This commit is contained in:
Itay Mizeretz 2017-09-28 19:03:31 +03:00
parent 5586619f19
commit 9af6590e75
3 changed files with 10 additions and 11 deletions

View File

@ -163,14 +163,13 @@ class SambaCryExploiter(HostExploiter):
def get_credentials_list(self): def get_credentials_list(self):
creds = self._config.get_exploit_user_password_or_hash_product() creds = self._config.get_exploit_user_password_or_hash_product()
creds = [{'username': user, 'password': password, 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash}
for user, password, lm_hash, ntlm_hash in creds]
# Add empty credentials for anonymous shares. # Add empty credentials for anonymous shares.
credentials_list = [{'username': '', 'password': '', 'lm_hash': '', 'ntlm_hash': ''}] creds.insert(0, {'username': '', 'password': '', 'lm_hash': '', 'ntlm_hash': ''})
for user, password, lm_hash, ntlm_hash in creds: return creds
credentials_list.append(
{'username': user, 'password': password, 'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash})
return credentials_list
def list_shares(self, smb_client): def list_shares(self, smb_client):
shares = [x['shi1_netname'][:-1] for x in smb_client.listShares()] shares = [x['shi1_netname'][:-1] for x in smb_client.listShares()]

View File

@ -21,7 +21,7 @@ except ImportError as exc:
print 'Install the following library to make this script work' print 'Install the following library to make this script work'
print 'Impacket : http://oss.coresecurity.com/projects/impacket.html' print 'Impacket : http://oss.coresecurity.com/projects/impacket.html'
print 'PyCrypto : http://www.amk.ca/python/code/crypto.html' print 'PyCrypto : http://www.amk.ca/python/code/crypto.html'
sys.exit(1) raise
LOG = getLogger(__name__) LOG = getLogger(__name__)
@ -64,10 +64,10 @@ class SmbExploiter(HostExploiter):
LOG.info("Can't find suitable monkey executable for host %r", host) LOG.info("Can't find suitable monkey executable for host %r", host)
return False return False
user_password_pairs = self._config.get_exploit_user_password_or_hash_product() creds = self._config.get_exploit_user_password_or_hash_product()
exploited = False exploited = False
for user, password, lm_hash, ntlm_hash in user_password_pairs: for user, password, lm_hash, ntlm_hash in creds:
try: try:
# copy the file remotely using SMB # copy the file remotely using SMB
remote_full_path = SmbTools.copy_file(host, remote_full_path = SmbTools.copy_file(host,

View File

@ -479,9 +479,9 @@ def report_failed_login(exploiter, machine, user, password='', lm_hash='', ntlm_
telemetry_dict =\ telemetry_dict =\
{'result': False, 'machine': machine.__dict__, 'exploiter': exploiter.__class__.__name__, {'result': False, 'machine': machine.__dict__, 'exploiter': exploiter.__class__.__name__,
'user': user, 'password': password} 'user': user, 'password': password}
if lm_hash != '': if lm_hash:
telemetry_dict['lm_hash'] = lm_hash telemetry_dict['lm_hash'] = lm_hash
if ntlm_hash != '': if ntlm_hash:
telemetry_dict['ntlm_hash'] = ntlm_hash telemetry_dict['ntlm_hash'] = ntlm_hash
ControlClient.send_telemetry('exploit', telemetry_dict) ControlClient.send_telemetry('exploit', telemetry_dict)