Agent: Add tags to exploitation and propagation events in Log4Shell

This commit is contained in:
Ilija Lazoroski 2022-10-04 16:24:03 +02:00
parent c5506f98e8
commit ef4a465515
1 changed files with 6 additions and 0 deletions

View File

@ -4,6 +4,7 @@ from pathlib import PurePath
from common import OperatingSystem
from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
from common.tags import T1203_ATTACK_TECHINQUE_TAG
from common.utils import Timer
from infection_monkey.exploit.log4shell_utils import (
LINUX_EXPLOIT_TEMPLATE_PATH,
@ -26,6 +27,8 @@ from infection_monkey.utils.threading import interruptible_iter
logger = logging.getLogger(__name__)
LOG4SHELL_EXPLOITER_TAG = "log4shel-exploiter"
class Log4ShellExploiter(WebRCE):
_EXPLOITED_SERVICE = "Log4j"
@ -163,6 +166,7 @@ class Log4ShellExploiter(WebRCE):
target=self.host.ip_addr,
exploitation_success=False,
error_message=error_message,
tags=(LOG4SHELL_EXPLOITER_TAG,),
)
if self._wait_for_victim():
@ -188,6 +192,7 @@ class Log4ShellExploiter(WebRCE):
self._publish_exploitation_event(
target=self.host.ip_addr,
exploitation_success=True,
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG),
)
self.exploit_result.exploitation_success = True
return True
@ -206,6 +211,7 @@ class Log4ShellExploiter(WebRCE):
self._publish_propagation_event(
target=self.host.ip_addr,
propagation_success=True,
tags=(LOG4SHELL_EXPLOITER_TAG, T1203_ATTACK_TECHINQUE_TAG),
)
self.exploit_result.propagation_success = True
break