Merge branch '4126-use-agent-binary-template' into develop

Issue #4126
PR #4177

monkey/agent_plugins/exploiters/hadoop/src/hadoop_exploiter.py

@@ -12,8 +12,6 @@
 from monkeytypes import AgentID, Event, NetworkService
 from plugintoolbox import build_urls, get_agent_dst_path
 
-from infection_monkey.exploit import use_agent_binary
-
 from .hadoop_command_builder import build_hadoop_command
 from .hadoop_exploit_client import HadoopExploitClient
 from .hadoop_options import HadoopOptions
@@ -55,7 +53,6 @@ def exploit_host(
             download_ticket = self._http_agent_binary_server_registrar.reserve_download(
                 operating_system=target_host.operating_system,
                 requestor_ip=target_host.ip,
-                agent_binary_transform=use_agent_binary,
             )
         except Exception as err:
             msg = (

monkey/agent_plugins/exploiters/log4shell/src/log4shell_exploiter.py

@@ -14,8 +14,6 @@
 from monkeytypes import AgentID, Event, NetworkPort, OperatingSystem, SocketAddress
 from plugintoolbox import HTTPBytesServer
 
-from infection_monkey.exploit import use_agent_binary
-
 from . import LINUX_EXPLOIT_TEMPLATE_PATH, WINDOWS_EXPLOIT_TEMPLATE_PATH
 from .exploit_builder import build_exploit_bytecode
 from .ldap_server import LDAPExploitServer
@@ -69,7 +67,7 @@ def exploit_host(
         try:
             logger.debug("Starting the Agent binary server")
             download_ticket = self._http_agent_binary_server_registrar.reserve_download(
-                target_host.operating_system, target_host.ip, use_agent_binary
+                target_host.operating_system, target_host.ip
             )
         except Exception as err:
             msg = (

monkey/agent_plugins/exploiters/mssql/src/mssql_exploiter.py

@@ -12,8 +12,6 @@
 from monkeytypes import AgentID, Credentials, Event, NetworkPort
 from plugintoolbox import get_agent_dst_path
 
-from infection_monkey.exploit import use_agent_binary
-
 from .mssql_client import MSSQLClient
 from .mssql_command_builder import (
     build_mssql_agent_download_command,
@@ -53,7 +51,6 @@ def exploit_host(
             download_ticket = self._http_agent_binary_server_registrar.reserve_download(
                 target_host.operating_system,
                 target_host.ip,
-                use_agent_binary,
             )
         except Exception as err:
             msg = (

monkey/agent_plugins/exploiters/snmp/src/plugin.py

@@ -1,5 +1,4 @@
 import logging
-from functools import partial
 from pprint import pformat
 from typing import Any, Dict, Tuple
 
@@ -17,10 +16,7 @@
     TargetHost,
 )
 from monkeytypes import AgentID, Event
-from plugintoolbox import get_agent_dst_path
-
-# dependencies to get rid of or internalize
-from infection_monkey.utils.script_dropper import build_bash_dropper
+from plugintoolbox import build_bash_dropper_script_template, get_agent_dst_path
 
 from .community_string_generator import generate_community_strings
 from .snmp_client import SNMPClient
@@ -126,14 +122,16 @@ def _create_snmp_exploiter(
             dropper_execution_mode=DropperExecutionMode.NONE,
         )
         agent_command_builder.build_run_command(run_options)
-        dropper_transform = partial(
-            build_bash_dropper, destination_path, agent_command_builder.get_command()
+
+        dropper_script_template = build_bash_dropper_script_template(
+            destination_path,
+            agent_command_builder.get_command(),
         )
 
         agent_command_builder.reset_command()
         return SNMPExploiter(
             exploit_client,
             self._http_agent_binary_server_registrar,
-            dropper_transform,
+            dropper_script_template,
             agent_command_builder,
         )

monkey/agent_plugins/exploiters/snmp/src/snmp_exploiter.py

@@ -2,7 +2,6 @@
 from typing import Iterable
 
 from agentpluginapi import (
-    AgentBinaryTransform,
     ExploiterResult,
     IHTTPAgentBinaryServerRegistrar,
     ILinuxAgentCommandBuilder,
@@ -24,12 +23,12 @@ def __init__(
         self,
         exploit_client: SNMPExploitClient,
         http_agent_binary_server_registrar: IHTTPAgentBinaryServerRegistrar,
-        transform_agent_binary: AgentBinaryTransform,
+        agent_binary_wrapper_template: bytes,
         agent_command_builder: ILinuxAgentCommandBuilder,
     ):
         self._exploit_client = exploit_client
         self._http_agent_binary_server_registrar = http_agent_binary_server_registrar
-        self._transform_agent_binary = transform_agent_binary
+        self._agent_binary_wrapper_template = agent_binary_wrapper_template
         self._agent_command_builder = agent_command_builder
 
     def exploit_host(
@@ -43,7 +42,7 @@ def exploit_host(
             logger.debug("Starting the agent binary server")
 
             download_ticket = self._http_agent_binary_server_registrar.reserve_download(
-                host.operating_system, host.ip, self._transform_agent_binary
+                host.operating_system, host.ip, self._agent_binary_wrapper_template
             )
         except Exception as err:
             msg = (

monkey/infection_monkey/Pipfile

@@ -26,11 +26,12 @@ email-validator = "*"
 monkey-types = "*"
 monkeyevents = "*"
 monkeytoolbox = "*"
-monkey-agentpluginapi = ">=0.6.0"
+monkey-agentpluginapi = ">=0.7.0"
 
 [dev-packages]
 mypy = "*"
 pytest-freezer = "*"
+monkey-plugintoolbox = "*"
 
 [requires]
 python_version = "3.11"

monkey/infection_monkey/exploit/__init__.py

@@ -1,4 +1,3 @@
 from .caching_agent_binary_repository import CachingAgentBinaryRepository
 from .polymorphic_agent_binary_repository_decorator import PolymorphicAgentBinaryRepositoryDecorator
 from .island_api_agent_otp_provider import IslandAPIAgentOTPProvider
-from .http_agent_binary_server import use_agent_binary

monkey/infection_monkey/exploit/http_agent_binary_request_handler.py

@@ -91,7 +91,11 @@ def _do_GET(self):
         self.send_header("Content-type", "application/octet-stream")
         self.end_headers()
 
-        bytes_to_send = reservation.transform_agent_binary(agent_binary.getvalue())
+        bytes_to_send = agent_binary.getvalue()
+        if reservation.agent_binary_wrapper_template is not None:
+            bytes_to_send = reservation.agent_binary_wrapper_template % {
+                b"agent_binary": bytes_to_send
+            }
 
         self.wfile.write(bytes_to_send)
         reservation.download_completed.set()

monkey/infection_monkey/exploit/http_agent_binary_server.py

@@ -8,7 +8,6 @@
 from agentpluginapi import (
     AgentBinaryDownloadReservation,
     AgentBinaryDownloadTicket,
-    AgentBinaryTransform,
     ITCPPortSelector,
     LocalMachineInfo,
     ReservationID,
@@ -23,10 +22,6 @@
 AgentBinaryHTTPHandlerFactory = Callable[[], Type[AgentBinaryHTTPRequestHandler]]
 
 
-def use_agent_binary(agent_binary: bytes) -> bytes:
-    return agent_binary
-
-
 class HTTPAgentBinaryServer:
     """
     Serves Agent binaries over HTTP
@@ -64,7 +59,7 @@ def register(
         self,
         operating_system: OperatingSystem,
         requestor_ip: IPv4Address,
-        agent_binary_transform: AgentBinaryTransform = use_agent_binary,
+        agent_binary_wrapper_template: bytes | None = None,
     ) -> AgentBinaryDownloadTicket:
         """
         Register to download an Agent binary
@@ -73,9 +68,9 @@ def register(
 
         :param operating_system: The operating system for the Agent binary to serve
         :param requestor_ip: The IP address of the client that will download the Agent binary
-        :param agent_binary_transform: A callable that transforms the Agent binary before serving.
+        :param agent_binary_wrapper_template: A template that transforms the Agent binary
+            before serving.
             This may be used to, e.g., convert the binary into a self-extracting shell script.
-            Defaults to no-op
         :raises RuntimeError: If the binary could not be served
         :raises Exception: If the server failed to start
         :returns: A ticket to download the Agent binary
@@ -89,7 +84,7 @@ def register(
             reservation = AgentBinaryDownloadReservation(
                 reservation_id,
                 operating_system,
-                agent_binary_transform,
+                agent_binary_wrapper_template,
                 url,
                 self._create_event(),
             )

monkey/infection_monkey/exploit/http_agent_binary_server_registrar.py

@@ -1,11 +1,6 @@
 from ipaddress import IPv4Address
 
-from agentpluginapi import (
-    AgentBinaryDownloadTicket,
-    AgentBinaryTransform,
-    IHTTPAgentBinaryServerRegistrar,
-    ReservationID,
-)
+from agentpluginapi import AgentBinaryDownloadTicket, IHTTPAgentBinaryServerRegistrar, ReservationID
 from monkeytypes import OperatingSystem
 
 from .http_agent_binary_server import HTTPAgentBinaryServer
@@ -19,9 +14,9 @@ def reserve_download(
         self,
         operating_system: OperatingSystem,
         requestor_ip: IPv4Address,
-        agent_binary_transform: AgentBinaryTransform,
+        agent_binary_wrapper_template: bytes | None = None,
     ) -> AgentBinaryDownloadTicket:
-        return self._server.register(operating_system, requestor_ip, agent_binary_transform)
+        return self._server.register(operating_system, requestor_ip, agent_binary_wrapper_template)
 
     def clear_reservation(self, reservation_id: ReservationID):
         self._server.deregister(reservation_id)

monkey/infection_monkey/utils/__init__.py

@@ -1 +0,0 @@
-from .script_dropper import build_bash_dropper

monkey/tests/unit_tests/agent_plugins/exploiters/snmp/test_snmp_exploiter.py

@@ -7,12 +7,7 @@
 from agent_plugins.exploiters.snmp.src.snmp_exploit_client import SNMPExploitClient
 from agent_plugins.exploiters.snmp.src.snmp_exploiter import SNMPExploiter
 from agent_plugins.exploiters.snmp.src.snmp_options import SNMPOptions
-from agentpluginapi import (
-    AgentBinaryTransform,
-    ExploiterResult,
-    IHTTPAgentBinaryServerRegistrar,
-    TargetHost,
-)
+from agentpluginapi import ExploiterResult, IHTTPAgentBinaryServerRegistrar, TargetHost
 from monkeytypes import OperatingSystem
 
 TARGET_IP = IPv4Address("1.1.1.1")
@@ -32,11 +27,6 @@ def mock_http_agent_binary_server_registrar() -> IHTTPAgentBinaryServerRegistrar
     return mock_registrar
 
 
-@pytest.fixture
-def mock_agent_binary_transform() -> AgentBinaryTransform:
-    return MagicMock()
-
-
 @pytest.fixture
 def mock_snmp_exploit_client() -> SNMPExploitClient:
     mock_snmp_exploit_client = MagicMock(spec=SNMPExploitClient)
@@ -48,12 +38,11 @@ def mock_snmp_exploit_client() -> SNMPExploitClient:
 def snmp_exploiter(
     mock_snmp_exploit_client: SNMPExploitClient,
     mock_http_agent_binary_server_registrar: IHTTPAgentBinaryServerRegistrar,
-    mock_agent_binary_transform: AgentBinaryTransform,
 ) -> SNMPExploiter:
     return SNMPExploiter(
         mock_snmp_exploit_client,
         mock_http_agent_binary_server_registrar,
-        mock_agent_binary_transform,
+        b"",
         MagicMock(),
     )
 

monkey/tests/unit_tests/agent_plugins/exploiters/snmp/test_snmp_plugin.py

@@ -67,7 +67,10 @@ def plugin(monkeypatch, mock_snmp_exploiter) -> Plugin:
         "agent_plugins.exploiters.snmp.src.plugin.SNMPClient",
         lambda *args, **kwargs: MagicMock(spec=SNMPClient),
     )
-
+    monkeypatch.setattr(
+        "agent_plugins.exploiters.snmp.src.plugin.build_bash_dropper_script_template",
+        lambda *args, **kwargs: b"template",
+    )
     return Plugin(
         plugin_name="SNMP",
         agent_id=AGENT_ID,