From fc9d21201f72d9790641b058dab77cff512839d7 Mon Sep 17 00:00:00 2001 From: Shreya Date: Sun, 25 Oct 2020 16:21:19 +0530 Subject: [PATCH] CR changes, nothing major --- .../network/windowsserver_fingerprint.py | 21 ++++++++----------- 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/monkey/infection_monkey/network/windowsserver_fingerprint.py b/monkey/infection_monkey/network/windowsserver_fingerprint.py index ddf5b42ca..7873f81a7 100644 --- a/monkey/infection_monkey/network/windowsserver_fingerprint.py +++ b/monkey/infection_monkey/network/windowsserver_fingerprint.py @@ -17,14 +17,11 @@ LOG = logging.getLogger(__name__) class WindowsServerFinger(HostFinger): # Class related consts MAX_ATTEMPTS = 2000 - _SCANNED_SERVICE = "Windows Server" - - def __init__(self): - self._config = infection_monkey.config.WormConfiguration + _SCANNED_SERVICE = "NTLM (NT LAN Manager)" def get_dc_name(self, DC_IP): """ - Gets NetBIOS name of the DC. + Gets NetBIOS name of the Domain Controller (DC). """ name = '' try: @@ -35,7 +32,7 @@ class WindowsServerFinger(HostFinger): cmd = f'nmblookup -A {DC_IP} | grep "<00>"' name = subprocess.check_output(cmd, shell=True).decode().split('\n')[0].strip('\t').strip(' ').split(' ')[0] except BaseException as ex: - LOG.info(f'Exception: {ex} Most likely not a Windows DC.') + LOG.info(f'Exception: {ex} Most likely not a Windows Domain Controller.') return name def get_host_fingerprint(self, host): @@ -85,17 +82,17 @@ class WindowsServerFinger(HostFinger): LOG.error(f'Unexpected error: {ex}.') unexpected_error_encountered = True - return None - DC_IP = host.ip_addr DC_NAME = self.get_dc_name(DC_IP) DC_HANDLE = '\\\\' + DC_NAME if DC_NAME: # if it is a Windows DC - # Keep authenticating until successful. Expected average number of attempts needed: 256. + # Keep authenticating until successful. + # Expected average number of attempts needed: 256. + # Approximate time taken by 2000 attempts: 40 seconds. LOG.info('Performing Zerologon authentication attempts...') rpc_con = None - for attempt in range(0, self.MAX_ATTEMPTS): + for _ in range(0, self.MAX_ATTEMPTS): rpc_con = try_zero_authenticate(DC_HANDLE, DC_IP, DC_NAME) if (rpc_con is not None) or (unexpected_error_encountered): break @@ -103,7 +100,7 @@ class WindowsServerFinger(HostFinger): self.init_service(host.services, self._SCANNED_SERVICE, '') if rpc_con: - LOG.info('Success: DC can be fully compromised by a Zerologon attack.') + LOG.info('Success: Domain Controller can be fully compromised by a Zerologon attack.') host.services[self._SCANNED_SERVICE]['is_vulnerable'] = True return True else: @@ -112,5 +109,5 @@ class WindowsServerFinger(HostFinger): return False else: - LOG.info('Error encountered; most likely not a Windows DC.') + LOG.info('Error encountered; most likely not a Windows Domain Controller.') return False