p15693087
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Agent: Decide if SSL is to be used in auth_options.py

This commit is contained in:
Shreya Malviya 2022-03-23 15:59:53 +05:30 committed by Mike Salvatore
parent 6d9e18fdc9
commit 4614e2207d
2 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
monkey/infection_monkey/exploit/powershell.py
View File

@ -49,13 +49,11 @@ class PowerShellExploiter(HostExploiter):
self._client = None self._client = None
def _exploit_host(self): def _exploit_host(self):
try: if not self._is_any_default_port_open():
use_ssl = self._is_client_using_https() message = "No default PowerShell remoting ports are open."
except PowerShellRemotingDisabledError as e: self.exploit_result.error_message = message
logger.info(e) logger.debug(message)
self.exploit_result.error_message = (
"PowerShell Remoting appears to be disabled on the remote host"
)
return self.exploit_result return self.exploit_result
credentials = get_credentials( credentials = get_credentials(
@ -66,7 +64,7 @@ class PowerShellExploiter(HostExploiter):
is_windows_os(), is_windows_os(),
) )
auth_options = [get_auth_options(creds, use_ssl) for creds in credentials] auth_options = [get_auth_options(creds, self.host) for creds in credentials]
self._client = self._authenticate_via_brute_force(credentials, auth_options) self._client = self._authenticate_via_brute_force(credentials, auth_options)
@ -89,6 +87,9 @@ class PowerShellExploiter(HostExploiter):
return self.exploit_result return self.exploit_result
def _is_any_default_port_open(self) -> bool:
return "tcp-5985" in self.host.services or "tcp-5986" in self.host.services
def _is_client_using_https(self) -> bool: def _is_client_using_https(self) -> bool:
try: try:
logger.debug("Checking if powershell remoting is enabled over HTTP.") logger.debug("Checking if powershell remoting is enabled over HTTP.")

18
monkey/infection_monkey/exploit/powershell_utils/auth_options.py
View File

@ -1,6 +1,7 @@
from dataclasses import dataclass from dataclasses import dataclass
from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
from infection_monkey.model.host import VictimHost
AUTH_BASIC = "basic" AUTH_BASIC = "basic"
AUTH_NEGOTIATE = "negotiate" AUTH_NEGOTIATE = "negotiate"
@ -16,17 +17,26 @@ class AuthOptions:
ssl: bool ssl: bool
def get_auth_options(credentials: Credentials, use_ssl: bool) -> AuthOptions: def get_auth_options(credentials: Credentials, host: VictimHost) -> AuthOptions:
ssl = _get_ssl(credentials, use_ssl) ssl = _get_ssl(credentials, host)
auth_type = _get_auth_type(credentials) auth_type = _get_auth_type(credentials)
encryption = _get_encryption(credentials) encryption = _get_encryption(credentials)
return AuthOptions(auth_type, encryption, ssl) return AuthOptions(auth_type, encryption, ssl)
def _get_ssl(credentials: Credentials, use_ssl): def _get_ssl(credentials: Credentials, host: VictimHost) -> bool:
# Check if default PSRemoting ports are open. Prefer with SSL, if both are.
if "tcp-5986" in host.services: # Default for HTTPS
use_ssl = True
elif "tcp-5985" in host.services: # Default for HTTP
use_ssl = False
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER # Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
return False if credentials.secret == "" else use_ssl if credentials.secret == "":
use_ssl = False
return use_ssl
def _get_auth_type(credentials: Credentials): def _get_auth_type(credentials: Credentials):