forked from p34709852/monkey
Agent: Remove unused functions in PowerShell exploiter
This commit is contained in:
parent
4614e2207d
commit
e947f335ff
|
@ -3,19 +3,13 @@ from pathlib import Path
|
|||
from typing import List, Optional
|
||||
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.powershell_utils.auth_options import (
|
||||
AUTH_NEGOTIATE,
|
||||
ENCRYPTION_AUTO,
|
||||
AuthOptions,
|
||||
get_auth_options,
|
||||
)
|
||||
from infection_monkey.exploit.powershell_utils.auth_options import AuthOptions, get_auth_options
|
||||
from infection_monkey.exploit.powershell_utils.credentials import (
|
||||
Credentials,
|
||||
SecretType,
|
||||
get_credentials,
|
||||
)
|
||||
from infection_monkey.exploit.powershell_utils.powershell_client import (
|
||||
AuthenticationError,
|
||||
IPowerShellClient,
|
||||
PowerShellClient,
|
||||
)
|
||||
|
@ -90,51 +84,6 @@ class PowerShellExploiter(HostExploiter):
|
|||
def _is_any_default_port_open(self) -> bool:
|
||||
return "tcp-5985" in self.host.services or "tcp-5986" in self.host.services
|
||||
|
||||
def _is_client_using_https(self) -> bool:
|
||||
try:
|
||||
logger.debug("Checking if powershell remoting is enabled over HTTP.")
|
||||
self._try_http()
|
||||
return False
|
||||
except AuthenticationError:
|
||||
return False
|
||||
except Exception as e:
|
||||
logger.debug(f"Powershell remoting over HTTP seems disabled: {e}")
|
||||
|
||||
try:
|
||||
logger.debug("Checking if powershell remoting is enabled over HTTPS.")
|
||||
self._try_https()
|
||||
return True
|
||||
except AuthenticationError:
|
||||
return True
|
||||
except Exception as e:
|
||||
logger.debug(f"Powershell remoting over HTTPS seems disabled: {e}")
|
||||
raise PowerShellRemotingDisabledError("Powershell remoting seems to be disabled.")
|
||||
|
||||
def _try_http(self):
|
||||
self._try_ssl_login(use_ssl=False)
|
||||
|
||||
def _try_https(self):
|
||||
self._try_ssl_login(use_ssl=True)
|
||||
|
||||
def _try_ssl_login(self, use_ssl: bool):
|
||||
# '.\' is machine qualifier if the user is in the local domain
|
||||
# which happens if we try to exploit a machine on second hop
|
||||
credentials = Credentials(
|
||||
username=".\\dummy_username",
|
||||
secret="dummy_password",
|
||||
secret_type=SecretType.PASSWORD,
|
||||
)
|
||||
|
||||
auth_options = AuthOptions(
|
||||
auth_type=AUTH_NEGOTIATE,
|
||||
encryption=ENCRYPTION_AUTO,
|
||||
ssl=use_ssl,
|
||||
)
|
||||
|
||||
# TODO: Report login attempt or find a better way of detecting if SSL is enabled
|
||||
client = PowerShellClient(self.host.ip_addr, credentials, auth_options)
|
||||
client.connect()
|
||||
|
||||
def _authenticate_via_brute_force(
|
||||
self, credentials: List[Credentials], auth_options: List[AuthOptions]
|
||||
) -> Optional[IPowerShellClient]:
|
||||
|
|
Loading…
Reference in New Issue