Agent: Decide if SSL is to be used in auth_options.py

This commit is contained in:
Shreya Malviya 2022-03-23 15:59:53 +05:30 committed by Mike Salvatore
parent 6d9e18fdc9
commit 4614e2207d
2 changed files with 23 additions and 12 deletions

View File

@ -49,13 +49,11 @@ class PowerShellExploiter(HostExploiter):
self._client = None
def _exploit_host(self):
try:
use_ssl = self._is_client_using_https()
except PowerShellRemotingDisabledError as e:
logger.info(e)
self.exploit_result.error_message = (
"PowerShell Remoting appears to be disabled on the remote host"
)
if not self._is_any_default_port_open():
message = "No default PowerShell remoting ports are open."
self.exploit_result.error_message = message
logger.debug(message)
return self.exploit_result
credentials = get_credentials(
@ -66,7 +64,7 @@ class PowerShellExploiter(HostExploiter):
is_windows_os(),
)
auth_options = [get_auth_options(creds, use_ssl) for creds in credentials]
auth_options = [get_auth_options(creds, self.host) for creds in credentials]
self._client = self._authenticate_via_brute_force(credentials, auth_options)
@ -89,6 +87,9 @@ class PowerShellExploiter(HostExploiter):
return self.exploit_result
def _is_any_default_port_open(self) -> bool:
return "tcp-5985" in self.host.services or "tcp-5986" in self.host.services
def _is_client_using_https(self) -> bool:
try:
logger.debug("Checking if powershell remoting is enabled over HTTP.")

View File

@ -1,6 +1,7 @@
from dataclasses import dataclass
from infection_monkey.exploit.powershell_utils.credentials import Credentials, SecretType
from infection_monkey.model.host import VictimHost
AUTH_BASIC = "basic"
AUTH_NEGOTIATE = "negotiate"
@ -16,17 +17,26 @@ class AuthOptions:
ssl: bool
def get_auth_options(credentials: Credentials, use_ssl: bool) -> AuthOptions:
ssl = _get_ssl(credentials, use_ssl)
def get_auth_options(credentials: Credentials, host: VictimHost) -> AuthOptions:
ssl = _get_ssl(credentials, host)
auth_type = _get_auth_type(credentials)
encryption = _get_encryption(credentials)
return AuthOptions(auth_type, encryption, ssl)
def _get_ssl(credentials: Credentials, use_ssl):
def _get_ssl(credentials: Credentials, host: VictimHost) -> bool:
# Check if default PSRemoting ports are open. Prefer with SSL, if both are.
if "tcp-5986" in host.services: # Default for HTTPS
use_ssl = True
elif "tcp-5985" in host.services: # Default for HTTP
use_ssl = False
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
return False if credentials.secret == "" else use_ssl
if credentials.secret == "":
use_ssl = False
return use_ssl
def _get_auth_type(credentials: Credentials):