forked from p15670423/monkey
Agent: Stamp time before running exploit
This commit is contained in:
parent
66f8471f24
commit
15974ff21c
|
@ -1,6 +1,6 @@
|
|||
import logging
|
||||
from pathlib import PureWindowsPath
|
||||
from time import sleep
|
||||
from time import sleep, time
|
||||
from typing import Iterable, Tuple
|
||||
|
||||
import pymssql
|
||||
|
@ -77,6 +77,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
self._set_interrupted()
|
||||
return self.exploit_result
|
||||
|
||||
timestamp = time()
|
||||
try:
|
||||
self._upload_agent(agent_path_on_victim)
|
||||
self._run_agent(agent_path_on_victim)
|
||||
|
@ -87,12 +88,12 @@ class MSSQLExploiter(HostExploiter):
|
|||
)
|
||||
|
||||
logger.error(error_message)
|
||||
self._publish_propagation_event(success=False, error_message=error_message)
|
||||
self._publish_propagation_event(timestamp, False, error_message=error_message)
|
||||
self.exploit_result.error_message = error_message
|
||||
|
||||
return self.exploit_result
|
||||
|
||||
self._publish_propagation_event(success=True)
|
||||
self._publish_propagation_event(timestamp, True)
|
||||
self.exploit_result.propagation_success = True
|
||||
return self.exploit_result
|
||||
|
||||
|
@ -123,6 +124,7 @@ class MSSQLExploiter(HostExploiter):
|
|||
)
|
||||
|
||||
for user, password in credentials_iterator:
|
||||
timestamp = time()
|
||||
try:
|
||||
# Core steps
|
||||
# Trying to connect
|
||||
|
@ -139,13 +141,13 @@ class MSSQLExploiter(HostExploiter):
|
|||
)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
|
||||
self._report_login_attempt(True, user, password)
|
||||
self._report_login_attempt(timestamp, True, user, password)
|
||||
cursor = conn.cursor()
|
||||
return cursor
|
||||
except pymssql.OperationalError as err:
|
||||
error_message = f"Connection to MSSQL failed: {err}"
|
||||
logger.info(error_message)
|
||||
self._report_login_attempt(False, user, password, error_message)
|
||||
self._report_login_attempt(timestamp, False, user, password, error_message)
|
||||
# Combo didn't work, hopping to the next one
|
||||
pass
|
||||
|
||||
|
@ -157,8 +159,10 @@ class MSSQLExploiter(HostExploiter):
|
|||
"Bruteforce process failed on host: {0}".format(self.host.ip_addr)
|
||||
)
|
||||
|
||||
def _report_login_attempt(self, success: bool, user, password: str, message: str = ""):
|
||||
self._publish_exploitation_event(success=success, error_message=message)
|
||||
def _report_login_attempt(
|
||||
self, timestamp: float, success: bool, user, password: str, message: str = ""
|
||||
):
|
||||
self._publish_exploitation_event(timestamp, success, error_message=message)
|
||||
self.report_login_attempt(success, user, password)
|
||||
|
||||
def _upload_agent(self, agent_path_on_victim: PureWindowsPath):
|
||||
|
|
Loading…
Reference in New Issue