Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SMB vulnerable port fix #664

Merged
merged 3 commits into from
May 26, 2020
Merged

SMB vulnerable port fix #664

merged 3 commits into from
May 26, 2020

Conversation

VakarisZ
Copy link
Contributor

@VakarisZ VakarisZ commented May 26, 2020
edited
Loading

What is this?

Fixes SMB exploiter not passing vulnerable port (thus causing redundant exploitations)

Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Have you successfully tested your changes locally?
  • Is the TravisCI build passing?

Proof that it works

2020-05-26 11:41:07,787 [1160:10408:INFO] smbexec._exploit_host.163: Executed monkey 'C:\Windows\temp\monkey32.exe' on remote victim VictimHost('3.1.1.1') (cmdline='cmd.exe /c start cmd /c C:\\Windows\\temp\\monkey32.exe m0nk3y -p 268308375968634 -t 1.1.1.1:42614 -s 1.1.1.1:5000 -d 1 -vp 445')

@VakarisZ VakarisZ requested a review from ShayNehmad May 26, 2020 08:52
@codecov
Copy link

codecov bot commented May 26, 2020
edited
Loading

Codecov Report

Merging #664 into develop will decrease coverage by 0.30%.
The diff coverage is 57.47%.

Impacted file tree graph

@@             Coverage Diff             @@
##           develop     #664      +/-   ##
===========================================
- Coverage    56.92%   56.62%   -0.31%     
===========================================
  Files          117      120       +3     
  Lines         3926     4044     +118     
===========================================
+ Hits          2235     2290      +55     
- Misses        1691     1754      +63
Impacted Files Coverage Δ
monkey/monkey_island/cc/services/config_schema.py 100.00% <ø> (ø)
monkey/monkey_island/cc/services/edge.py 28.72% <14.28%> (+1.84%) ⬆️
monkey/infection_monkey/control.py 20.37% <31.25%> (+0.89%) ⬆️
monkey/infection_monkey/config.py 64.62% <46.15%> (-0.60%) ⬇️
monkey/monkey_island/cc/services/config.py 28.57% <57.14%> (+0.70%) ⬆️
monkey/infection_monkey/network/tools.py 17.44% <66.66%> (+0.38%) ⬆️
monkey/monkey_island/cc/network_utils.py 42.59% <75.00%> (ø)
...key/infection_monkey/exploit/tools/test_helpers.py 91.66% <91.66%> (ø)
monkey/infection_monkey/exploit/tools/helpers.py 36.36% <100.00%> (ø)
...key/utils/exceptions/planned_shutdown_exception.py 100.00% <100.00%> (ø)
... and 5 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bd0b1c1...8cf9c9f. Read the comment docs.

@VakarisZ VakarisZ mentioned this pull request May 26, 2020
Merged
3 tasks
ShayNehmad
ShayNehmad reviewed May 26, 2020
View reviewed changes
monkey/infection_monkey/exploit/smbexec.py
Comment on lines +166 to +171

def set_vulnerable_port(self, host: VictimHost):
if 'tcp-445' in self.host.services:
self.vulnerable_port = "445"
elif 'tcp-139' in self.host.services:
self.vulnerable_port = "139"
Copy link
Contributor

@ShayNehmad ShayNehmad May 26, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a hidden temporal coupling here. What if none of these services are in the list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vulnerable port remains none, which is fine

@VakarisZ VakarisZ merged commit ffda4e8 into develop May 26, 2020
@VakarisZ VakarisZ deleted the feature/smb_vulnerable_port_fix branch May 29, 2020 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShayNehmad ShayNehmad ShayNehmad left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@VakarisZ @ShayNehmad