p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Add tags to SSHExploiter

This commit is contained in:
Ilija Lazoroski 2022-10-04 15:59:58 +02:00
parent ddaada1f09
commit 5948537d4a
1 changed files with 49 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
monkey/infection_monkey/exploit/sshexec.py
View File

@ -30,6 +30,11 @@ SSH_EXEC_TIMEOUT = LONG_REQUEST_TIMEOUT
SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
TRANSFER_UPDATE_RATE = 15 TRANSFER_UPDATE_RATE = 15
SSH_EXPLOITER_TAG = "ssh-exploiter"
T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
class SSHExploiter(HostExploiter): class SSHExploiter(HostExploiter):
@ -86,12 +91,28 @@ class SSHExploiter(HostExploiter):
) )
self.add_vuln_port(port) self.add_vuln_port(port)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=True,
tags=(
SSH_EXPLOITER_TAG,
T1110_ATTACK_TECHNIQUE_TAG,
T1021_ATTACK_TECHNIQUE_TAG,
),
)
self.report_login_attempt(True, user, ssh_key=ssh_string) self.report_login_attempt(True, user, ssh_key=ssh_string)
return ssh return ssh
except paramiko.AuthenticationException as err: except paramiko.AuthenticationException as err:
ssh.close() ssh.close()
logger.info( error_message = (
f"Failed logging into victim {self.host} with {ssh_string} private key: {err}", f"Failed logging into victim {self.host} with {ssh_string} private key: {err}"
)
logger.info(error_message)
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
error_message=error_message,
tags=(SSH_EXPLOITER_TAG,),
) )
self.report_login_attempt(False, user, ssh_key=ssh_string) self.report_login_attempt(False, user, ssh_key=ssh_string)
continue continue
@ -131,15 +152,26 @@ class SSHExploiter(HostExploiter):
logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user) logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user)
self.add_vuln_port(port) self.add_vuln_port(port)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=True,
tags=(
SSH_EXPLOITER_TAG,
T1110_ATTACK_TECHNIQUE_TAG,
T1021_ATTACK_TECHNIQUE_TAG,
),
)
self.report_login_attempt(True, user, current_password) self.report_login_attempt(True, user, current_password)
return ssh return ssh
except paramiko.AuthenticationException as err: except paramiko.AuthenticationException as err:
logger.debug( error_message = f"Failed logging into victim {self.host} with user: {user}: {err}"
"Failed logging into victim %r with user" " %s: (%s)", logger.debug(error_message)
self.host, self._publish_exploitation_event(
user, target=self.host.ip_addr,
err, exploitation_success=False,
error_message=error_message,
tags=(SSH_EXPLOITER_TAG,),
) )
self.report_login_attempt(False, user, current_password) self.report_login_attempt(False, user, current_password)
ssh.close() ssh.close()
@ -159,7 +191,12 @@ class SSHExploiter(HostExploiter):
is_open, _ = check_tcp_port(self.host.ip_addr, port) is_open, _ = check_tcp_port(self.host.ip_addr, port)
if not is_open: if not is_open:
self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping" self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping"
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
error_message=self.exploit_result.error_message,
tags=(SSH_EXPLOITER_TAG,),
)
logger.info(self.exploit_result.error_message) logger.info(self.exploit_result.error_message)
return self.exploit_result return self.exploit_result
@ -188,23 +225,12 @@ class SSHExploiter(HostExploiter):
self.exploit_result.error_message = f"SSH Skipping unknown os: {uname_os}" self.exploit_result.error_message = f"SSH Skipping unknown os: {uname_os}"
if not uname_os: if not uname_os:
self._publish_propagation_event(
target=self.host.ip_addr,
propagation_success=False,
error_message=self.exploit_result.error_message,
)
logger.error(self.exploit_result.error_message) logger.error(self.exploit_result.error_message)
return self.exploit_result return self.exploit_result
except Exception as exc: except Exception as exc:
self.exploit_result.error_message = ( self.exploit_result.error_message = (
f"Error running uname os command on victim {self.host}: ({exc})" f"Error running uname os command on victim {self.host}: ({exc})"
) )
self._publish_propagation_event(
target=self.host.ip_addr,
propagation_success=False,
error_message=self.exploit_result.error_message,
)
logger.error(self.exploit_result.error_message) logger.error(self.exploit_result.error_message)
return self.exploit_result return self.exploit_result
@ -222,6 +248,7 @@ class SSHExploiter(HostExploiter):
target=self.host.ip_addr, target=self.host.ip_addr,
propagation_success=False, propagation_success=False,
error_message=self.exploit_result.error_message, error_message=self.exploit_result.error_message,
tags=(SSH_EXPLOITER_TAG,),
) )
logger.error(self.exploit_result.error_message) logger.error(self.exploit_result.error_message)
@ -265,7 +292,7 @@ class SSHExploiter(HostExploiter):
target=self.host.ip_addr, target=self.host.ip_addr,
propagation_success=False, propagation_success=False,
error_message=self.exploit_result.error_message, error_message=self.exploit_result.error_message,
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)), tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
) )
return self.exploit_result return self.exploit_result
@ -287,7 +314,7 @@ class SSHExploiter(HostExploiter):
self._publish_propagation_event( self._publish_propagation_event(
target=self.host.ip_addr, target=self.host.ip_addr,
propagation_success=True, propagation_success=True,
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)), tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
) )
ssh.close() ssh.close()
@ -303,7 +330,7 @@ class SSHExploiter(HostExploiter):
target=self.host.ip_addr, target=self.host.ip_addr,
propagation_success=False, propagation_success=False,
error_message=self.exploit_result.error_message, error_message=self.exploit_result.error_message,
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)), tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
) )
logger.error(self.exploit_result.error_message) logger.error(self.exploit_result.error_message)
@ -320,9 +347,3 @@ class SSHExploiter(HostExploiter):
self.host, self.host,
) )
) )
self._publish_propagation_event(
target=self.host.ip_addr,
propagation_success=False,
tags=frozenset((T1222_ATTACK_TECHNIQUE_TAG,)),
)