From e9b84ff86d671c527f2627040d890e77f5bf3374 Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Thu, 25 Feb 2021 16:20:52 +0200 Subject: [PATCH] Improved zero logon exploiter to fail on failed domain controller name fetch. --- monkey/common/utils/exceptions.py | 4 ++++ .../zerologon_utils/vuln_assessment.py | 21 ++++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/monkey/common/utils/exceptions.py b/monkey/common/utils/exceptions.py index 2c7121942..74c645429 100644 --- a/monkey/common/utils/exceptions.py +++ b/monkey/common/utils/exceptions.py @@ -48,3 +48,7 @@ class VersionServerConnectionError(Exception): class FindingWithoutDetailsError(Exception): """ Raise when pulling events for a finding, but get none """ + + +class DomainControllerNameFetchError(FailedExploitationError): + """ Raise on failed attemt to extract domain controller's name """ diff --git a/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py b/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py index 60df0db29..3c286ded0 100644 --- a/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py +++ b/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py @@ -4,6 +4,9 @@ from typing import Optional import nmb.NetBIOS from impacket.dcerpc.v5 import nrpc, rpcrt +from common.common_consts.timeouts import SHORT_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT +from common.utils.exceptions import DomainControllerNameFetchError + LOG = logging.getLogger(__name__) @@ -18,14 +21,16 @@ def _get_dc_name(dc_ip: str) -> str: """ Gets NetBIOS name of the Domain Controller (DC). """ - try: - nb = nmb.NetBIOS.NetBIOS() - name = nb.queryIPForName( - ip=dc_ip - ) # returns either a list of NetBIOS names or None - return name[0] if name else "" - except BaseException as ex: - LOG.info(f"Exception: {ex}") + nb = nmb.NetBIOS.NetBIOS() + name = nb.queryIPForName( + ip=dc_ip, + timeout=MEDIUM_REQUEST_TIMEOUT + ) # returns either a list of NetBIOS names or None + + if name: + return name[0] + else: + raise DomainControllerNameFetchError("Couldn't get domain controller's name, maybe it's on external network?") def is_exploitable(zerologon_exploiter_object) -> (bool, Optional[rpcrt.DCERPC_v5]):