p20319658
/
monkey
forked from p34709852/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CR changes, nothing major

This commit is contained in:
Shreya 2020-10-25 16:21:19 +05:30
parent 7bdc7ce4c2
commit fc9d21201f
1 changed files with 9 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
monkey/infection_monkey/network/windowsserver_fingerprint.py
View File

@ -17,14 +17,11 @@ LOG = logging.getLogger(__name__)
class WindowsServerFinger(HostFinger): class WindowsServerFinger(HostFinger):
# Class related consts # Class related consts
MAX_ATTEMPTS = 2000 MAX_ATTEMPTS = 2000
_SCANNED_SERVICE = "Windows Server" _SCANNED_SERVICE = "NTLM (NT LAN Manager)"
def __init__(self):
self._config = infection_monkey.config.WormConfiguration
def get_dc_name(self, DC_IP): def get_dc_name(self, DC_IP):
""" """
Gets NetBIOS name of the DC. Gets NetBIOS name of the Domain Controller (DC).
""" """
name = '' name = ''
try: try:
@ -35,7 +32,7 @@ class WindowsServerFinger(HostFinger):
cmd = f'nmblookup -A {DC_IP} | grep "<00>"' cmd = f'nmblookup -A {DC_IP} | grep "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0] name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0]
except BaseException as ex: except BaseException as ex:
LOG.info(f'Exception: {ex} Most likely not a Windows DC.') LOG.info(f'Exception: {ex} Most likely not a Windows Domain Controller.')
return name return name
def get_host_fingerprint(self, host): def get_host_fingerprint(self, host):
@ -85,17 +82,17 @@ class WindowsServerFinger(HostFinger):
LOG.error(f'Unexpected error: {ex}.') LOG.error(f'Unexpected error: {ex}.')
unexpected_error_encountered = True unexpected_error_encountered = True
return None
DC_IP = host.ip_addr DC_IP = host.ip_addr
DC_NAME = self.get_dc_name(DC_IP) DC_NAME = self.get_dc_name(DC_IP)
DC_HANDLE = '\\\\' + DC_NAME DC_HANDLE = '\\\\' + DC_NAME
if DC_NAME: # if it is a Windows DC if DC_NAME: # if it is a Windows DC
# Keep authenticating until successful. Expected average number of attempts needed: 256. # Keep authenticating until successful.
# Expected average number of attempts needed: 256.
# Approximate time taken by 2000 attempts: 40 seconds.
LOG.info('Performing Zerologon authentication attempts...') LOG.info('Performing Zerologon authentication attempts...')
rpc_con = None rpc_con = None
for attempt in range(0, self.MAX_ATTEMPTS): for _ in range(0, self.MAX_ATTEMPTS):
rpc_con = try_zero_authenticate(DC_HANDLE, DC_IP, DC_NAME) rpc_con = try_zero_authenticate(DC_HANDLE, DC_IP, DC_NAME)
if (rpc_con is not None) or (unexpected_error_encountered): if (rpc_con is not None) or (unexpected_error_encountered):
break break
@ -103,7 +100,7 @@ class WindowsServerFinger(HostFinger):
self.init_service(host.services, self._SCANNED_SERVICE, '') self.init_service(host.services, self._SCANNED_SERVICE, '')
if rpc_con: if rpc_con:
LOG.info('Success: DC can be fully compromised by a Zerologon attack.') LOG.info('Success: Domain Controller can be fully compromised by a Zerologon attack.')
host.services[self._SCANNED_SERVICE]['is_vulnerable'] = True host.services[self._SCANNED_SERVICE]['is_vulnerable'] = True
return True return True
else: else:
@ -112,5 +109,5 @@ class WindowsServerFinger(HostFinger):
return False return False
else: else:
LOG.info('Error encountered; most likely not a Windows DC.') LOG.info('Error encountered; most likely not a Windows Domain Controller.')
return False return False