Agent: Stamp time before running exploit

guardicore · Oct 6, 2022 · 15974ff · 15974ff
1 parent 66f8471
commit 15974ff
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/monkey/infection_monkey/exploit/mssqlexec.py b/monkey/infection_monkey/exploit/mssqlexec.py
@@ -1,6 +1,6 @@
 import logging
 from pathlib import PureWindowsPath
-from time import sleep
+from time import sleep, time
 from typing import Iterable, Tuple
 
 import pymssql
@@ -77,6 +77,7 @@ def _exploit_host(self) -> ExploiterResultData:
             self._set_interrupted()
             return self.exploit_result
 
+        timestamp = time()
         try:
             self._upload_agent(agent_path_on_victim)
             self._run_agent(agent_path_on_victim)
@@ -87,12 +88,12 @@ def _exploit_host(self) -> ExploiterResultData:
             )
 
             logger.error(error_message)
-            self._publish_propagation_event(success=False, error_message=error_message)
+            self._publish_propagation_event(timestamp, False, error_message=error_message)
             self.exploit_result.error_message = error_message
 
             return self.exploit_result
 
-        self._publish_propagation_event(success=True)
+        self._publish_propagation_event(timestamp, True)
         self.exploit_result.propagation_success = True
         return self.exploit_result
 
@@ -123,6 +124,7 @@ def _brute_force(
         )
 
         for user, password in credentials_iterator:
+            timestamp = time()
             try:
                 # Core steps
                 # Trying to connect
@@ -139,13 +141,13 @@ def _brute_force(
                 )
                 self.exploit_result.exploitation_success = True
                 self.add_vuln_port(MSSQLExploiter.SQL_DEFAULT_TCP_PORT)
-                self._report_login_attempt(True, user, password)
+                self._report_login_attempt(timestamp, True, user, password)
                 cursor = conn.cursor()
                 return cursor
             except pymssql.OperationalError as err:
                 error_message = f"Connection to MSSQL failed: {err}"
                 logger.info(error_message)
-                self._report_login_attempt(False, user, password, error_message)
+                self._report_login_attempt(timestamp, False, user, password, error_message)
                 # Combo didn't work, hopping to the next one
                 pass
 
@@ -157,8 +159,10 @@ def _brute_force(
             "Bruteforce process failed on host: {0}".format(self.host.ip_addr)
         )
 
-    def _report_login_attempt(self, success: bool, user, password: str, message: str = ""):
-        self._publish_exploitation_event(success=success, error_message=message)
+    def _report_login_attempt(
+        self, timestamp: float, success: bool, user, password: str, message: str = ""
+    ):
+        self._publish_exploitation_event(timestamp, success, error_message=message)
         self.report_login_attempt(success, user, password)
 
     def _upload_agent(self, agent_path_on_victim: PureWindowsPath):