forked from p15670423/monkey
Agent: decouple wmiexec.py from WormConfig object
This commit is contained in:
parent
d7e222c8a8
commit
c932a19b47
|
@ -151,20 +151,6 @@ class Configuration(object):
|
|||
"""
|
||||
return product(self.exploit_user_list, self.exploit_ssh_keys)
|
||||
|
||||
def get_exploit_user_password_or_hash_product(self):
|
||||
"""
|
||||
Returns all combinations of the configurations users and passwords or lm/ntlm hashes
|
||||
:return:
|
||||
"""
|
||||
cred_list = []
|
||||
for cred in product(self.exploit_user_list, self.exploit_password_list, [""], [""]):
|
||||
cred_list.append(cred)
|
||||
for cred in product(self.exploit_user_list, [""], [""], self.exploit_ntlm_hash_list):
|
||||
cred_list.append(cred)
|
||||
for cred in product(self.exploit_user_list, [""], self.exploit_lm_hash_list, [""]):
|
||||
cred_list.append(cred)
|
||||
return cred_list
|
||||
|
||||
@staticmethod
|
||||
def hash_sensitive_data(sensitive_data):
|
||||
"""
|
||||
|
|
|
@ -52,6 +52,7 @@ class SmbExploiter(HostExploiter):
|
|||
logger.info("Can't find suitable monkey executable for host %r", self.host)
|
||||
return False
|
||||
|
||||
# TODO extract the method in wmiexec.py
|
||||
creds = self._config.get_exploit_user_password_or_hash_product()
|
||||
|
||||
exploited = False
|
||||
|
|
|
@ -2,13 +2,14 @@ import logging
|
|||
import ntpath
|
||||
import socket
|
||||
import traceback
|
||||
from typing import List
|
||||
from itertools import product
|
||||
from typing import List, Mapping
|
||||
|
||||
from impacket.dcerpc.v5.rpcrt import DCERPCException
|
||||
|
||||
from common.utils.exploit_enum import ExploitType
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.tools.helpers import get_monkey_depth, get_target_monkey
|
||||
from infection_monkey.exploit.tools.helpers import get_monkey_depth
|
||||
from infection_monkey.exploit.tools.smb_tools import SmbTools
|
||||
from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
|
||||
from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
|
||||
|
@ -28,7 +29,7 @@ class WmiExploiter(HostExploiter):
|
|||
@WmiTools.dcom_wrap
|
||||
def _exploit_host(self):
|
||||
|
||||
creds = self._config.get_exploit_user_password_or_hash_product()
|
||||
creds = _get_exploit_user_password_or_hash_product(self.options["credentials"])
|
||||
|
||||
for user, password, lm_hash, ntlm_hash in creds:
|
||||
creds_for_log = _get_credential_string([user, password, lm_hash, ntlm_hash])
|
||||
|
@ -83,20 +84,20 @@ class WmiExploiter(HostExploiter):
|
|||
password,
|
||||
lm_hash,
|
||||
ntlm_hash,
|
||||
self._config.smb_download_timeout,
|
||||
self.options["smb_download_timeout"],
|
||||
)
|
||||
|
||||
if not remote_full_path:
|
||||
wmi_connection.close()
|
||||
return False
|
||||
# execute the remote dropper in case the path isn't final
|
||||
elif remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
|
||||
elif remote_full_path.lower() != self.options["dropper_target_path_win_64"]:
|
||||
cmdline = DROPPER_CMDLINE_WINDOWS % {
|
||||
"dropper_path": remote_full_path
|
||||
} + build_monkey_commandline(
|
||||
self.host,
|
||||
get_monkey_depth() - 1,
|
||||
self._config.dropper_target_path_win_32,
|
||||
self.options["dropper_target_path_win_64"],
|
||||
)
|
||||
else:
|
||||
cmdline = MONKEY_CMDLINE_WINDOWS % {
|
||||
|
@ -139,6 +140,27 @@ class WmiExploiter(HostExploiter):
|
|||
return False
|
||||
|
||||
|
||||
def _get_exploit_user_password_or_hash_product(credentials: Mapping) -> List:
|
||||
"""
|
||||
Returns all combinations of the configurations users and passwords or lm/ntlm hashes
|
||||
:return:
|
||||
"""
|
||||
cred_list = []
|
||||
for cred in product(
|
||||
credentials["exploit_user_list"], credentials["exploit_password_list"], [""], [""]
|
||||
):
|
||||
cred_list.append(cred)
|
||||
for cred in product(
|
||||
credentials["exploit_user_list"], [""], [""], credentials["exploit_ntlm_hash_list"]
|
||||
):
|
||||
cred_list.append(cred)
|
||||
for cred in product(
|
||||
credentials["exploit_user_list"], [""], credentials["exploit_lm_hash_list"], [""]
|
||||
):
|
||||
cred_list.append(cred)
|
||||
return cred_list
|
||||
|
||||
|
||||
def _get_credential_string(creds: List) -> str:
|
||||
cred_strs = [
|
||||
(creds[0], "username"),
|
||||
|
|
Loading…
Reference in New Issue