Agent: Improve exception handling in mssqlexec.py

This commit is contained in:
vakarisz 2022-03-15 08:51:22 +02:00
parent 66ee3527d2
commit 1f327a1305
2 changed files with 17 additions and 19 deletions

View File

@ -1,7 +1,3 @@
class ExploitingVulnerableMachineError(Exception):
""" Raise when exploiter failed, but machine is vulnerable """
class FailedExploitationError(Exception): class FailedExploitationError(Exception):
""" Raise when exploiter fails instead of returning False """ """ Raise when exploiter fails instead of returning False """

View File

@ -1,12 +1,11 @@
import logging import logging
import os import os
import sys
from time import sleep from time import sleep
import pymssql import pymssql
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError from common.utils.exceptions import FailedExploitationError
from common.utils.exploit_enum import ExploitType from common.utils.exploit_enum import ExploitType
from infection_monkey.exploit.HostExploiter import HostExploiter from infection_monkey.exploit.HostExploiter import HostExploiter
from infection_monkey.exploit.tools.helpers import get_agent_dest_path from infection_monkey.exploit.tools.helpers import get_agent_dest_path
@ -65,26 +64,29 @@ class MSSQLExploiter(HostExploiter):
self.options["credentials"]["exploit_user_list"], self.options["credentials"]["exploit_user_list"],
self.options["credentials"]["exploit_password_list"], self.options["credentials"]["exploit_password_list"],
) )
self.cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, creds) try:
self.cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, creds)
except FailedExploitationError:
logger.info(
f"Failed brute-forcing of MSSQL server on {self.host},"
f" no credentials were successful"
)
return self.exploit_result
# Create dir for payload # Create dir for payload
self.create_temp_dir() self.create_temp_dir()
self.create_empty_payload_file()
try: http_thread = self.start_monkey_server()
self.create_empty_payload_file() self.upload_monkey()
MSSQLExploiter._stop_monkey_server(http_thread)
http_thread = self.start_monkey_server() # Clear payload to pass in another command
self.upload_monkey() self.create_empty_payload_file()
MSSQLExploiter._stop_monkey_server(http_thread)
# Clear payload to pass in another command self.run_monkey()
self.create_empty_payload_file()
self.run_monkey() self.remove_temp_dir()
self.remove_temp_dir()
except Exception as e:
raise ExploitingVulnerableMachineError(e.args).with_traceback(sys.exc_info()[2])
self.exploit_result.propagation_success = True self.exploit_result.propagation_success = True
return self.exploit_result return self.exploit_result