From 183bd1145faa46ed3002ed67d37ee70b8beaa8d1 Mon Sep 17 00:00:00 2001 From: Kekoa Kaaikala Date: Wed, 5 Oct 2022 13:07:28 +0000 Subject: [PATCH] Agent: Add tags to MSSQL exploitation events --- monkey/infection_monkey/exploit/mssqlexec.py | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py index 6b4de1fc2..f3bda8d52 100644 --- a/monkey/infection_monkey/exploit/mssqlexec.py +++ b/monkey/infection_monkey/exploit/mssqlexec.py @@ -7,6 +7,10 @@ import pymssql from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.credentials import get_plaintext +from common.tags import ( + T1110_ATTACK_TECHNIQUE_TAG, + T1210_ATTACK_TECHNIQUE_TAG, +) from common.utils.exceptions import FailedExploitationError from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.tools.helpers import get_agent_dst_path @@ -20,6 +24,9 @@ from infection_monkey.utils.threading import interruptible_iter logger = logging.getLogger(__name__) +MSSQL_EXPLOITER_TAG = "mssql-exploiter" +EXPLOITER_TAGS = (MSSQL_EXPLOITER_TAG, T1110_ATTACK_TECHNIQUE_TAG, T1210_ATTACK_TECHNIQUE_TAG) + class MSSQLExploiter(HostExploiter): _EXPLOITED_SERVICE = "MSSQL" @@ -57,7 +64,9 @@ class MSSQLExploiter(HostExploiter): f" no credentials were successful" ) logger.error(error_message) - self._publish_exploitation_event(self.host.ip_addr, False, error_message=error_message) + self._publish_exploitation_event( + self.host.ip_addr, False, EXPLOITER_TAGS, error_message + ) return self.exploit_result if self._is_interrupted(): @@ -147,7 +156,7 @@ class MSSQLExploiter(HostExploiter): def _report_login_attempt( self, success: bool, host: str, user, password: str, message: str = "" ): - self._publish_exploitation_event(host, success, error_message=message) + self._publish_exploitation_event(host, success, EXPLOITER_TAGS, error_message=message) self.report_login_attempt(success, user, password) def _upload_agent(self, agent_path_on_victim: PureWindowsPath):