Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

3163 wmi exploit client #3271

Merged
merged 11 commits into from
Apr 28, 2023
Merged

3163 wmi exploit client #3271

merged 11 commits into from
Apr 28, 2023

Conversation

cakekoa
Copy link
Contributor

@cakekoa cakekoa commented Apr 27, 2023
edited
Loading

What does this PR do?

Fixes #3163.

Adds the WMIRemoteAccessClient

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Do all unit tests pass?
  • Do all end-to-end tests pass?
  • Any other testing performed?

    Tested by running the exploiter_plugin_runner

  • If applicable, add screenshots or log transcripts of the feature working 
    $ python tests/agent_plugins/exploiter_plugin_runner.py
ExploiterResultData(exploitation_success=True, propagation_success=True, os='', info=None, error_message='')

@codecov
Copy link

codecov bot commented Apr 27, 2023
edited
Loading

Codecov Report

Patch coverage has no change and project coverage change: -0.17 ⚠️

Comparison is base (eed66ac) 73.53% compared to head (a153f31) 73.36%.

❗ Current head a153f31 differs from pull request most recent head decf600. Consider uploading reports for the commit decf600 to get more accurate results

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #3271      +/-   ##
===========================================
- Coverage    73.53%   73.36%   -0.17%     
===========================================
  Files          484      490       +6     
  Lines        13968    14333     +365     
===========================================
+ Hits         10271    10516     +245     
- Misses        3697     3817     +120

see 11 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch 4 times, most recently from af439cd to bec960e Compare April 28, 2023 14:59
@cakekoa cakekoa marked this pull request as ready for review April 28, 2023 15:02
@cakekoa
Copy link
Contributor Author

cakekoa commented Apr 28, 2023

It looks like the path provided to Win32_Process.Create will be the working directory for the new process:
https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/create-method-in-class-win32-process

@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch from a153f31 to 28bc02d Compare April 28, 2023 16:43
@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch from 28bc02d to decf600 Compare April 28, 2023 16:54
mssalvatore
mssalvatore reviewed Apr 28, 2023
View reviewed changes
monkey/agent_plugins/exploiters/wmi/src/wmi_remote_access_client.py
Comment on lines +84 to +88
def copy_file(self, file: bytes, destination_path: PurePath, tags: Set[str]):
self._smb_client.copy_file(file, destination_path, tags)

def get_writable_paths(self) -> Collection[PurePath]:
return self._smb_client.get_writable_paths()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:)

@mssalvatore mssalvatore merged commit 8e65f12 into develop Apr 28, 2023
@mssalvatore mssalvatore deleted the 3163-wmi-exploit-client branch April 28, 2023 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mssalvatore mssalvatore mssalvatore approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Migrate the WMI exploiter to a plugin
2 participants
@cakekoa @mssalvatore