Agent: Use exploit tag properties

2022-10-05 20:41:47 +00:00 · 2022-10-05 20:41:47 +00:00 · e404416363
parent 5c6b1e3910
commit e404416363
1 changed files with 13 additions and 19 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -27,12 +27,6 @@ from infection_monkey.utils.threading import interruptible_iter
 logger = logging.getLogger(__name__)

 MSSQL_EXPLOITER_TAG = "mssql-exploiter"
-EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
-PROPAGATION_TAGS = (
-    MSSQL_EXPLOITER_TAG,
-    T1059_ATTACK_TECHNIQUE_TAG,
-    T1105_ATTACK_TECHNIQUE_TAG,
-)


 class MSSQLExploiter(HostExploiter):
@ -50,6 +44,12 @@ class MSSQLExploiter(HostExploiter):
        "DownloadFile(^''{http_path}^'' , ^''{dst_path}^'')"
    )

+    def _exploiter_tags(self) -> Tuple[str, ...]:
+        return (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG)
+
+    def _propagation_tags(self) -> Tuple[str, ...]:
+        return (MSSQL_EXPLOITER_TAG, T1059_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG)
+
    def __init__(self):
        super().__init__()
        self.cursor = None
@ -71,9 +71,7 @@ class MSSQLExploiter(HostExploiter):
                f" no credentials were successful"
            )
            logger.error(error_message)
-            self._publish_exploitation_event(
-                self.host.ip_addr, False, EXPLOITER_TAGS, error_message
-            )
+            self._publish_exploitation_event(False, error_message=error_message)
            return self.exploit_result

        if self._is_interrupted():
@ -90,14 +88,12 @@ class MSSQLExploiter(HostExploiter):
            )

            logger.error(error_message)
-            self._publish_propagation_event(
-                self.host.ip_addr, False, PROPAGATION_TAGS, error_message
-            )
+            self._publish_propagation_event(success=False, error_message=error_message)
            self.exploit_result.error_message = error_message

            return self.exploit_result

-        self._publish_propagation_event(self.host.ip_addr, True, PROPAGATION_TAGS)
+        self._publish_propagation_event(success=True)
        self.exploit_result.propagation_success = True
        return self.exploit_result

@ -144,13 +140,13 @@ class MSSQLExploiter(HostExploiter):
                )
                self.exploit_result.exploitation_success = True
                self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
-                self._report_login_attempt(True, host, user, password)
+                self._report_login_attempt(True, user, password)
                cursor = conn.cursor()
                return cursor
            except pymssql.OperationalError as err:
                error_message = f"Connection to MSSQL failed: {err}"
                logger.info(error_message)
-                self._report_login_attempt(False, host, user, password, error_message)
+                self._report_login_attempt(False, user, password, error_message)
                # Combo didn't work, hopping to the next one
                pass

@ -162,10 +158,8 @@ class MSSQLExploiter(HostExploiter):
            "Bruteforce process failed on host: {0}".format(self.host.ip_addr)
        )

-    def _report_login_attempt(
-        self, success: bool, host: str, user, password: str, message: str = ""
-    ):
-        self._publish_exploitation_event(host, success, EXPLOITER_TAGS, error_message=message)
+    def _report_login_attempt(self, success: bool, user, password: str, message: str = ""):
+        self._publish_exploitation_event(success=success, error_message=message)
        self.report_login_attempt(success, user, password)

    def _upload_agent(self, agent_path_on_victim: PureWindowsPath):