forked from p34709852/monkey
Agent: Update ssh exploiter tags
This commit is contained in:
parent
5d9416c385
commit
9dac64b60e
|
@ -37,6 +37,8 @@ SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
|
||||||
|
|
||||||
TRANSFER_UPDATE_RATE = 15
|
TRANSFER_UPDATE_RATE = 15
|
||||||
SSH_EXPLOITER_TAG = "ssh-exploiter"
|
SSH_EXPLOITER_TAG = "ssh-exploiter"
|
||||||
|
EXPLOIT_TAGS = (SSH_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1021_ATTACK_TECHNIQUE_TAG)
|
||||||
|
PROPAGATION_TAGS = (SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG)
|
||||||
|
|
||||||
|
|
||||||
class SSHExploiter(HostExploiter):
|
class SSHExploiter(HostExploiter):
|
||||||
|
@ -96,11 +98,7 @@ class SSHExploiter(HostExploiter):
|
||||||
self._publish_exploitation_event(
|
self._publish_exploitation_event(
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
exploitation_success=True,
|
exploitation_success=True,
|
||||||
tags=(
|
tags=EXPLOIT_TAGS,
|
||||||
SSH_EXPLOITER_TAG,
|
|
||||||
T1110_ATTACK_TECHNIQUE_TAG,
|
|
||||||
T1021_ATTACK_TECHNIQUE_TAG,
|
|
||||||
),
|
|
||||||
)
|
)
|
||||||
self.report_login_attempt(True, user, ssh_key=ssh_string)
|
self.report_login_attempt(True, user, ssh_key=ssh_string)
|
||||||
return ssh
|
return ssh
|
||||||
|
@ -114,7 +112,7 @@ class SSHExploiter(HostExploiter):
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
exploitation_success=False,
|
exploitation_success=False,
|
||||||
error_message=error_message,
|
error_message=error_message,
|
||||||
tags=(SSH_EXPLOITER_TAG,),
|
tags=EXPLOIT_TAGS,
|
||||||
)
|
)
|
||||||
self.report_login_attempt(False, user, ssh_key=ssh_string)
|
self.report_login_attempt(False, user, ssh_key=ssh_string)
|
||||||
continue
|
continue
|
||||||
|
@ -157,11 +155,7 @@ class SSHExploiter(HostExploiter):
|
||||||
self._publish_exploitation_event(
|
self._publish_exploitation_event(
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
exploitation_success=True,
|
exploitation_success=True,
|
||||||
tags=(
|
tags=EXPLOIT_TAGS,
|
||||||
SSH_EXPLOITER_TAG,
|
|
||||||
T1110_ATTACK_TECHNIQUE_TAG,
|
|
||||||
T1021_ATTACK_TECHNIQUE_TAG,
|
|
||||||
),
|
|
||||||
)
|
)
|
||||||
self.report_login_attempt(True, user, current_password)
|
self.report_login_attempt(True, user, current_password)
|
||||||
return ssh
|
return ssh
|
||||||
|
@ -173,7 +167,7 @@ class SSHExploiter(HostExploiter):
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
exploitation_success=False,
|
exploitation_success=False,
|
||||||
error_message=error_message,
|
error_message=error_message,
|
||||||
tags=(SSH_EXPLOITER_TAG,),
|
tags=EXPLOIT_TAGS,
|
||||||
)
|
)
|
||||||
self.report_login_attempt(False, user, current_password)
|
self.report_login_attempt(False, user, current_password)
|
||||||
ssh.close()
|
ssh.close()
|
||||||
|
@ -294,7 +288,7 @@ class SSHExploiter(HostExploiter):
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
propagation_success=False,
|
propagation_success=False,
|
||||||
error_message=self.exploit_result.error_message,
|
error_message=self.exploit_result.error_message,
|
||||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
tags=PROPAGATION_TAGS,
|
||||||
)
|
)
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
|
@ -316,7 +310,7 @@ class SSHExploiter(HostExploiter):
|
||||||
self._publish_propagation_event(
|
self._publish_propagation_event(
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
propagation_success=True,
|
propagation_success=True,
|
||||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
tags=PROPAGATION_TAGS,
|
||||||
)
|
)
|
||||||
|
|
||||||
ssh.close()
|
ssh.close()
|
||||||
|
@ -332,7 +326,7 @@ class SSHExploiter(HostExploiter):
|
||||||
target=self.host.ip_addr,
|
target=self.host.ip_addr,
|
||||||
propagation_success=False,
|
propagation_success=False,
|
||||||
error_message=self.exploit_result.error_message,
|
error_message=self.exploit_result.error_message,
|
||||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
tags=PROPAGATION_TAGS,
|
||||||
)
|
)
|
||||||
|
|
||||||
logger.error(self.exploit_result.error_message)
|
logger.error(self.exploit_result.error_message)
|
||||||
|
|
Loading…
Reference in New Issue