
|
||||
if (not is_empty) and (WormConfiguration.max_iterations > iteration_index + 1):
|
||||
time_to_sleep = WormConfiguration.timeout_between_iterations
|
||||
logger.info("Sleeping %d seconds before next life cycle iteration", time_to_sleep)
|
||||
time.sleep(time_to_sleep)
|
||||
ScanTelem(machine).send()
|
||||
|
||||
if self._keep_running and WormConfiguration.alive:
|
||||
logger.info("Reached max iterations (%d)", WormConfiguration.max_iterations)
|
||||
elif not WormConfiguration.alive:
|
||||
# skip machines that we've already exploited
|
||||
if machine in self._exploited_machines:
|
||||
logger.debug("Skipping %r - already exploited", machine)
|
||||
continue
|
||||
elif machine in self._fail_exploitation_machines:
|
||||
if WormConfiguration.retry_failed_explotation:
|
||||
logger.debug("%r - exploitation failed before, trying again", machine)
|
||||
else:
|
||||
logger.debug("Skipping %r - exploitation failed before", machine)
|
||||
continue
|
||||
|
||||
if self._monkey_tunnel:
|
||||
self._monkey_tunnel.set_tunnel_for_host(machine)
|
||||
if self._default_server:
|
||||
if self._network.on_island(self._default_server):
|
||||
machine.set_default_server(
|
||||
get_interface_to_target(machine.ip_addr)
|
||||
+ (":" + self._default_server_port if self._default_server_port else "")
|
||||
)
|
||||
else:
|
||||
machine.set_default_server(self._default_server)
|
||||
logger.debug(
|
||||
"Default server for machine: %r set to %s" % (machine, machine.default_server)
|
||||
)
|
||||
|
||||
# Order exploits according to their type
|
||||
self._exploiters = sorted(
|
||||
self._exploiters, key=lambda exploiter_: exploiter_.EXPLOIT_TYPE.value
|
||||
)
|
||||
host_exploited = False
|
||||
for exploiter in [exploiter(machine) for exploiter in self._exploiters]:
|
||||
if self.try_exploiting(machine, exploiter):
|
||||
host_exploited = True
|
||||
VictimHostTelem("T1210", ScanStatus.USED, machine=machine).send()
|
||||
if exploiter.RUNS_AGENT_ON_SUCCESS:
|
||||
break # if adding machine to exploited, won't try other exploits
|
||||
# on it
|
||||
if not host_exploited:
|
||||
self._fail_exploitation_machines.add(machine)
|
||||
VictimHostTelem("T1210", ScanStatus.SCANNED, machine=machine).send()
|
||||
if not self._keep_running:
|
||||
break
|
||||
|
||||
if not WormConfiguration.alive:
|
||||
logger.info("Marked not alive from configuration")
|
||||
|
||||
def upgrade_to_64_if_needed(self):
|
||||
|
|
|
|||
Loading…
Reference in New Issue