Agent: Move password restoration event publishing in zerologon
This commit is contained in:
Shreya Malviya
Ilija Lazoroski
parent
f05d5be32f
commit
050a84d890
|
|
@ -107,8 +107,6 @@ class ZerologonExploiter(HostExploiter):
|
||||||
self.exploit_info["password_restored"] = False
|
self.exploit_info["password_restored"] = False
|
||||||
logger.info("System exploited but couldn't restore password!")
|
logger.info("System exploited but couldn't restore password!")
|
||||||
|
|
||||||
self._publish_password_restoration_event(success=self.exploit_info["password_restored"])
|
|
||||||
|
|
||||||
self.store_extracted_creds_for_exploitation()
|
self.store_extracted_creds_for_exploitation()
|
||||||
else:
|
else:
|
||||||
logger.info("System was not exploited.")
|
logger.info("System was not exploited.")
|
||||||
|
|
@ -317,15 +315,6 @@ class ZerologonExploiter(HostExploiter):
|
||||||
"nt_hash": nthash,
|
"nt_hash": nthash,
|
||||||
}
|
}
|
||||||
|
|
||||||
def _publish_password_restoration_event(self, success: bool):
|
|
||||||
password_restoration_event = PasswordRestorationEvent(
|
|
||||||
source=get_agent_id(),
|
|
||||||
target=self.host.ip_addr,
|
|
||||||
tags=PASSWORD_RESTORATION_EVENT_TAGS,
|
|
||||||
success=success,
|
|
||||||
)
|
|
||||||
self.agent_event_queue.publish(password_restoration_event)
|
|
||||||
|
|
||||||
def store_extracted_creds_for_exploitation(self) -> None:
|
def store_extracted_creds_for_exploitation(self) -> None:
|
||||||
for user in self._extracted_creds.keys():
|
for user in self._extracted_creds.keys():
|
||||||
self.send_extracted_creds_as_credential_telemetry(
|
self.send_extracted_creds_as_credential_telemetry(
|
||||||
|
|
@ -518,11 +507,22 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
def assess_restoration_attempt_result(self, restoration_attempt_result) -> bool:
|
def assess_restoration_attempt_result(self, restoration_attempt_result) -> bool:
|
||||||
if restoration_attempt_result:
|
if restoration_attempt_result:
|
||||||
|
self._publish_password_restoration_event(success=True)
|
||||||
logger.debug("DC machine account password should be restored to its original value.")
|
logger.debug("DC machine account password should be restored to its original value.")
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
self._publish_password_restoration_event(success=False)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
def _publish_password_restoration_event(self, success: bool):
|
||||||
|
password_restoration_event = PasswordRestorationEvent(
|
||||||
|
source=get_agent_id(),
|
||||||
|
target=self.host.ip_addr,
|
||||||
|
tags=PASSWORD_RESTORATION_EVENT_TAGS,
|
||||||
|
success=success,
|
||||||
|
)
|
||||||
|
self.agent_event_queue.publish(password_restoration_event)
|
||||||
|
|
||||||
|
|
||||||
class NetrServerPasswordSet(nrpc.NDRCALL):
|
class NetrServerPasswordSet(nrpc.NDRCALL):
|
||||||
opnum = 6
|
opnum = 6
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue