forked from p15670423/monkey
Fixed CR
This commit is contained in:
parent
6530dd063e
commit
26df64fb87
|
@ -188,4 +188,4 @@ Dependency | License | Notes
|
|||
winbind | GPL-3
|
||||
pyinstaller | GPL
|
||||
Celery | BSD
|
||||
mimikatz | CC BY 4.0 | We use an altered version of mimikatz. Original: https://github.com/gentilkiwi/mimikatz
|
||||
mimikatz | CC BY 4.0 | We use an altered version of mimikatz: https://github.com/guardicore/mimikatz
|
||||
|
|
|
@ -4,6 +4,7 @@ from network.range import FixedRange, RelativeRange, ClassCRange
|
|||
from exploit import WmiExploiter, Ms08_067_Exploiter, SmbExploiter, RdpExploiter, SSHExploiter, ShellShockExploiter
|
||||
from network import TcpScanner, PingScanner, SMBFinger, SSHFinger, HTTPFinger
|
||||
from abc import ABCMeta
|
||||
from itertools import product
|
||||
import uuid
|
||||
import types
|
||||
|
||||
|
@ -13,7 +14,6 @@ GUID = str(uuid.getnode())
|
|||
|
||||
EXTERNAL_CONFIG_FILE = os.path.join(os.path.abspath(os.path.dirname(sys.argv[0])), 'monkey.bin')
|
||||
|
||||
|
||||
def _cast_by_example(value, example):
|
||||
"""
|
||||
a method that casts a value to the type of the parameter given as example
|
||||
|
@ -208,8 +208,13 @@ class Configuration(object):
|
|||
rdp_use_vbs_download = True
|
||||
|
||||
# User and password dictionaries for exploits.
|
||||
exploit_user_list = []
|
||||
exploit_password_list = []
|
||||
|
||||
@property
|
||||
def exploit_user_password_pairs(self):
|
||||
return product(self.exploit_user_list, self.exploit_password_list)
|
||||
|
||||
exploit_user_list = ['Administrator', 'root', 'user']
|
||||
exploit_password_list = ["Password1!", "1234", "password", "12345678"]
|
||||
|
||||
# smb/wmi exploiter
|
||||
smb_download_timeout = 300 # timeout in seconds
|
||||
|
|
|
@ -64,12 +64,7 @@ class SmbExploiter(HostExploiter):
|
|||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||
return False
|
||||
|
||||
config_users = self._config.exploit_user_list
|
||||
config_passwords = self._config.exploit_password_list
|
||||
user_password_pairs = []
|
||||
for user in config_users:
|
||||
for password in config_passwords:
|
||||
user_password_pairs.append((user, password))
|
||||
user_password_pairs = self._config.exploit_user_password_pairs
|
||||
|
||||
exploited = False
|
||||
for user, password in user_password_pairs:
|
||||
|
|
|
@ -42,14 +42,12 @@ class SSHExploiter(HostExploiter):
|
|||
is_open, _ = check_port_tcp(host.ip_addr, port)
|
||||
if not is_open:
|
||||
LOG.info("SSH port is closed on %r, skipping", host)
|
||||
return False
|
||||
return False
|
||||
|
||||
passwords = list(self._config.exploit_password_list[:])
|
||||
users = list(self._config.exploit_user_list)
|
||||
user_pass = product(users,passwords)
|
||||
user_password_pairs = self._config.exploit_user_password_pairs
|
||||
|
||||
exploited = False
|
||||
for user, curpass in user_pass:
|
||||
for user, curpass in user_password_pairs:
|
||||
try:
|
||||
ssh.connect(host.ip_addr,
|
||||
username=user,
|
||||
|
|
|
@ -233,7 +233,6 @@ class Ms08_067_Exploiter(HostExploiter):
|
|||
src_path,
|
||||
self._config.dropper_target_path)
|
||||
|
||||
# TODO: why are we doing this? Isn't that smbexec's job?
|
||||
if not remote_full_path:
|
||||
# try other passwords for administrator
|
||||
for password in self._config.exploit_password_list:
|
||||
|
|
|
@ -29,12 +29,7 @@ class WmiExploiter(HostExploiter):
|
|||
LOG.info("Can't find suitable monkey executable for host %r", host)
|
||||
return False
|
||||
|
||||
config_users = self._config.exploit_user_list
|
||||
config_passwords = self._config.exploit_password_list
|
||||
user_password_pairs = []
|
||||
for user in config_users:
|
||||
for password in config_passwords:
|
||||
user_password_pairs.append((user, password))
|
||||
user_password_pairs = self._config.exploit_user_password_pairs
|
||||
|
||||
for user, password in user_password_pairs:
|
||||
LOG.debug("Attempting to connect %r using WMI with password '%s'",
|
||||
|
|
|
@ -69,10 +69,14 @@ class MimikatzCollector:
|
|||
"""
|
||||
Logon data structure returned from mimikatz.
|
||||
"""
|
||||
|
||||
WINDOWS_MAX_USERNAME_PASS_LENGTH = 257
|
||||
LM_NTLM_HASH_LENGTH = 16
|
||||
|
||||
_fields_ = \
|
||||
[
|
||||
("username", ctypes.c_wchar * 257),
|
||||
("password", ctypes.c_wchar * 257),
|
||||
("lm_hash", ctypes.c_byte * 16),
|
||||
("ntlm_hash", ctypes.c_byte * 16)
|
||||
("username", ctypes.c_wchar * WINDOWS_MAX_USERNAME_PASS_LENGTH),
|
||||
("password", ctypes.c_wchar * WINDOWS_MAX_USERNAME_PASS_LENGTH),
|
||||
("lm_hash", ctypes.c_byte * LM_NTLM_HASH_LENGTH),
|
||||
("ntlm_hash", ctypes.c_byte * LM_NTLM_HASH_LENGTH)
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue