Testing is important

This commit is contained in:
Shreya 2020-10-21 01:08:01 +05:30
parent 0a8d1f2afe
commit 08d3801120
2 changed files with 36 additions and 27 deletions

View File

@ -18,6 +18,22 @@ class WindowsServerFinger(HostFinger):
def __init__(self):
self._config = infection_monkey.config.WormConfiguration
def get_dc_name(self, DC_IP):
"""
Gets NetBIOS name of the DC.
"""
name = ''
try:
if is_windows_os():
cmd = f'nbtstat -A {DC_IP} | findstr "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip(' ').split(' ')[0]
else:
cmd = f'nmblookup -A {DC_IP} | grep "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0]
except BaseException as ex:
LOG.info(f'Exception: {ex} Most likely not a Windows DC.')
return name
def get_host_fingerprint(self, host):
"""
Checks if the Windows Server is vulnerable to Zerologon.
@ -71,6 +87,7 @@ class WindowsServerFinger(HostFinger):
DC_NAME = self.get_dc_name(DC_IP)
DC_HANDLE = '\\\\' + DC_NAME
if DC_NAME: # if it is a Windows DC
# Keep authenticating until successful. Expected average number of attempts needed: 256.
LOG.info('Performing Zerologon authentication attempts...')
rpc_con = None
@ -79,7 +96,7 @@ class WindowsServerFinger(HostFinger):
if (rpc_con is not None) or (unexpected_error_encountered):
break
self.init_service(host.services, self._SCANNED_SERVICE, None)
self.init_service(host.services, self._SCANNED_SERVICE, '')
if rpc_con:
LOG.info('Success: DC can be fully compromised by a Zerologon attack.')
@ -90,14 +107,6 @@ class WindowsServerFinger(HostFinger):
host.services[self._SCANNED_SERVICE]['is_vulnerable'] = False
return False
def get_dc_name(self, DC_IP):
"""
Gets NetBIOS name of the DC.
"""
if is_windows_os():
cmd = f'nbtstat -A {DC_IP} | findstr "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip(' ').split(' ')[0]
else:
cmd = f'nmblookup -A {DC_IP} | grep "<00>"'
name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0]
return name
LOG.info('Error encountered; most likely not a Windows DC.')
return False

View File

@ -222,7 +222,7 @@ INTERNAL = {
"HTTPFinger",
"MySQLFinger",
"MSSQLFinger",
"ElasticFinger"
"ElasticFinger",
"WindowsServerFinger"
]
}