forked from p15670423/monkey
99 lines
3.0 KiB
Python
99 lines
3.0 KiB
Python
from abc import abstractmethod
|
|
|
|
from infection_monkey.config import WormConfiguration
|
|
from common.utils.exploit_enum import ExploitType
|
|
from datetime import datetime
|
|
|
|
from infection_monkey.utils.plugins.plugin import Plugin
|
|
import infection_monkey.exploit
|
|
|
|
__author__ = 'itamar'
|
|
|
|
|
|
class HostExploiter(Plugin):
|
|
@staticmethod
|
|
def should_run(class_name):
|
|
"""
|
|
Decides if post breach action is enabled in config
|
|
:return: True if it needs to be ran, false otherwise
|
|
"""
|
|
return class_name in WormConfiguration.exploiter_classes
|
|
|
|
@staticmethod
|
|
def base_package_file():
|
|
return infection_monkey.exploit.__file__
|
|
|
|
@staticmethod
|
|
def base_package_name():
|
|
return infection_monkey.exploit.__package__
|
|
|
|
_TARGET_OS_TYPE = []
|
|
|
|
# Usual values are 'vulnerability' or 'brute_force'
|
|
EXPLOIT_TYPE = ExploitType.VULNERABILITY
|
|
|
|
@property
|
|
@abstractmethod
|
|
def _EXPLOITED_SERVICE(self):
|
|
pass
|
|
|
|
def __init__(self, host):
|
|
self._config = WormConfiguration
|
|
self.exploit_info = {'display_name': self._EXPLOITED_SERVICE,
|
|
'started': '',
|
|
'finished': '',
|
|
'vulnerable_urls': [],
|
|
'vulnerable_ports': [],
|
|
'executed_cmds': []}
|
|
self.exploit_attempts = []
|
|
self.host = host
|
|
|
|
def set_start_time(self):
|
|
self.exploit_info['started'] = datetime.now().isoformat()
|
|
|
|
def set_finish_time(self):
|
|
self.exploit_info['finished'] = datetime.now().isoformat()
|
|
|
|
def is_os_supported(self):
|
|
return self.host.os.get('type') in self._TARGET_OS_TYPE
|
|
|
|
def send_exploit_telemetry(self, result):
|
|
from infection_monkey.telemetry.exploit_telem import ExploitTelem
|
|
ExploitTelem(self, result).send()
|
|
|
|
def report_login_attempt(self, result, user, password='', lm_hash='', ntlm_hash='', ssh_key=''):
|
|
self.exploit_attempts.append({'result': result, 'user': user, 'password': password,
|
|
'lm_hash': lm_hash, 'ntlm_hash': ntlm_hash, 'ssh_key': ssh_key})
|
|
|
|
def exploit_host(self):
|
|
self.pre_exploit()
|
|
try:
|
|
result = self._exploit_host()
|
|
finally:
|
|
self.post_exploit()
|
|
return result
|
|
|
|
def pre_exploit(self):
|
|
self.set_start_time()
|
|
|
|
def post_exploit(self):
|
|
self.set_finish_time()
|
|
|
|
@abstractmethod
|
|
def _exploit_host(self):
|
|
raise NotImplementedError()
|
|
|
|
def add_vuln_url(self, url):
|
|
self.exploit_info['vulnerable_urls'].append(url)
|
|
|
|
def add_vuln_port(self, port):
|
|
self.exploit_info['vulnerable_ports'].append(port)
|
|
|
|
def add_executed_cmd(self, cmd):
|
|
"""
|
|
Appends command to exploiter's info.
|
|
:param cmd: String of executed command. e.g. 'echo Example'
|
|
"""
|
|
powershell = True if "powershell" in cmd.lower() else False
|
|
self.exploit_info['executed_cmds'].append({'cmd': cmd, 'powershell': powershell})
|