forked from p15670423/monkey
Agent: Decide if SSL is to be used in auth_options.py
This commit is contained in:
parent
6d9e18fdc9
commit
4614e2207d
|
@ -49,13 +49,11 @@ class PowerShellExploiter(HostExploiter):
|
|||
self._client = None
|
||||
|
||||
def _exploit_host(self):
|
||||
try:
|
||||
use_ssl = self._is_client_using_https()
|
||||
except PowerShellRemotingDisabledError as e:
|
||||
logger.info(e)
|
||||
self.exploit_result.error_message = (
|
||||
"PowerShell Remoting appears to be disabled on the remote host"
|
||||
)
|
||||
if not self._is_any_default_port_open():
|
||||
message = "No default PowerShell remoting ports are open."
|
||||
self.exploit_result.error_message = message
|
||||
logger.debug(message)
|
||||
|
||||
return self.exploit_result
|
||||
|
||||
credentials = get_credentials(
|
||||
|
@ -66,7 +64,7 @@ class PowerShellExploiter(HostExploiter):
|
|||
is_windows_os(),
|
||||
)
|
||||
|
||||
auth_options = [get_auth_options(creds, use_ssl) for creds in credentials]
|
||||
auth_options = [get_auth_options(creds, self.host) for creds in credentials]
|
||||
|
||||
self._client = self._authenticate_via_brute_force(credentials, auth_options)
|
||||
|
||||
|
@ -89,6 +87,9 @@ class PowerShellExploiter(HostExploiter):
|
|||
|
||||
return self.exploit_result
|
||||
|
||||
def _is_any_default_port_open(self) -> bool:
|
||||
return "tcp-5985" in self.host.services or "tcp-5986" in self.host.services
|
||||
|
||||
def _is_client_using_https(self) -> bool:
|
||||
try:
|
||||
logger.debug("Checking if powershell remoting is enabled over HTTP.")
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
from dataclasses import dataclass
|
||||
|
||||
from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
|
||||
from infection_monkey.model.host import VictimHost
|
||||
|
||||
AUTH_BASIC = "basic"
|
||||
AUTH_NEGOTIATE = "negotiate"
|
||||
|
@ -16,17 +17,26 @@ class AuthOptions:
|
|||
ssl: bool
|
||||
|
||||
|
||||
def get_auth_options(credentials: Credentials, use_ssl: bool) -> AuthOptions:
|
||||
ssl = _get_ssl(credentials, use_ssl)
|
||||
def get_auth_options(credentials: Credentials, host: VictimHost) -> AuthOptions:
|
||||
ssl = _get_ssl(credentials, host)
|
||||
auth_type = _get_auth_type(credentials)
|
||||
encryption = _get_encryption(credentials)
|
||||
|
||||
return AuthOptions(auth_type, encryption, ssl)
|
||||
|
||||
|
||||
def _get_ssl(credentials: Credentials, use_ssl):
|
||||
def _get_ssl(credentials: Credentials, host: VictimHost) -> bool:
|
||||
# Check if default PSRemoting ports are open. Prefer with SSL, if both are.
|
||||
if "tcp-5986" in host.services: # Default for HTTPS
|
||||
use_ssl = True
|
||||
elif "tcp-5985" in host.services: # Default for HTTP
|
||||
use_ssl = False
|
||||
|
||||
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
|
||||
return False if credentials.secret == "" else use_ssl
|
||||
if credentials.secret == "":
|
||||
use_ssl = False
|
||||
|
||||
return use_ssl
|
||||
|
||||
|
||||
def _get_auth_type(credentials: Credentials):
|
||||
|
|
Loading…
Reference in New Issue