p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Agent: Publish scan event when checking ssh port

This commit is contained in:
Kekoa Kaaikala 2022-10-05 15:02:46 +00:00 committed by Ilija Lazoroski
parent 431d6ae775
commit 72378f4e53
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
monkey/infection_monkey/exploit/sshexec.py
View File

@ -1,10 +1,12 @@
import io import io
import logging import logging
from ipaddress import IPv4Address
from pathlib import PurePath from pathlib import PurePath
import paramiko import paramiko
from common import OperatingSystem from common import OperatingSystem
from common.agent_events import TCPScanEvent
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
from common.credentials import get_plaintext from common.credentials import get_plaintext
from common.tags import ( from common.tags import (
@ -13,6 +15,7 @@ from common.tags import (
T1110_ATTACK_TECHNIQUE_TAG, T1110_ATTACK_TECHNIQUE_TAG,
T1222_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG,
) )
from common.types import PortStatus
from common.utils import Timer from common.utils import Timer
from common.utils.attack_utils import ScanStatus from common.utils.attack_utils import ScanStatus
from common.utils.exceptions import FailedExploitationError from common.utils.exceptions import FailedExploitationError
@ -25,6 +28,7 @@ from infection_monkey.telemetry.attack.t1105_telem import T1105Telem
from infection_monkey.telemetry.attack.t1222_telem import T1222Telem from infection_monkey.telemetry.attack.t1222_telem import T1222Telem
from infection_monkey.utils.brute_force import generate_identity_secret_pairs from infection_monkey.utils.brute_force import generate_identity_secret_pairs
from infection_monkey.utils.commands import build_monkey_commandline from infection_monkey.utils.commands import build_monkey_commandline
from infection_monkey.utils.ids import get_agent_id
from infection_monkey.utils.threading import interruptible_iter from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@ -178,8 +182,8 @@ class SSHExploiter(HostExploiter):
def _exploit_host(self) -> ExploiterResultData: def _exploit_host(self) -> ExploiterResultData:
port = self._get_ssh_port() port = self._get_ssh_port()
is_open, _ = check_tcp_port(self.host.ip_addr, port)
if not is_open: if not self._is_port_open(IPv4Address(self.host.ip_addr), port):
self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping" self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping"
logger.info(self.exploit_result.error_message) logger.info(self.exploit_result.error_message)
return self.exploit_result return self.exploit_result
@ -282,6 +286,15 @@ class SSHExploiter(HostExploiter):
except Exception as exc: except Exception as exc:
raise FailedExploitationError(f"Error running monkey on victim {self.host}: ({exc})") raise FailedExploitationError(f"Error running monkey on victim {self.host}: ({exc})")
def _is_port_open(self, ip: IPv4Address, port: int) -> bool:
is_open, _ = check_tcp_port(ip, port)
status = PortStatus.OPEN if is_open else PortStatus.CLOSED
self.agent_event_queue.publish(
TCPScanEvent(source=get_agent_id(), target=ip, ports={port: status})
)
return is_open
def _get_ssh_port(self) -> int: def _get_ssh_port(self) -> int:
port = SSH_PORT port = SSH_PORT