p59342861
/
monkey
forked from p15670423/monkey
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Agent: Return ExploitResultData in Powershell exploit

This commit is contained in:
Ilija Lazoroski 2022-03-11 19:01:47 +01:00
parent 7d2f9251e7
commit d1e29ed66e
1 changed files with 11 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
monkey/infection_monkey/exploit/powershell.py
View File

@ -39,8 +39,8 @@ class PowerShellExploiter(HostExploiter):
EXPLOIT_TYPE = ExploitType.BRUTE_FORCE EXPLOIT_TYPE = ExploitType.BRUTE_FORCE
_EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)" _EXPLOITED_SERVICE = "PowerShell Remoting (WinRM)"
def __init__(self, host: VictimHost): def __init__(self):
super().__init__(host) super().__init__()
self._client = None self._client = None
def _exploit_host(self): def _exploit_host(self):
@ -48,7 +48,7 @@ class PowerShellExploiter(HostExploiter):
use_ssl = self._is_client_using_https() use_ssl = self._is_client_using_https()
except PowerShellRemotingDisabledError as e: except PowerShellRemotingDisabledError as e:
logging.info(e) logging.info(e)
return False return self.exploit_result
credentials = get_credentials( credentials = get_credentials(
self.options["credentials"]["exploit_user_list"], self.options["credentials"]["exploit_user_list"],
@ -57,13 +57,19 @@ class PowerShellExploiter(HostExploiter):
self.options["credentials"]["exploit_ntlm_hash_list"], self.options["credentials"]["exploit_ntlm_hash_list"],
is_windows_os(), is_windows_os(),
) )
auth_options = [get_auth_options(creds, use_ssl) for creds in credentials] auth_options = [get_auth_options(creds, use_ssl) for creds in credentials]
self._client = self._authenticate_via_brute_force(credentials, auth_options) self._client = self._authenticate_via_brute_force(credentials, auth_options)
if not self._client: if not self._client:
return False return self.exploit_result
return self._execute_monkey_agent_on_victim() result_execution = self._execute_monkey_agent_on_victim()
self.exploit_result.exploitation_success = result_execution
self.exploit_result.propagation_success = result_execution
return self.exploit_result
def _is_client_using_https(self) -> bool: def _is_client_using_https(self) -> bool:
try: try:
@ -180,17 +186,6 @@ class PowerShellExploiter(HostExploiter):
with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as f: with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as f:
f.write(agent_binary_bytes.getvalue()) f.write(agent_binary_bytes.getvalue())
def _write_virtual_file_to_local_path(self) -> None:
"""
# TODO: monkeyfs has been removed. Fix this in issue #1740.
monkey_fs_path = get_target_monkey_by_os(is_windows=True, is_32bit=self.is_32bit)
with monkeyfs.open(monkey_fs_path) as monkey_virtual_file:
with open(TEMP_MONKEY_BINARY_FILEPATH, "wb") as monkey_local_file:
monkey_local_file.write(monkey_virtual_file.read())
"""
pass
def _run_monkey_executable_on_victim(self, executable_path) -> None: def _run_monkey_executable_on_victim(self, executable_path) -> None:
monkey_execution_command = build_monkey_execution_command( monkey_execution_command = build_monkey_execution_command(
self.host, get_monkey_depth() - 1, executable_path self.host, get_monkey_depth() - 1, executable_path