forked from p15670423/monkey
Agent: Fix calls to _publish_exploitation_event in zerologon
This commit is contained in:
Shreya Malviya
Ilija Lazoroski
parent
1cf017c2ac
commit
0e2f80ded6
|
|
@ -9,6 +9,7 @@ import os
|
|||
import re
|
||||
import tempfile
|
||||
from binascii import unhexlify
|
||||
from time import time
|
||||
from typing import Dict, List, Optional, Sequence, Tuple
|
||||
|
||||
import impacket
|
||||
|
|
@ -37,12 +38,7 @@ from infection_monkey.utils.threading import interruptible_iter
|
|||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
EXPLOIT_TAGS = (
|
||||
ZEROLOGON_EXPLOITER_TAG,
|
||||
T1003_ATTACK_TECHNIQUE_TAG,
|
||||
T1098_ATTACK_TECHNIQUE_TAG,
|
||||
T1210_ATTACK_TECHNIQUE_TAG,
|
||||
)
|
||||
|
||||
CREDENTIALS_STOLEN_EVENT_TAGS = frozenset(
|
||||
{
|
||||
ZEROLOGON_EXPLOITER_TAG,
|
||||
|
|
@ -54,6 +50,14 @@ CREDENTIALS_STOLEN_EVENT_TAGS = frozenset(
|
|||
|
||||
class ZerologonExploiter(HostExploiter):
|
||||
_EXPLOITED_SERVICE = "Netlogon"
|
||||
_EXPLOITER_TAGS = (
|
||||
ZEROLOGON_EXPLOITER_TAG,
|
||||
T1003_ATTACK_TECHNIQUE_TAG,
|
||||
T1098_ATTACK_TECHNIQUE_TAG,
|
||||
T1210_ATTACK_TECHNIQUE_TAG,
|
||||
)
|
||||
_PROPAGATION_TAGS = tuple()
|
||||
|
||||
MAX_ATTEMPTS = 2000 # For 2000, expected average number of attempts needed: 256.
|
||||
ERROR_CODE_ACCESS_DENIED = 0xC0000022
|
||||
|
||||
|
|
@ -144,9 +148,8 @@ class ZerologonExploiter(HostExploiter):
|
|||
logger.info(error_message)
|
||||
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=False,
|
||||
tags=EXPLOIT_TAGS,
|
||||
time=time(),
|
||||
success=False,
|
||||
error_message=error_message,
|
||||
)
|
||||
|
||||
|
|
@ -178,9 +181,7 @@ class ZerologonExploiter(HostExploiter):
|
|||
_exploited = True
|
||||
logger.info("Exploit complete!")
|
||||
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr, exploitation_success=True, tags=EXPLOIT_TAGS
|
||||
)
|
||||
self._publish_exploitation_event(time=time(), success=True)
|
||||
else:
|
||||
self.report_login_attempt(result=False, user=self.dc_name)
|
||||
_exploited = False
|
||||
|
|
@ -189,9 +190,8 @@ class ZerologonExploiter(HostExploiter):
|
|||
logger.info(error_message)
|
||||
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=False,
|
||||
tags=EXPLOIT_TAGS,
|
||||
time=time(),
|
||||
success=False,
|
||||
error_message=error_message,
|
||||
)
|
||||
return _exploited
|
||||
|
|
|
|||
Loading…
Reference in New Issue