forked from p15670423/monkey
Agent: Revise Powershell publishing of events
This commit is contained in:
parent
39bada5bb1
commit
ac11d159fe
|
@ -1,5 +1,6 @@
|
|||
import logging
|
||||
from pathlib import Path, PurePath
|
||||
from time import time
|
||||
from typing import List, Optional
|
||||
|
||||
from common import OperatingSystem
|
||||
|
@ -27,12 +28,6 @@ from infection_monkey.utils.threading import interruptible_iter
|
|||
|
||||
logger = logging.getLogger(__name__)
|
||||
POWERSHELL_EXPLOITER_TAG = "powershell-exploiter"
|
||||
EXPLOITER_TAGS = (POWERSHELL_EXPLOITER_TAG, T1059_ATTACK_TECHNIQUE_TAG, T1110_ATTACK_TECHNIQUE_TAG)
|
||||
PROPAGATION_TAGS = (
|
||||
POWERSHELL_EXPLOITER_TAG,
|
||||
T1059_ATTACK_TECHNIQUE_TAG,
|
||||
T1105_ATTACK_TECHNIQUE_TAG,
|
||||
)
|
||||
|
||||
|
||||
class RemoteAgentCopyError(Exception):
|
||||
|
@ -46,6 +41,17 @@ class RemoteAgentExecutionError(Exception):
|
|||
class PowerShellExploiter(HostExploiter):
|
||||
_EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"
|
||||
|
||||
_EXPLOITER_TAGS = (
|
||||
POWERSHELL_EXPLOITER_TAG,
|
||||
T1059_ATTACK_TECHNIQUE_TAG,
|
||||
T1110_ATTACK_TECHNIQUE_TAG,
|
||||
)
|
||||
_PROPAGATION_TAGS = (
|
||||
POWERSHELL_EXPLOITER_TAG,
|
||||
T1059_ATTACK_TECHNIQUE_TAG,
|
||||
T1105_ATTACK_TECHNIQUE_TAG,
|
||||
)
|
||||
|
||||
def __init__(self):
|
||||
super().__init__()
|
||||
self._client = None
|
||||
|
@ -80,16 +86,19 @@ class PowerShellExploiter(HostExploiter):
|
|||
)
|
||||
return self.exploit_result
|
||||
|
||||
timestamp = time()
|
||||
try:
|
||||
self._execute_monkey_agent_on_victim()
|
||||
except Exception as ex:
|
||||
self._publish_propagation_event(self.host.ip_addr, False, PROPAGATION_TAGS, str(ex))
|
||||
logger.error(f"Failed to propagate to the remote host: {ex}")
|
||||
self.exploit_result.error_message = str(ex)
|
||||
except Exception as err:
|
||||
self.exploit_result.error_message = f"Failed to propagate to the remote host: {err}"
|
||||
self._publish_propagation_event(
|
||||
time=timestamp, success=False, error_message=self.exploit_result.error_message
|
||||
)
|
||||
logger.error(self.exploit_result.error_message)
|
||||
return self.exploit_result
|
||||
|
||||
self.exploit_result.propagation_success = True
|
||||
self._publish_propagation_event(self.host.ip_addr, True, PROPAGATION_TAGS)
|
||||
self._publish_propagation_event(timestamp, True)
|
||||
|
||||
return self.exploit_result
|
||||
|
||||
|
@ -116,7 +125,7 @@ class PowerShellExploiter(HostExploiter):
|
|||
f"{creds.username}, Secret Type: {creds.secret_type.name}"
|
||||
)
|
||||
|
||||
self._publish_exploitation_event(self.host.ip_addr, True, EXPLOITER_TAGS)
|
||||
self._publish_exploitation_event(success=True)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self._report_login_attempt(True, creds)
|
||||
|
||||
|
@ -127,9 +136,7 @@ class PowerShellExploiter(HostExploiter):
|
|||
f"{creds.username}, SecretType: {creds.secret_type.name} -- Error: {ex}"
|
||||
)
|
||||
logger.debug(error_message)
|
||||
self._publish_exploitation_event(
|
||||
self.host.ip_addr, False, EXPLOITER_TAGS, error_message
|
||||
)
|
||||
self._publish_exploitation_event(success=False, error_message=error_message)
|
||||
self._report_login_attempt(False, creds)
|
||||
|
||||
return None
|
||||
|
|
Loading…
Reference in New Issue