p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Move path to string translation to smb_tools from smbexec

This commit is contained in:
vakaris_zilius 2022-03-23 16:03:13 +00:00
parent 18e3dd7c91
commit c09428dde9
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
monkey/infection_monkey/exploit/smbexec.py
View File

@ -32,7 +32,7 @@ class SMBExploiter(HostExploiter):
def _exploit_host(self): def _exploit_host(self):
agent_binary = self.agent_repository.get_agent_binary(self.host.os["type"]) agent_binary = self.agent_repository.get_agent_binary(self.host.os["type"])
dest_path = str(get_agent_dest_path(self.host, self.options)) dest_path = get_agent_dest_path(self.host, self.options)
creds = generate_brute_force_combinations(self.options["credentials"]) creds = generate_brute_force_combinations(self.options["credentials"])
for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt): for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt):

16
monkey/infection_monkey/exploit/tools/smb_tools.py
View File

@ -2,6 +2,8 @@ import logging
import ntpath import ntpath
import pprint import pprint
from io import BytesIO from io import BytesIO
from pathlib import Path
from typing import Optional
from impacket.dcerpc.v5 import srvs, transport from impacket.dcerpc.v5 import srvs, transport
from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21 from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
@ -20,13 +22,13 @@ class SmbTools(object):
def copy_file( def copy_file(
host, host,
agent_file: BytesIO, agent_file: BytesIO,
dst_path, dst_path: Path,
username, username,
password, password,
lm_hash="", lm_hash="",
ntlm_hash="", ntlm_hash="",
timeout=60, timeout=60,
): ) -> Optional[str]:
# TODO assess the 60 second timeout # TODO assess the 60 second timeout
creds_for_log = get_credential_string([username, password, lm_hash, ntlm_hash]) creds_for_log = get_credential_string([username, password, lm_hash, ntlm_hash])
logger.debug(f"Attempting to copy an agent binary to {host} using SMB with {creds_for_log}") logger.debug(f"Attempting to copy an agent binary to {host} using SMB with {creds_for_log}")
@ -75,7 +77,7 @@ class SmbTools(object):
high_priority_shares = () high_priority_shares = ()
low_priority_shares = () low_priority_shares = ()
file_name = ntpath.split(dst_path)[-1] file_name = dst_path.name
for i in range(len(resp)): for i in range(len(resp)):
share_name = resp[i]["shi2_netname"].strip("\0 ") share_name = resp[i]["shi2_netname"].strip("\0 ")
@ -100,14 +102,18 @@ class SmbTools(object):
share_info = {"share_name": share_name, "share_path": share_path} share_info = {"share_name": share_name, "share_path": share_path}
if dst_path.lower().startswith(share_path.lower()): if str(dst_path).lower().startswith(share_path.lower()):
high_priority_shares += ((ntpath.sep + dst_path[len(share_path) :], share_info),) high_priority_shares += (
(ntpath.sep + str(dst_path)[len(share_path):], share_info),
)
low_priority_shares += ((ntpath.sep + file_name, share_info),) low_priority_shares += ((ntpath.sep + file_name, share_info),)
shares = high_priority_shares + low_priority_shares shares = high_priority_shares + low_priority_shares
file_uploaded = False file_uploaded = False
remote_full_path = None
for remote_path, share in shares: for remote_path, share in shares:
share_name = share["share_name"] share_name = share["share_name"]
share_path = share["share_path"] share_path = share["share_path"]