p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1805 from guardicore/1782-smb 

Agent: Convert destination path to string in SMB exploiter
This commit is contained in:
VakarisZ 2022-03-24 07:39:48 +00:00 committed by GitHub
parent 51cfb73ce0 c09428dde9
commit cbf9544e58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
monkey/infection_monkey/exploit/tools/smb_tools.py
View File

@ -2,6 +2,8 @@ import logging
import ntpath
import pprint
from io import BytesIO
from pathlib import Path
from typing import Optional
from impacket.dcerpc.v5 import srvs, transport
from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
@ -20,13 +22,13 @@ class SmbTools(object):
def copy_file(
host,
agent_file: BytesIO,
dst_path,
dst_path: Path,
username,
password,
lm_hash="",
ntlm_hash="",
timeout=60,
):
) -> Optional[str]:
# TODO assess the 60 second timeout
creds_for_log = get_credential_string([username, password, lm_hash, ntlm_hash])
logger.debug(f"Attempting to copy an agent binary to {host} using SMB with {creds_for_log}")
@ -75,7 +77,7 @@ class SmbTools(object):
high_priority_shares = ()
low_priority_shares = ()
file_name = ntpath.split(dst_path)[-1]
file_name = dst_path.name
for i in range(len(resp)):
share_name = resp[i]["shi2_netname"].strip("\0 ")
@ -100,14 +102,18 @@ class SmbTools(object):
share_info = {"share_name": share_name, "share_path": share_path}
if dst_path.lower().startswith(share_path.lower()):
high_priority_shares += ((ntpath.sep + dst_path[len(share_path) :], share_info),)
if str(dst_path).lower().startswith(share_path.lower()):
high_priority_shares += (
(ntpath.sep + str(dst_path)[len(share_path):], share_info),
)
low_priority_shares += ((ntpath.sep + file_name, share_info),)
shares = high_priority_shares + low_priority_shares
file_uploaded = False
remote_full_path = None
for remote_path, share in shares:
share_name = share["share_name"]
share_path = share["share_path"]