From e4044163638b2e239a3d105645885e59d6592a37 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 20:41:47 +0000 Subject: [PATCH] Agent: Use exploit tag properties --- monkey/infection_monkey/exploit/mssqlexec.py | 32 ++++++++------------ 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index cc93f084c..34a272bfc 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -27,12 +27,6 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) MSSQL_EXPLOITER_TAG = "mssql-exploiter" -EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG) -PROPAGATION_TAGS = ( - MSSQL_EXPLOITER_TAG, - T1059_ATTACK_TECHNIQUE_TAG, - T1105_ATTACK_TECHNIQUE_TAG, -) class MSSQLExploiter(HostExploiter): @@ -50,6 +44,12 @@ class MSSQLExploiter(HostExploiter): "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')" ) + def _exploiter_tags(self) -> Tuple[str, ...]: + return (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG) + + def _propagation_tags(self) -> Tuple[str, ...]: + return (MSSQL_EXPLOITER_TAG, T1059_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG) + def __init__(self): super().__init__() self.cursor = None @@ -71,9 +71,7 @@ class MSSQLExploiter(HostExploiter): f" no credentials were successful" ) logger.error(error_message) - self._publish_exploitation_event( - self.host.ip_addr, False, EXPLOITER_TAGS, error_message - ) + self._publish_exploitation_event(False, error_message=error_message) return self.exploit_result if self._is_interrupted(): @@ -90,14 +88,12 @@ class MSSQLExploiter(HostExploiter): ) logger.error(error_message) - self._publish_propagation_event( - self.host.ip_addr, False, PROPAGATION_TAGS, error_message - ) + self._publish_propagation_event(success=False, error_message=error_message) self.exploit_result.error_message = error_message return self.exploit_result - self._publish_propagation_event(self.host.ip_addr, True, PROPAGATION_TAGS) + self._publish_propagation_event(success=True) self.exploit_result.propagation_success = True return self.exploit_result @@ -144,13 +140,13 @@ class MSSQLExploiter(HostExploiter): ) self.exploit_result.exploitation_success = True self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT) - self._report_login_attempt(True, host, user, password) + self._report_login_attempt(True, user, password) cursor = conn.cursor() return cursor except pymssql.OperationalError as err: error_message = f"Connection to MSSQL failed: {err}" logger.info(error_message) - self._report_login_attempt(False, host, user, password, error_message) + self._report_login_attempt(False, user, password, error_message) # Combo didn't work, hopping to the next one pass @@ -162,10 +158,8 @@ class MSSQLExploiter(HostExploiter): "Bruteforce process failed on host: {0}".format(self.host.ip_addr) ) - def _report_login_attempt( - self, success: bool, host: str, user, password: str, message: str = "" - ): - self._publish_exploitation_event(host, success, EXPLOITER_TAGS, error_message=message) + def _report_login_attempt(self, success: bool, user, password: str, message: str = ""): + self._publish_exploitation_event(success=success, error_message=message) self.report_login_attempt(success, user, password) def _upload_agent(self, agent_path_on_victim: PureWindowsPath):