Agent: Move connect_to_dc to vuln_assessment.py

monkey/infection_monkey/exploit/zerologon.py

@@ -12,11 +12,10 @@ from binascii import unhexlify
 from typing import Dict, List, Optional, Sequence, Tuple
 
 import impacket
-from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
+from impacket.dcerpc.v5 import nrpc, rpcrt
 from impacket.dcerpc.v5.dtypes import NULL
 
 from common.agent_events import CredentialsStolenEvent, PasswordRestorationEvent
-from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
 from common.credentials import Credentials, LMHash, NTHash, Username
 from common.tags import (
     T1003_ATTACK_TECHNIQUE_TAG,
@@ -27,7 +26,11 @@ from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.wmi_tools import WmiTools
 from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
 from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
-from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
+from infection_monkey.exploit.zerologon_utils.vuln_assessment import (
+    connect_to_dc,
+    get_dc_details,
+    is_exploitable,
+)
 from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
 from infection_monkey.i_puppet import ExploiterResultData
 from infection_monkey.utils.capture_output import StdoutCapture
@@ -113,16 +116,6 @@ class ZerologonExploiter(HostExploiter):
 
         return self.exploit_result
 
-    @staticmethod
-    def connect_to_dc(dc_ip) -> object:
-        binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
-        rpc_transport = transport.DCERPCTransportFactory(binding)
-        rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
-        rpc_con = rpc_transport.get_dce_rpc()
-        rpc_con.connect()
-        rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
-        return rpc_con
-
     def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
         for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
             exploit_attempt_result = self.try_exploit_attempt(rpc_con)
@@ -230,7 +223,7 @@ class ZerologonExploiter(HostExploiter):
 
             # Connect to the DC's Netlogon service.
             try:
-                rpc_con = ZerologonExploiter.connect_to_dc(self.dc_ip)
+                rpc_con = connect_to_dc(self.dc_ip)
             except Exception as e:
                 logger.info(f"Exception occurred while connecting to DC: {str(e)}")
                 return False

monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py

@@ -2,9 +2,9 @@ import logging
 from typing import Optional, Tuple
 
 import nmb.NetBIOS
-from impacket.dcerpc.v5 import nrpc, rpcrt
+from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
 
-from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
+from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from common.utils.exceptions import DomainControllerNameFetchError
 from infection_monkey.model import VictimHost
 from infection_monkey.utils.threading import interruptible_iter
@@ -12,6 +12,16 @@ from infection_monkey.utils.threading import interruptible_iter
 logger = logging.getLogger(__name__)
 
 
+def connect_to_dc(dc_ip) -> object:
+    binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
+    rpc_transport = transport.DCERPCTransportFactory(binding)
+    rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
+    rpc_con = rpc_transport.get_dce_rpc()
+    rpc_con.connect()
+    rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
+    return rpc_con
+
+
 def get_dc_details(host: VictimHost) -> Tuple[str, str, str]:
     dc_ip = host.ip_addr
     dc_name = _get_dc_name(dc_ip=dc_ip)
@@ -39,7 +49,7 @@ def _get_dc_name(dc_ip: str) -> str:
 def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCERPC_v5]]:
     # Connect to the DC's Netlogon service.
     try:
-        rpc_con = zerologon_exploiter_object.connect_to_dc(zerologon_exploiter_object.dc_ip)
+        rpc_con = connect_to_dc(zerologon_exploiter_object.dc_ip)
     except Exception as err:
         error_message = f"Exception occurred while connecting to DC: {err}"
         logger.info(error_message)