p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Testing is important

This commit is contained in:
Shreya 2020-10-21 01:08:01 +05:30
parent 0a8d1f2afe
commit 08d3801120
2 changed files with 36 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
monkey/infection_monkey/network/windowsserver_fingerprint.py
View File

@ -18,6 +18,22 @@ class WindowsServerFinger(HostFinger):
def __init__(self): def __init__(self):
self._config = infection_monkey.config.WormConfiguration self._config = infection_monkey.config.WormConfiguration
def get_dc_name(self, DC_IP):
"""
Gets NetBIOS name of the DC.
"""
name = ''
try:
if is_windows_os():
cmd = f'nbtstat -A {DC_IP} | findstr "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip(' ').split(' ')[0]
else:
cmd = f'nmblookup -A {DC_IP} | grep "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0]
except BaseException as ex:
LOG.info(f'Exception: {ex} Most likely not a Windows DC.')
return name
def get_host_fingerprint(self, host): def get_host_fingerprint(self, host):
""" """
Checks if the Windows Server is vulnerable to Zerologon. Checks if the Windows Server is vulnerable to Zerologon.
@ -71,6 +87,7 @@ class WindowsServerFinger(HostFinger):
DC_NAME = self.get_dc_name(DC_IP) DC_NAME = self.get_dc_name(DC_IP)
DC_HANDLE = '\\\\' + DC_NAME DC_HANDLE = '\\\\' + DC_NAME
if DC_NAME: # if it is a Windows DC
# Keep authenticating until successful. Expected average number of attempts needed: 256. # Keep authenticating until successful. Expected average number of attempts needed: 256.
LOG.info('Performing Zerologon authentication attempts...') LOG.info('Performing Zerologon authentication attempts...')
rpc_con = None rpc_con = None
@ -79,7 +96,7 @@ class WindowsServerFinger(HostFinger):
if (rpc_con is not None) or (unexpected_error_encountered): if (rpc_con is not None) or (unexpected_error_encountered):
break break
self.init_service(host.services, self._SCANNED_SERVICE, None) self.init_service(host.services, self._SCANNED_SERVICE, '')
if rpc_con: if rpc_con:
LOG.info('Success: DC can be fully compromised by a Zerologon attack.') LOG.info('Success: DC can be fully compromised by a Zerologon attack.')
@ -90,14 +107,6 @@ class WindowsServerFinger(HostFinger):
host.services[self._SCANNED_SERVICE]['is_vulnerable'] = False host.services[self._SCANNED_SERVICE]['is_vulnerable'] = False
return False return False
def get_dc_name(self, DC_IP):
"""
Gets NetBIOS name of the DC.
"""
if is_windows_os():
cmd = f'nbtstat -A {DC_IP} | findstr "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip(' ').split(' ')[0]
else: else:
cmd = f'nmblookup -A {DC_IP} | grep "<00>"' LOG.info('Error encountered; most likely not a Windows DC.')
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0] return False
return name

2
monkey/monkey_island/cc/services/config_schema/internal.py
View File

@ -222,7 +222,7 @@ INTERNAL = {
"HTTPFinger", "HTTPFinger",
"MySQLFinger", "MySQLFinger",
"MSSQLFinger", "MSSQLFinger",
"ElasticFinger" "ElasticFinger",
"WindowsServerFinger" "WindowsServerFinger"
] ]
} }