Agent: Remove publishing exploitation attempts in zerologon's vuln assessment

2022-10-06 16:25:47 +05:30 · 2022-10-06 16:25:47 +05:30 · 1cf017c2ac
parent 3b60c760e4
commit 1cf017c2ac
1 changed files with 3 additions and 17 deletions
--- a/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py
+++ b/monkey/infection_monkey/exploit/zerologon_utils/vuln_assessment.py
@ -5,13 +5,10 @@ import nmb.NetBIOS
 from impacket.dcerpc.v5 import nrpc, rpcrt

 from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
-from common.tags import T1210_ATTACK_TECHNIQUE_TAG
 from common.utils.exceptions import DomainControllerNameFetchError
 from infection_monkey.model import VictimHost
 from infection_monkey.utils.threading import interruptible_iter

-from . import ZEROLOGON_EXPLOITER_TAG
-
 logger = logging.getLogger(__name__)


@ -46,12 +43,6 @@ def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCE
    except Exception as err:
        error_message = f"Exception occurred while connecting to DC: {err}"
        logger.info(error_message)
-        zerologon_exploiter_object._publish_exploitation_event(
-            target=zerologon_exploiter_object.host.ip_addr,
-            exploitation_success=False,
-            error_message=error_message,
-            tags=(ZEROLOGON_EXPLOITER_TAG, T1210_ATTACK_TECHNIQUE_TAG),
-        )
        return False, None

    # Try authenticating.
@ -63,15 +54,10 @@ def is_exploitable(zerologon_exploiter_object) -> Tuple[bool, Optional[rpcrt.DCE
            if rpc_con_auth_result is not None:
                return True, rpc_con_auth_result
        except Exception as err:
-            error_message = "Error occured while authenticating to "
-            f"{zerologon_exploiter_object.host}: {err}"
-            logger.info(error_message)
-            zerologon_exploiter_object._publish_exploitation_event(
-                target=zerologon_exploiter_object.host.ip_addr,
-                exploitation_success=False,
-                error_message=error_message,
-                tags=(ZEROLOGON_EXPLOITER_TAG, T1210_ATTACK_TECHNIQUE_TAG),
+            error_message = (
+                f"Error occured while authenticating to {zerologon_exploiter_object.host}: {err}"
            )
+            logger.info(error_message)
            return False, None

    return False, None