From 3d7586f7139967cf649ca70533003e051c23a9b5 Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Wed, 23 Mar 2022 12:45:05 -0400 Subject: [PATCH] Agent: Fix edge case handling in auth_options._get_ssl() If the host has neither the HTTP or HTTPS port enabled, return False. --- .../exploit/powershell_utils/auth_options.py | 17 +++++++++-------- .../powershell_utils/test_auth_options.py | 5 +++++ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/monkey/infection_monkey/exploit/powershell_utils/auth_options.py b/monkey/infection_monkey/exploit/powershell_utils/auth_options.py index cde316c90..0ae8cb266 100644 --- a/monkey/infection_monkey/exploit/powershell_utils/auth_options.py +++ b/monkey/infection_monkey/exploit/powershell_utils/auth_options.py @@ -26,17 +26,18 @@ def get_auth_options(credentials: Credentials, host: VictimHost) -> AuthOptions: def _get_ssl(credentials: Credentials, host: VictimHost) -> bool: - # Check if default PSRemoting ports are open. Prefer with SSL, if both are. - if "tcp-5986" in host.services: # Default for HTTPS - use_ssl = True - elif "tcp-5985" in host.services: # Default for HTTP - use_ssl = False - # Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER if credentials.secret == "": - use_ssl = False + return False - return use_ssl + # Check if default PSRemoting ports are open. Prefer with SSL, if both are. + if "tcp-5986" in host.services: # Default for HTTPS + return True + + if "tcp-5985" in host.services: # Default for HTTP + return False + + return False def _get_auth_type(credentials: Credentials): diff --git a/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py b/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py index 4efa129b4..7d550c59e 100644 --- a/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py +++ b/monkey/tests/unit_tests/infection_monkey/exploit/powershell_utils/test_auth_options.py @@ -53,6 +53,11 @@ def powershell_disabled_host(): return _create_host(False, False) +def test_get_auth_options__ssl_false_with_no_open_ports(powershell_disabled_host): + auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, powershell_disabled_host) + assert auth_options.ssl is False + + def test_get_auth_options__ssl_true_with_password(https_only_host): auth_options = get_auth_options(CREDENTIALS_WITH_PASSWORD, https_only_host)