From 8b0dd91c18951724e6ec64a07ca517182e57b424 Mon Sep 17 00:00:00 2001 From: Shreya Date: Sun, 1 Nov 2020 18:19:14 +0530 Subject: [PATCH] Better way to get NetBIOS name --- .../network/windowsserver_fingerprint.py | 13 +++++-------- monkey/infection_monkey/requirements.txt | 1 + 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/monkey/infection_monkey/network/windowsserver_fingerprint.py b/monkey/infection_monkey/network/windowsserver_fingerprint.py index 73e5d7bdc..a19d54ff4 100644 --- a/monkey/infection_monkey/network/windowsserver_fingerprint.py +++ b/monkey/infection_monkey/network/windowsserver_fingerprint.py @@ -5,6 +5,7 @@ Implementation from https://github.com/SecuraBV/CVE-2020-1472 import logging import subprocess +import nmb.NetBIOS from impacket.dcerpc.v5 import epm, nrpc, transport import infection_monkey.config @@ -25,15 +26,11 @@ class WindowsServerFinger(HostFinger): """ name = '' try: - if is_windows_os(): - cmd = f'nbtstat -A {DC_IP} | findstr "<00>"' - name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip(' ').split(' ')[0] - else: - cmd = f'nmblookup -A {DC_IP} | grep "<00>"' - name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0] + nb = nmb.NetBIOS.NetBIOS() + name = nb.queryIPForName(ip=DC_IP) # returns either a list of NetBIOS names or None + return name[0] if name else None except BaseException as ex: - LOG.info(f'Exception: {ex} Most likely not a Windows Domain Controller.') - return name + LOG.info(f'Exception: {ex}') def get_host_fingerprint(self, host): """ diff --git a/monkey/infection_monkey/requirements.txt b/monkey/infection_monkey/requirements.txt index c9633b555..0a1dbd282 100644 --- a/monkey/infection_monkey/requirements.txt +++ b/monkey/infection_monkey/requirements.txt @@ -12,5 +12,6 @@ pycryptodome==3.9.8 pyftpdlib==1.5.6 pymssql<3.0 pypykatz==0.3.12 +pysmb==1.2.5 requests>=2.24 wmi==1.5.1 ; sys_platform == 'win32'