Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate the SMB exploiter to a plugin #2952

Closed
20 tasks done
mssalvatore opened this issue Feb 8, 2023 · 1 comment · Fixed by #3094
Closed
20 tasks done

Migrate the SMB exploiter to a plugin #2952

mssalvatore opened this issue Feb 8, 2023 · 1 comment · Fixed by #3094
Labels
Complexity: Medium Impact: High Plugins sp/13
Milestone
v2.1.0

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Feb 8, 2023
edited
Loading

Description

Replace the hard-coded SMB exploiter with a new and improved, fully tested, SMB exploiter plugin with high code quality.

Use the HadoopExploiter as a template.

Merge PRs to 2952-smb-exploiter-plugin.

Tasks
ilija-lazoroski added a commit that referenced this issue Mar 10, 2023
@ilija-lazoroski
SMB: Add SMBOptions to SMBPlugin
cd92d3b 
Issue: #2952
@ilija-lazoroski ilija-lazoroski mentioned this issue Mar 10, 2023
Merged
8 tasks
ilija-lazoroski added a commit that referenced this issue Mar 10, 2023
@ilija-lazoroski
SMB: Add SMBOptions to SMBPlugin
d8af95c 
Issue: #2952
PR: #3089
This was referenced Mar 10, 2023
Merged
Merged
Merged
Merged
cakekoa pushed a commit that referenced this issue Mar 13, 2023
@ilija-lazoroski @cakekoa
SMB: Add SMBOptions to SMBPlugin
f7bdaba 
Issue: #2952
PR: #3089
@shreyamalviya shreyamalviya mentioned this issue Mar 13, 2023
Merged
8 tasks
@cakekoa cakekoa mentioned this issue Mar 13, 2023
Closed
7 tasks
cakekoa added a commit that referenced this issue Mar 13, 2023
@cakekoa
Merge branch '2952-smb-exploiter' into 2952-smb-exploiter-plugin
5e8bf0c 
Issue #2952
PR #3094
ilija-lazoroski added a commit that referenced this issue Mar 13, 2023
@ilija-lazoroski
SMB: Add SMBOptions to SMBPlugin
b2cc5fa 
Issue: #2952
PR: #3089
cakekoa added a commit that referenced this issue Mar 13, 2023
@cakekoa
Merge branch '2952-smb-command-builder' into 2952-smb-exploiter-plugin
00c794d 
Issue #2952
PR #3098
@ilija-lazoroski ilija-lazoroski mentioned this issue Mar 13, 2023
Merged
8 tasks
@shreyamalviya
Copy link
Contributor

shreyamalviya commented Mar 14, 2023
edited
Loading

As suspected, we can't set Kerberos auth to true with our existing code.

Relevant Agent logs with Kerberos auth set to true: 
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:INFO] smbexec._exploit.146: Successfully logged in to 10.2.2.14 using SMB with username, password
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to all_events_topic
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] agent_event_forwarder.send_event.46: Adding event of type ExploitationEvent to the queue to send to the Island
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to ExploitationEvent-type
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to attack-t1021-tag
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to attack-t1110-tag
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to smbexec-exploiter-tag
2023-03-14 07:43:33,197 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a ExploitationEvent event to attack-t1210-tag
2023-03-14 07:43:33,201 [3470:ExploiterThread-01:DEBUG] smbexec._get_rpc_connection.217: Can't connect to SCM on exploited machine {'icmp': True,
 'ip': '10.2.2.14',
 'operating_system': 'windows',
 'ports_status': {'tcp_ports': {'22': {'banner': None,
                                       'port': 22,
                                       'protocol': 'unknown',
                                       'service': 'unknown',
                                       'status': 'closed'},
                                '445': {'banner': '',
                                        'port': 445,
                                        'protocol': 'unknown',
                                        'service': 'unknown',
                                        'status': 'open'}},
                  'udp_ports': {}}}, port 139 : Cannot request session (Called Name:10.2.2.14)
2023-03-14 07:43:33,207 [3470:ExploiterThread-01:CRITICAL] ccache.loadFile.578: CCache file is not found. Skipping...
2023-03-14 07:43:33,207 [3470:ExploiterThread-01:DEBUG] ccache.loadFile.579: The specified path is not correct or the KRB5CCNAME environment variable is not defined
2023-03-14 07:43:33,208 [3470:ExploiterThread-01:DEBUG] smbexec._get_rpc_connection.217: Can't connect to SCM on exploited machine {'icmp': True,
 'ip': '10.2.2.14',
 'operating_system': 'windows',
 'ports_status': {'tcp_ports': {'22': {'banner': None,
                                       'port': 22,
                                       'protocol': 'unknown',
                                       'service': 'unknown',
                                       'status': 'closed'},
                                '445': {'banner': '',
                                        'port': 445,
                                        'protocol': 'unknown',
                                        'service': 'unknown',
                                        'status': 'open'}},
                  'udp_ports': {}}}, port 445 : Empty Domain not allowed in Kerberos
2023-03-14 07:43:33,208 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to all_events_topic
2023-03-14 07:43:33,208 [3470:ExploiterThread-01:DEBUG] agent_event_forwarder.send_event.46: Adding event of type PropagationEvent to the queue to send to the Island
2023-03-14 07:43:33,208 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to PropagationEvent-type
2023-03-14 07:43:33,208 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to attack-t1569-tag
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to attack-t1021-tag
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to attack-t1105-tag
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to smbexec-exploiter-tag
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:DEBUG] pypubsub_agent_event_queue._publish_event.55: Publishing a PropagationEvent event to attack-t1210-tag
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:WARNING] smbexec._exploit_host.86: Failed to establish an RPC connection over SMB
2023-03-14 07:43:33,209 [3470:ExploiterThread-01:INFO] propagator._process_exploit_attempts.229: Successfully exploited (but did not propagate to) {'icmp': True,
 'ip': '10.2.2.14',
 'operating_system': 'windows',
 'ports_status': {'tcp_ports': {'22': {'banner': None,
                                       'port': 22,
                                       'protocol': 'unknown',
                                       'service': 'unknown',
                                       'status': 'closed'},
                                '445': {'banner': '',
                                        'port': 445,
                                        'protocol': 'unknown',
                                        'service': 'unknown',
                                        'status': 'open'}},
                  'udp_ports': {}}} using SMBExploiter

Removed in #3106.

This was referenced Mar 14, 2023
Merged
Merged
shreyamalviya added a commit that referenced this issue Mar 14, 2023
@shreyamalviya
BB: Update SMB exploiter configurations to what the SMB plugin expects
4b7298b 
Issue: #2952
PR: #3107
shreyamalviya added a commit that referenced this issue Mar 14, 2023
@shreyamalviya
BB: Update SMB exploiter configurations to what the SMB plugin expects
590d806 
Issue: #2952
PR: #3107
ilija-lazoroski added a commit that referenced this issue Mar 14, 2023
@ilija-lazoroski
SMB: Add SMBOptions to SMBPlugin
678c600 
Issue: #2952
PR: #3089
ilija-lazoroski pushed a commit that referenced this issue Mar 14, 2023
@shreyamalviya @ilija-lazoroski
BB: Update SMB exploiter configurations to what the SMB plugin expects
b167333 
Issue: #2952
PR: #3107
@ilija-lazoroski ilija-lazoroski mentioned this issue Mar 14, 2023
Merged
8 tasks
mssalvatore added a commit that referenced this issue Mar 16, 2023
@mssalvatore
Merge branch '2952-remove-hard-coded-smb-exploiter' into 2952-smb-exp…
1743949 
…loiter-plugin

Issue #2952
PR #3112
@cakekoa cakekoa mentioned this issue Mar 23, 2023
Merged
10 tasks
cakekoa added a commit that referenced this issue Mar 23, 2023
@cakekoa
SMB: Check for SMB ports before running exploiter
ec26056 
Issue #2952
PR #3143
cakekoa added a commit that referenced this issue Mar 23, 2023
@cakekoa
Project: Remove SMB-related vulture entries
3a65f04 
Issue #2952
PR #??
@cakekoa cakekoa mentioned this issue Mar 23, 2023
Merged
10 tasks
cakekoa added a commit that referenced this issue Mar 23, 2023
@cakekoa
Project: Remove SMB-related vulture entries
19685c0 
Issue #2952
PR #3146
mssalvatore added a commit that referenced this issue Mar 23, 2023
@mssalvatore
Merge branch '2952-remote-access-client-execute-agent' into 2952-smb-…
78a4921 
…exploiter-plugin

Issue #2952
PR #3145
mssalvatore pushed a commit that referenced this issue Mar 23, 2023
@cakekoa @mssalvatore
Project: Remove SMB-related vulture entries
8d42689 
Issue #2952
PR #3146
mssalvatore pushed a commit that referenced this issue Mar 23, 2023
@cakekoa @mssalvatore
SMB: Check for SMB ports before running exploiter
829f534 
Issue #2952
PR #3143
mssalvatore pushed a commit that referenced this issue Mar 23, 2023
@cakekoa @mssalvatore
SMB: Check for SMB ports before running exploiter
10abc81 
Issue #2952
PR #3143
cakekoa added a commit that referenced this issue Mar 24, 2023
@cakekoa
SMB: Add OTP to agent command
77174bc 
Issue #2952
PR #3144
cakekoa added a commit that referenced this issue Mar 24, 2023
@cakekoa
SMB: Add OTP to agent command
2402120 
Issue #2952
PR #3144
cakekoa added a commit that referenced this issue Mar 24, 2023
@cakekoa
SMB: Add OTP to agent command
d8a413b 
Issue #2952
PR #3144
mssalvatore added a commit that referenced this issue Mar 24, 2023
@mssalvatore
Merge branch '2952-smb-preconditions' into 2952-smb-exploiter-plugin
d63f7f5 
Issue #2952
PR #3143
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@cakekoa @mssalvatore
SMB: Add OTP to agent command
437ff64 
Issue #2952
PR #3144
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@ilija-lazoroski @mssalvatore
SMB: Add SMBOptions to SMBPlugin
197cf55 
Issue: #2952
PR: #3089
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@shreyamalviya @mssalvatore
BB: Update SMB exploiter configurations to what the SMB plugin expects
735628e 
Issue: #2952
PR: #3107
mssalvatore added a commit that referenced this issue Mar 24, 2023
@mssalvatore
Merge branch '2952-smb-exploit-client' into 2952-smb-exploiter-plugin
7d0345b 
Issue #2952
PR #3127
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@cakekoa @mssalvatore
SMB: Check for SMB ports before running exploiter
aa5632f 
Issue #2952
PR #3143
mssalvatore added a commit that referenced this issue Mar 24, 2023
@mssalvatore
Merge branch '2952-remote-access-client-execute-agent' into 2952-smb-…
2594e9c 
…exploiter-plugin

Issue #2952
PR #3145
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@cakekoa @mssalvatore
Project: Remove SMB-related vulture entries
829e7d7 
Issue #2952
PR #3146
mssalvatore added a commit that referenced this issue Mar 24, 2023
@mssalvatore
Merge branch '2952-smb-preconditions' into 2952-smb-exploiter-plugin
f32b14d 
Issue #2952
PR #3143
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@cakekoa @mssalvatore
SMB: Add OTP to agent command
d097341 
Issue #2952
PR #3144
mssalvatore pushed a commit that referenced this issue Mar 24, 2023
@cakekoa @mssalvatore
SMB: Add OTP to agent command
0652006 
Issue #2952
PR #3144
mssalvatore added a commit that referenced this issue Mar 24, 2023
@mssalvatore
Merge branch '2952-smb-exploiter-plugin' into develop
46acd32 
Issue #2952
mssalvatore added a commit that referenced this issue Mar 28, 2023
@mssalvatore
Changelog: Add an entry for the SMB exploiter plugin #2952
1ed2fea
@mssalvatore mssalvatore added this to the v2.1.0 milestone Mar 28, 2023
@mssalvatore mssalvatore mentioned this issue Aug 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Medium Impact: High Plugins sp/13
Projects
None yet
Milestone
v2.1.0
Development

Successfully merging a pull request may close this issue.

2952 smb exploiter guardicore/monkey
2 participants
@mssalvatore @shreyamalviya