Minor PR fixes.
This commit is contained in:
parent
079b5b75b0
commit
7b35005233
|
@ -51,6 +51,8 @@ class SambaCryExploiter(HostExploiter):
|
|||
SAMBACRY_MONKEY_COPY_FILENAME_32 = "monkey32_2"
|
||||
# Monkey copy filename on share (64 bit)
|
||||
SAMBACRY_MONKEY_COPY_FILENAME_64 = "monkey64_2"
|
||||
# Supported samba port
|
||||
SAMBA_PORT = 445
|
||||
|
||||
def __init__(self, host):
|
||||
super(SambaCryExploiter, self).__init__(host)
|
||||
|
@ -80,6 +82,7 @@ class SambaCryExploiter(HostExploiter):
|
|||
trigger_result is not None, creds['username'], creds['password'], creds['lm_hash'], creds['ntlm_hash'])
|
||||
if trigger_result is not None:
|
||||
successfully_triggered_shares.append((share, trigger_result))
|
||||
self.add_vuln_port(self.SAMBA_PORT)
|
||||
self.clean_share(self.host.ip_addr, share, writable_shares_creds_dict[share])
|
||||
|
||||
for share, fullpath in successfully_triggered_shares:
|
||||
|
@ -89,10 +92,6 @@ class SambaCryExploiter(HostExploiter):
|
|||
LOG.info(
|
||||
"Shares triggered successfully on host %s: %s" % (
|
||||
self.host.ip_addr, str(successfully_triggered_shares)))
|
||||
# TODO: add vulnerable url
|
||||
#for share, fullpath in successfully_triggered_shares:
|
||||
# self.add_vuln_url("smb://<username>@<hostname/ip>:<port>/<share_name>" % False,
|
||||
# self.host.ip_addr, False, share)
|
||||
return True
|
||||
else:
|
||||
LOG.info("No shares triggered successfully on host %s" % self.host.ip_addr)
|
||||
|
|
|
@ -7,35 +7,51 @@ from common.utils.code_utils import abstractstatic
|
|||
|
||||
|
||||
class AttackTechnique(object):
|
||||
""" Abstract class for ATT&CK report components """
|
||||
__metaclass__ = abc.ABCMeta
|
||||
|
||||
@abc.abstractproperty
|
||||
def unscanned_msg(self):
|
||||
"""
|
||||
:return: Message that will be displayed in case attack technique was not scanned.
|
||||
"""
|
||||
pass
|
||||
|
||||
@abc.abstractproperty
|
||||
def scanned_msg(self):
|
||||
"""
|
||||
:return: Message that will be displayed in case attack technique was scanned.
|
||||
"""
|
||||
pass
|
||||
|
||||
@abc.abstractproperty
|
||||
def used_msg(self):
|
||||
"""
|
||||
:return: Message that will be displayed in case attack technique was used by the scanner.
|
||||
"""
|
||||
pass
|
||||
|
||||
@abc.abstractproperty
|
||||
def tech_id(self):
|
||||
"""
|
||||
:return: Message that will be displayed in case of attack technique not being scanned.
|
||||
"""
|
||||
pass
|
||||
|
||||
@staticmethod
|
||||
@abstractstatic
|
||||
def get_report_data():
|
||||
"""
|
||||
:return: Report data aggregated from the database.
|
||||
"""
|
||||
pass
|
||||
|
||||
@staticmethod
|
||||
def technique_status(technique):
|
||||
"""
|
||||
Gets status of certain attack technique. If
|
||||
:param technique:
|
||||
:return:
|
||||
Gets the status of a certain attack technique.
|
||||
:param technique: technique's id.
|
||||
:return: ScanStatus Enum object
|
||||
"""
|
||||
if mongo.db.attack_results.find_one({'status': ScanStatus.USED.value, 'technique': technique}):
|
||||
return ScanStatus.USED
|
||||
|
@ -46,10 +62,19 @@ class AttackTechnique(object):
|
|||
|
||||
@staticmethod
|
||||
def technique_title(technique):
|
||||
"""
|
||||
:param technique: Technique's id. E.g. T1110
|
||||
:return: techniques title. E.g. "T1110 Brute force"
|
||||
"""
|
||||
return AttackConfig.get_technique(technique)['title']
|
||||
|
||||
@staticmethod
|
||||
def get_tech_base_data(technique):
|
||||
"""
|
||||
Gathers basic attack technique data into a dict.
|
||||
:param technique: Technique's id. E.g. T1110
|
||||
:return: dict E.g. {'message': 'Brute force used', 'status': 'Used', 'title': 'T1110 Brute force'}
|
||||
"""
|
||||
data = {}
|
||||
status = AttackTechnique.technique_status(technique.tech_id)
|
||||
title = AttackTechnique.technique_title(technique.tech_id)
|
||||
|
|
Loading…
Reference in New Issue