forked from p34709852/monkey
Remove IP address from AuthOptions in powershell
This commit is contained in:
parent
b82f4e157a
commit
aedc666e8f
|
@ -14,7 +14,7 @@ from infection_monkey.exploit.consts import WIN_ARCH_32, WIN_ARCH_64
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.powershell_utils import utils
|
from infection_monkey.exploit.powershell_utils import utils
|
||||||
from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions
|
from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions
|
||||||
from infection_monkey.exploit.powershell_utils.credential_generator import CredentialGenerator
|
from infection_monkey.exploit.powershell_utils.credential_generation import get_credentials
|
||||||
from infection_monkey.exploit.powershell_utils.utils import (
|
from infection_monkey.exploit.powershell_utils.utils import (
|
||||||
IClient,
|
IClient,
|
||||||
get_client_based_on_auth_options,
|
get_client_based_on_auth_options,
|
||||||
|
@ -57,12 +57,12 @@ class PowerShellExploiter(HostExploiter):
|
||||||
logging.info(e)
|
logging.info(e)
|
||||||
return False
|
return False
|
||||||
|
|
||||||
credentials = CredentialGenerator(
|
credentials = get_credentials(
|
||||||
self.host.ip_addr,
|
|
||||||
self._config.exploit_user_list,
|
self._config.exploit_user_list,
|
||||||
self._config.exploit_password_list,
|
self._config.exploit_password_list,
|
||||||
is_windows_os(),
|
is_windows_os(),
|
||||||
).get_credentials(is_https=is_https)
|
is_https=is_https,
|
||||||
|
)
|
||||||
|
|
||||||
self.client = self._authenticate_via_brute_force(credentials)
|
self.client = self._authenticate_via_brute_force(credentials)
|
||||||
if not self.client:
|
if not self.client:
|
||||||
|
@ -92,7 +92,6 @@ class PowerShellExploiter(HostExploiter):
|
||||||
|
|
||||||
def _try_http(self):
|
def _try_http(self):
|
||||||
auth_options_http = AuthOptions(
|
auth_options_http = AuthOptions(
|
||||||
ip_addr=self.host.ip_addr,
|
|
||||||
username=self._config.exploit_user_list[0],
|
username=self._config.exploit_user_list[0],
|
||||||
password=self._config.exploit_password_list[0],
|
password=self._config.exploit_password_list[0],
|
||||||
is_https=False,
|
is_https=False,
|
||||||
|
@ -101,7 +100,6 @@ class PowerShellExploiter(HostExploiter):
|
||||||
|
|
||||||
def _try_https(self):
|
def _try_https(self):
|
||||||
auth_options_http = AuthOptions(
|
auth_options_http = AuthOptions(
|
||||||
ip_addr=self.host.ip_addr,
|
|
||||||
username=self._config.exploit_user_list[0],
|
username=self._config.exploit_user_list[0],
|
||||||
password=self._config.exploit_password_list[0],
|
password=self._config.exploit_password_list[0],
|
||||||
is_https=True,
|
is_https=True,
|
||||||
|
@ -111,7 +109,7 @@ class PowerShellExploiter(HostExploiter):
|
||||||
def _authenticate_via_brute_force(self, credentials: [AuthOptions]) -> Optional[IClient]:
|
def _authenticate_via_brute_force(self, credentials: [AuthOptions]) -> Optional[IClient]:
|
||||||
for credential in credentials:
|
for credential in credentials:
|
||||||
try:
|
try:
|
||||||
client = PowerShellExploiter._authenticate(credential)
|
client = self._authenticate(credential)
|
||||||
|
|
||||||
LOG.info(
|
LOG.info(
|
||||||
f"Successfully logged into {self.host.ip_addr} using Powershell. User: "
|
f"Successfully logged into {self.host.ip_addr} using Powershell. User: "
|
||||||
|
@ -129,9 +127,8 @@ class PowerShellExploiter(HostExploiter):
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@staticmethod
|
def _authenticate(self, auth_options: AuthOptions) -> IClient:
|
||||||
def _authenticate(auth_options: AuthOptions) -> IClient:
|
client = get_client_based_on_auth_options(self.host.ip_addr, auth_options)
|
||||||
client = get_client_based_on_auth_options(auth_options)
|
|
||||||
|
|
||||||
# attempt to execute dir command to know if authentication was successful
|
# attempt to execute dir command to know if authentication was successful
|
||||||
client.execute_cmd("dir")
|
client.execute_cmd("dir")
|
||||||
|
|
|
@ -4,7 +4,6 @@ from typing import Union
|
||||||
|
|
||||||
@dataclass
|
@dataclass
|
||||||
class AuthOptions:
|
class AuthOptions:
|
||||||
ip_addr: str
|
|
||||||
username: Union[str, None]
|
username: Union[str, None]
|
||||||
password: Union[str, None]
|
password: Union[str, None]
|
||||||
is_https: bool
|
is_https: bool
|
||||||
|
|
|
@ -34,7 +34,7 @@ class IClient(Protocol):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
def get_client_based_on_auth_options(auth_options: AuthOptions) -> IClient:
|
def get_client_based_on_auth_options(ip_addr: str, auth_options: AuthOptions) -> IClient:
|
||||||
|
|
||||||
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
|
# Passwordless login only works with SSL false, AUTH_BASIC and ENCRYPTION_NEVER
|
||||||
if auth_options.password == "":
|
if auth_options.password == "":
|
||||||
|
@ -45,7 +45,7 @@ def get_client_based_on_auth_options(auth_options: AuthOptions) -> IClient:
|
||||||
encryption = ENCRYPTION_AUTO if auth_options.password != "" else ENCRYPTION_NEVER
|
encryption = ENCRYPTION_AUTO if auth_options.password != "" else ENCRYPTION_NEVER
|
||||||
|
|
||||||
return Client(
|
return Client(
|
||||||
auth_options.ip_addr,
|
ip_addr,
|
||||||
username=auth_options.username,
|
username=auth_options.username,
|
||||||
password=auth_options.password,
|
password=auth_options.password,
|
||||||
cert_validation=False,
|
cert_validation=False,
|
||||||
|
|
Loading…
Reference in New Issue