p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent: Fix calls to _publish_exploitation_event in zerologon

This commit is contained in:
Shreya Malviya 2022-10-06 16:27:44 +05:30 committed by Ilija Lazoroski
parent 1cf017c2ac
commit 0e2f80ded6
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
monkey/infection_monkey/exploit/zerologon.py
View File

@ -9,6 +9,7 @@ import os
import re import re
import tempfile import tempfile
from binascii import unhexlify from binascii import unhexlify
from time import time
from typing import Dict, List, Optional, Sequence, Tuple from typing import Dict, List, Optional, Sequence, Tuple
import impacket import impacket
@ -37,12 +38,7 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
EXPLOIT_TAGS = (
ZEROLOGON_EXPLOITER_TAG,
T1003_ATTACK_TECHNIQUE_TAG,
T1098_ATTACK_TECHNIQUE_TAG,
T1210_ATTACK_TECHNIQUE_TAG,
)
CREDENTIALS_STOLEN_EVENT_TAGS = frozenset( CREDENTIALS_STOLEN_EVENT_TAGS = frozenset(
{ {
ZEROLOGON_EXPLOITER_TAG, ZEROLOGON_EXPLOITER_TAG,
@ -54,6 +50,14 @@ CREDENTIALS_STOLEN_EVENT_TAGS = frozenset(
class ZerologonExploiter(HostExploiter): class ZerologonExploiter(HostExploiter):
_EXPLOITED_SERVICE = "Netlogon" _EXPLOITED_SERVICE = "Netlogon"
_EXPLOITER_TAGS = (
ZEROLOGON_EXPLOITER_TAG,
T1003_ATTACK_TECHNIQUE_TAG,
T1098_ATTACK_TECHNIQUE_TAG,
T1210_ATTACK_TECHNIQUE_TAG,
)
_PROPAGATION_TAGS = tuple()
MAX_ATTEMPTS = 2000 # For 2000, expected average number of attempts needed: 256. MAX_ATTEMPTS = 2000 # For 2000, expected average number of attempts needed: 256.
ERROR_CODE_ACCESS_DENIED = 0xC0000022 ERROR_CODE_ACCESS_DENIED = 0xC0000022
@ -144,9 +148,8 @@ class ZerologonExploiter(HostExploiter):
logger.info(error_message) logger.info(error_message)
self._publish_exploitation_event( self._publish_exploitation_event(
target=self.host.ip_addr, time=time(),
exploitation_success=False, success=False,
tags=EXPLOIT_TAGS,
error_message=error_message, error_message=error_message,
) )
@ -178,9 +181,7 @@ class ZerologonExploiter(HostExploiter):
_exploited = True _exploited = True
logger.info("Exploit complete!") logger.info("Exploit complete!")
self._publish_exploitation_event( self._publish_exploitation_event(time=time(), success=True)
target=self.host.ip_addr, exploitation_success=True, tags=EXPLOIT_TAGS
)
else: else:
self.report_login_attempt(result=False, user=self.dc_name) self.report_login_attempt(result=False, user=self.dc_name)
_exploited = False _exploited = False
@ -189,9 +190,8 @@ class ZerologonExploiter(HostExploiter):
logger.info(error_message) logger.info(error_message)
self._publish_exploitation_event( self._publish_exploitation_event(
target=self.host.ip_addr, time=time(),
exploitation_success=False, success=False,
tags=EXPLOIT_TAGS,
error_message=error_message, error_message=error_message,
) )
return _exploited return _exploited