forked from p15670423/monkey
Agent: Add tags to SSHExploiter
This commit is contained in:
Ilija Lazoroski
parent
ddaada1f09
commit
5948537d4a
|
|
@ -30,6 +30,11 @@ SSH_EXEC_TIMEOUT = LONG_REQUEST_TIMEOUT
|
|||
SSH_CHANNEL_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
|
||||
|
||||
TRANSFER_UPDATE_RATE = 15
|
||||
SSH_EXPLOITER_TAG = "ssh-exploiter"
|
||||
T1105_ATTACK_TECHNIQUE_TAG = "attack-t1105"
|
||||
T1110_ATTACK_TECHNIQUE_TAG = "attack-t1110"
|
||||
T1222_ATTACK_TECHNIQUE_TAG = "attack-t1222"
|
||||
T1021_ATTACK_TECHNIQUE_TAG = "attack-t1021"
|
||||
|
||||
|
||||
class SSHExploiter(HostExploiter):
|
||||
|
|
@ -86,12 +91,28 @@ class SSHExploiter(HostExploiter):
|
|||
)
|
||||
self.add_vuln_port(port)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=True,
|
||||
tags=(
|
||||
SSH_EXPLOITER_TAG,
|
||||
T1110_ATTACK_TECHNIQUE_TAG,
|
||||
T1021_ATTACK_TECHNIQUE_TAG,
|
||||
),
|
||||
)
|
||||
self.report_login_attempt(True, user, ssh_key=ssh_string)
|
||||
return ssh
|
||||
except paramiko.AuthenticationException as err:
|
||||
ssh.close()
|
||||
logger.info(
|
||||
f"Failed logging into victim {self.host} with {ssh_string} private key: {err}",
|
||||
error_message = (
|
||||
f"Failed logging into victim {self.host} with {ssh_string} private key: {err}"
|
||||
)
|
||||
logger.info(error_message)
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=False,
|
||||
error_message=error_message,
|
||||
tags=(SSH_EXPLOITER_TAG,),
|
||||
)
|
||||
self.report_login_attempt(False, user, ssh_key=ssh_string)
|
||||
continue
|
||||
|
|
@ -131,15 +152,26 @@ class SSHExploiter(HostExploiter):
|
|||
logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user)
|
||||
self.add_vuln_port(port)
|
||||
self.exploit_result.exploitation_success = True
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=True,
|
||||
tags=(
|
||||
SSH_EXPLOITER_TAG,
|
||||
T1110_ATTACK_TECHNIQUE_TAG,
|
||||
T1021_ATTACK_TECHNIQUE_TAG,
|
||||
),
|
||||
)
|
||||
self.report_login_attempt(True, user, current_password)
|
||||
return ssh
|
||||
|
||||
except paramiko.AuthenticationException as err:
|
||||
logger.debug(
|
||||
"Failed logging into victim %r with user" " %s: (%s)",
|
||||
self.host,
|
||||
user,
|
||||
err,
|
||||
error_message = f"Failed logging into victim {self.host} with user: {user}: {err}"
|
||||
logger.debug(error_message)
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=False,
|
||||
error_message=error_message,
|
||||
tags=(SSH_EXPLOITER_TAG,),
|
||||
)
|
||||
self.report_login_attempt(False, user, current_password)
|
||||
ssh.close()
|
||||
|
|
@ -159,7 +191,12 @@ class SSHExploiter(HostExploiter):
|
|||
is_open, _ = check_tcp_port(self.host.ip_addr, port)
|
||||
if not is_open:
|
||||
self.exploit_result.error_message = f"SSH port is closed on {self.host}, skipping"
|
||||
|
||||
self._publish_exploitation_event(
|
||||
target=self.host.ip_addr,
|
||||
exploitation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
tags=(SSH_EXPLOITER_TAG,),
|
||||
)
|
||||
logger.info(self.exploit_result.error_message)
|
||||
return self.exploit_result
|
||||
|
||||
|
|
@ -188,23 +225,12 @@ class SSHExploiter(HostExploiter):
|
|||
self.exploit_result.error_message = f"SSH Skipping unknown os: {uname_os}"
|
||||
|
||||
if not uname_os:
|
||||
self._publish_propagation_event(
|
||||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
)
|
||||
|
||||
logger.error(self.exploit_result.error_message)
|
||||
return self.exploit_result
|
||||
except Exception as exc:
|
||||
self.exploit_result.error_message = (
|
||||
f"Error running uname os command on victim {self.host}: ({exc})"
|
||||
)
|
||||
self._publish_propagation_event(
|
||||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
)
|
||||
|
||||
logger.error(self.exploit_result.error_message)
|
||||
return self.exploit_result
|
||||
|
|
@ -222,6 +248,7 @@ class SSHExploiter(HostExploiter):
|
|||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
tags=(SSH_EXPLOITER_TAG,),
|
||||
)
|
||||
|
||||
logger.error(self.exploit_result.error_message)
|
||||
|
|
@ -265,7 +292,7 @@ class SSHExploiter(HostExploiter):
|
|||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)),
|
||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
||||
)
|
||||
return self.exploit_result
|
||||
|
||||
|
|
@ -287,7 +314,7 @@ class SSHExploiter(HostExploiter):
|
|||
self._publish_propagation_event(
|
||||
target=self.host.ip_addr,
|
||||
propagation_success=True,
|
||||
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)),
|
||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
||||
)
|
||||
|
||||
ssh.close()
|
||||
|
|
@ -303,7 +330,7 @@ class SSHExploiter(HostExploiter):
|
|||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
error_message=self.exploit_result.error_message,
|
||||
tags=frozenset((T1105_ATTACK_TECHNIQUE_TAG,)),
|
||||
tags=(SSH_EXPLOITER_TAG, T1105_ATTACK_TECHNIQUE_TAG, T1222_ATTACK_TECHNIQUE_TAG),
|
||||
)
|
||||
|
||||
logger.error(self.exploit_result.error_message)
|
||||
|
|
@ -320,9 +347,3 @@ class SSHExploiter(HostExploiter):
|
|||
self.host,
|
||||
)
|
||||
)
|
||||
|
||||
self._publish_propagation_event(
|
||||
target=self.host.ip_addr,
|
||||
propagation_success=False,
|
||||
tags=frozenset((T1222_ATTACK_TECHNIQUE_TAG,)),
|
||||
)
|
||||
|
|
|
|||
Loading…
Reference in New Issue