p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #1805 from guardicore/1782-smb 

Agent: Convert destination path to string in SMB exploiter
This commit is contained in:
VakarisZ 2022-03-24 07:39:48 +00:00 committed by GitHub
parent 51cfb73ce0 c09428dde9
commit cbf9544e58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
monkey/infection_monkey/exploit/tools/smb_tools.py
View File

@ -2,6 +2,8 @@ import logging
import ntpath import ntpath
import pprint import pprint
from io import BytesIO from io import BytesIO
from pathlib import Path
from typing import Optional
from impacket.dcerpc.v5 import srvs, transport from impacket.dcerpc.v5 import srvs, transport
from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21 from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21
@ -20,13 +22,13 @@ class SmbTools(object):
def copy_file( def copy_file(
host, host,
agent_file: BytesIO, agent_file: BytesIO,
dst_path, dst_path: Path,
username, username,
password, password,
lm_hash="", lm_hash="",
ntlm_hash="", ntlm_hash="",
timeout=60, timeout=60,
): ) -> Optional[str]:
# TODO assess the 60 second timeout # TODO assess the 60 second timeout
creds_for_log = get_credential_string([username, password, lm_hash, ntlm_hash]) creds_for_log = get_credential_string([username, password, lm_hash, ntlm_hash])
logger.debug(f"Attempting to copy an agent binary to {host} using SMB with {creds_for_log}") logger.debug(f"Attempting to copy an agent binary to {host} using SMB with {creds_for_log}")
@ -75,7 +77,7 @@ class SmbTools(object):
high_priority_shares = () high_priority_shares = ()
low_priority_shares = () low_priority_shares = ()
file_name = ntpath.split(dst_path)[-1] file_name = dst_path.name
for i in range(len(resp)): for i in range(len(resp)):
share_name = resp[i]["shi2_netname"].strip("\0 ") share_name = resp[i]["shi2_netname"].strip("\0 ")
@ -100,14 +102,18 @@ class SmbTools(object):
share_info = {"share_name": share_name, "share_path": share_path} share_info = {"share_name": share_name, "share_path": share_path}
if dst_path.lower().startswith(share_path.lower()): if str(dst_path).lower().startswith(share_path.lower()):
high_priority_shares += ((ntpath.sep + dst_path[len(share_path) :], share_info),) high_priority_shares += (
(ntpath.sep + str(dst_path)[len(share_path):], share_info),
)
low_priority_shares += ((ntpath.sep + file_name, share_info),) low_priority_shares += ((ntpath.sep + file_name, share_info),)
shares = high_priority_shares + low_priority_shares shares = high_priority_shares + low_priority_shares
file_uploaded = False file_uploaded = False
remote_full_path = None
for remote_path, share in shares: for remote_path, share in shares:
share_name = share["share_name"] share_name = share["share_name"]
share_path = share["share_path"] share_path = share["share_path"]