Agent: Publish exploitation events

This commit is contained in:
Kekoa Kaaikala 2022-10-06 16:15:35 +00:00
parent 629c2433cd
commit c631755397
1 changed files with 8 additions and 1 deletions

View File

@ -1,6 +1,7 @@
from dataclasses import dataclass
from logging import getLogger
from pathlib import PurePath
from time import time
from typing import Optional, Tuple
from impacket.dcerpc.v5 import scmr, transport
@ -117,6 +118,7 @@ class SMBExploiter(HostExploiter):
for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt):
creds_for_log = get_credential_string([user, password, lm_hash, ntlm_hash])
timestamp = time()
try:
# copy the file remotely using SMB
remote_full_path = SmbTools.copy_file(
@ -143,17 +145,22 @@ class SMBExploiter(HostExploiter):
SMBExploiter.KNOWN_PROTOCOLS["445/SMB"][1],
)
)
self._publish_exploitation_event(timestamp, True)
self.exploit_result.exploitation_success = True
break
else:
# failed exploiting with this user/pass
self.report_login_attempt(False, user, password, lm_hash, ntlm_hash)
message = f"Failed to login using SMB with {creds_for_log}"
self._publish_exploitation_event(timestamp, False, error_message=message)
except Exception as exc:
logger.error(
message = (
f"Error while trying to copy file using SMB to {self.host.ip_addr} with "
f"{creds_for_log}:{exc}"
)
logger.error(message)
self._publish_exploitation_event(timestamp, False, error_message=message)
continue
return remote_full_path, SelectedCredentials(user, password, lm_hash, ntlm_hash)