From b63d739578751772aa3f63c066bfebae1533dd5c Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 08:33:12 -0500
Subject: [PATCH 1/6] Agent: Replace *Finger* names with *Fingerprinter* in
 SMBFinger

---
 monkey/infection_monkey/network/smbfinger.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py
index 2c76f652a..adf86a2da 100644
--- a/monkey/infection_monkey/network/smbfinger.py
+++ b/monkey/infection_monkey/network/smbfinger.py
@@ -62,7 +62,7 @@ class SMBNego(Packet):
         self.fields["bcc"] = struct.pack("<h", len(self.fields["data"].to_byte_string()))
 
 
-class SMBNegoFingerData(Packet):
+class SMBNegoFingerprintData(Packet):
     fields = odict(
         [
             ("separator1", b"\x02"),
@@ -89,7 +89,7 @@ class SMBNegoFingerData(Packet):
     )
 
 
-class SMBSessionFingerData(Packet):
+class SMBSessionFingerprintData(Packet):
     fields = odict(
         [
             ("wordcount", b"\x0c"),
@@ -127,7 +127,7 @@ class SMBSessionFingerData(Packet):
         self.fields["bcc1"] = struct.pack("<i", len(self.fields["Data"]))[:2]
 
 
-class SMBFinger(HostFinger):
+class SMBFingerprinter(HostFinger):
     _SCANNED_SERVICE = "SMB"
 
     def __init__(self):
@@ -145,7 +145,7 @@ class SMBFinger(HostFinger):
             self.init_service(host.services, SMB_SERVICE, SMB_PORT)
 
             h = SMBHeader(cmd=b"\x72", flag1=b"\x18", flag2=b"\x53\xc8")
-            n = SMBNego(data=SMBNegoFingerData())
+            n = SMBNego(data=SMBNegoFingerprintData())
             n.calculate()
 
             packet_ = h.to_byte_string() + n.to_byte_string()
@@ -155,7 +155,7 @@ class SMBFinger(HostFinger):
 
             if data[8:10] == b"\x72\x00":
                 header = SMBHeader(cmd=b"\x73", flag1=b"\x18", flag2=b"\x17\xc8", uid=b"\x00\x00")
-                body = SMBSessionFingerData()
+                body = SMBSessionFingerprintData()
                 body.calculate()
 
                 packet_ = header.to_byte_string() + body.to_byte_string()

From a7022011d981b8eeb534c992f227cb0bd5b284b4 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 08:33:49 -0500
Subject: [PATCH 2/6] Agent: Rename smb_finger.py -> smb_fingerprinter.py

---
 .../network/{smbfinger.py => smb_fingerprinter.py}                | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename monkey/infection_monkey/network/{smbfinger.py => smb_fingerprinter.py} (100%)

diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smb_fingerprinter.py
similarity index 100%
rename from monkey/infection_monkey/network/smbfinger.py
rename to monkey/infection_monkey/network/smb_fingerprinter.py

From ab3daeb2e8d3a465aad4975e1983f17fcea7d1ed Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 09:55:00 -0500
Subject: [PATCH 3/6] Agent: Refactor the SMB fingerprinter to implement
 IFingerprinter

---
 .../network/smb_fingerprinter.py              | 51 +++++++++++--------
 1 file changed, 30 insertions(+), 21 deletions(-)

diff --git a/monkey/infection_monkey/network/smb_fingerprinter.py b/monkey/infection_monkey/network/smb_fingerprinter.py
index adf86a2da..4d37b0efa 100644
--- a/monkey/infection_monkey/network/smb_fingerprinter.py
+++ b/monkey/infection_monkey/network/smb_fingerprinter.py
@@ -1,11 +1,19 @@
 import logging
 import socket
 import struct
+from typing import Dict
 
 from odict import odict
 
-from infection_monkey.network.HostFinger import HostFinger
+from infection_monkey.i_puppet import (
+    FingerprintData,
+    IFingerprinter,
+    PingScanData,
+    PortScanData,
+    PortStatus,
+)
 
+SMB_DISPLAY_NAME = "SMB"
 SMB_PORT = 445
 SMB_SERVICE = "tcp-445"
 
@@ -127,22 +135,25 @@ class SMBSessionFingerprintData(Packet):
         self.fields["bcc1"] = struct.pack("<i", len(self.fields["Data"]))[:2]
 
 
-class SMBFingerprinter(HostFinger):
-    _SCANNED_SERVICE = "SMB"
-
-    def __init__(self):
-        from infection_monkey.config import WormConfiguration
-
-        self._config = WormConfiguration
-
-    def get_host_fingerprint(self, host):
-
+class SMBFingerprinter(IFingerprinter):
+    def get_host_fingerprint(
+        self,
+        host: str,
+        _ping_scan_data: PingScanData,
+        port_scan_data: Dict[int, PortScanData],
+        _options: Dict,
+    ) -> FingerprintData:
+        services = {}
+        smb_service = {
+            "display_name": SMB_DISPLAY_NAME,
+            "port": SMB_PORT,
+        }
+        os_type = None
+        os_version = None
         try:
             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
             s.settimeout(0.7)
-            s.connect((host.ip_addr, SMB_PORT))
-
-            self.init_service(host.services, SMB_SERVICE, SMB_PORT)
+            s.connect((host, SMB_PORT))
 
             h = SMBHeader(cmd=b"\x72", flag1=b"\x18", flag2=b"\x53\xc8")
             n = SMBNego(data=SMBNegoFingerprintData())
@@ -174,16 +185,14 @@ class SMBFingerprinter(HostFinger):
                 )
 
                 if os_version.lower() != "unix":
-                    host.os["type"] = "windows"
+                    os_type = "windows"
                 else:
-                    host.os["type"] = "linux"
+                    os_type = "linux"
 
-                host.services[SMB_SERVICE]["name"] = service_client
-                if "version" not in host.os:
-                    host.os["version"] = os_version
+                smb_service["name"] = service_client
 
-                return True
+            services[SMB_SERVICE] = smb_service
         except Exception as exc:
             logger.debug("Error getting smb fingerprint: %s", exc)
 
-        return False
+        return FingerprintData(os_type, os_version, services)

From fec7d987d8b06ac0dc75814637baecababde81d9 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 09:56:29 -0500
Subject: [PATCH 4/6] Agent: Skip SMBFingerprinter if SMB_PORT is not open

---
 monkey/infection_monkey/network/smb_fingerprinter.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/monkey/infection_monkey/network/smb_fingerprinter.py b/monkey/infection_monkey/network/smb_fingerprinter.py
index 4d37b0efa..a0e87f311 100644
--- a/monkey/infection_monkey/network/smb_fingerprinter.py
+++ b/monkey/infection_monkey/network/smb_fingerprinter.py
@@ -150,6 +150,10 @@ class SMBFingerprinter(IFingerprinter):
         }
         os_type = None
         os_version = None
+
+        if (SMB_PORT not in port_scan_data) or (port_scan_data[SMB_PORT].status != PortStatus.OPEN):
+            return FingerprintData(None, None, services)
+
         try:
             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
             s.settimeout(0.7)

From f85bb389cc618626fa036b87b90689af236a290b Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 11:57:13 -0500
Subject: [PATCH 5/6] Agent: Add some debug logging to SMBFingerprinter

---
 monkey/infection_monkey/network/smb_fingerprinter.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/monkey/infection_monkey/network/smb_fingerprinter.py b/monkey/infection_monkey/network/smb_fingerprinter.py
index a0e87f311..0d13a2d36 100644
--- a/monkey/infection_monkey/network/smb_fingerprinter.py
+++ b/monkey/infection_monkey/network/smb_fingerprinter.py
@@ -154,6 +154,8 @@ class SMBFingerprinter(IFingerprinter):
         if (SMB_PORT not in port_scan_data) or (port_scan_data[SMB_PORT].status != PortStatus.OPEN):
             return FingerprintData(None, None, services)
 
+        logger.debug(f"Fingerprinting potential SMB port {SMB_PORT} on {host}")
+
         try:
             s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
             s.settimeout(0.7)
@@ -188,6 +190,8 @@ class SMBFingerprinter(IFingerprinter):
                     ]
                 )
 
+                logger.debug(f'os_version: "{os_version}", service_client: "{service_client}"')
+
                 if os_version.lower() != "unix":
                     os_type = "windows"
                 else:

From 37eab76044a20b193758be787420976155e5c7d2 Mon Sep 17 00:00:00 2001
From: Mike Salvatore <mike.s.salvatore@gmail.com>
Date: Wed, 9 Feb 2022 13:02:54 -0500
Subject: [PATCH 6/6] Agent: Load SMBFingerprinter into the puppet

---
 monkey/infection_monkey/monkey.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py
index cfb1b077a..d15603e48 100644
--- a/monkey/infection_monkey/monkey.py
+++ b/monkey/infection_monkey/monkey.py
@@ -22,6 +22,7 @@ from infection_monkey.network.firewall import app as firewall
 from infection_monkey.network.http_fingerprinter import HTTPFingerprinter
 from infection_monkey.network.info import get_local_network_interfaces
 from infection_monkey.network.mssql_fingerprinter import MSSQLFingerprinter
+from infection_monkey.network.smb_fingerprinter import SMBFingerprinter
 from infection_monkey.payload.ransomware.ransomware_payload import RansomwarePayload
 from infection_monkey.puppet.puppet import Puppet
 from infection_monkey.system_singleton import SystemSingleton
@@ -186,9 +187,11 @@ class InfectionMonkey:
     @staticmethod
     def _build_puppet() -> IPuppet:
         puppet = Puppet()
+
         puppet.load_plugin("elastic", ElasticSearchFingerprinter(), PluginType.FINGERPRINTER)
         puppet.load_plugin("http", HTTPFingerprinter(), PluginType.FINGERPRINTER)
         puppet.load_plugin("mssql", MSSQLFingerprinter(), PluginType.FINGERPRINTER)
+        puppet.load_plugin("smb", SMBFingerprinter(), PluginType.FINGERPRINTER)
 
         puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD)