p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Add tags to MSSQL exploitation events

This commit is contained in:
Kekoa Kaaikala 2022-10-05 13:07:28 +00:00 committed by Ilija Lazoroski
parent 33230e85f7
commit 183bd1145f
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
monkey/infection_monkey/exploit/mssqlexec.py
View File

@ -7,6 +7,10 @@ import pymssql
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.credentials import get_plaintext from common.credentials import get_plaintext
from common.tags import (
T1110_ATTACK_TECHNIQUE_TAG,
T1210_ATTACK_TECHNIQUE_TAG,
)
from common.utils.exceptions import FailedExploitationError from common.utils.exceptions import FailedExploitationError
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_agent_dst_path from infection_monkey.exploit.tools.helpers import get_agent_dst_path
@ -20,6 +24,9 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
MSSQL_EXPLOITER_TAG = "mssql-exploiter"
EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
class MSSQLExploiter(HostExploiter): class MSSQLExploiter(HostExploiter):
_EXPLOITED_SERVICE = "MSSQL" _EXPLOITED_SERVICE = "MSSQL"
@ -57,7 +64,9 @@ class MSSQLExploiter(HostExploiter):
f" no credentials were successful" f" no credentials were successful"
) )
logger.error(error_message) logger.error(error_message)
self._publish_exploitation_event(self.host.ip_addr, False, error_message=error_message) self._publish_exploitation_event(
self.host.ip_addr, False, EXPLOITER_TAGS, error_message
)
return self.exploit_result return self.exploit_result
if self._is_interrupted(): if self._is_interrupted():
@ -147,7 +156,7 @@ class MSSQLExploiter(HostExploiter):
def _report_login_attempt( def _report_login_attempt(
self, success: bool, host: str, user, password: str, message: str = "" self, success: bool, host: str, user, password: str, message: str = ""
): ):
self._publish_exploitation_event(host, success, error_message=message) self._publish_exploitation_event(host, success, EXPLOITER_TAGS, error_message=message)
self.report_login_attempt(success, user, password) self.report_login_attempt(success, user, password)
def _upload_agent(self, agent_path_on_victim: PureWindowsPath): def _upload_agent(self, agent_path_on_victim: PureWindowsPath):