Skip to content

3163 wmi exploit client#3271

Merged
mssalvatore merged 11 commits into
developfrom
3163-wmi-exploit-client
Apr 28, 2023
Merged

3163 wmi exploit client#3271
mssalvatore merged 11 commits into
developfrom
3163-wmi-exploit-client

Conversation

@cakekoa

@cakekoa cakekoa commented Apr 27, 2023

Copy link
Copy Markdown
Contributor

What does this PR do?

Fixes #3163.

Adds the WMIRemoteAccessClient

PR Checklist

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Is the TravisCI build passing?
  • Was the CHANGELOG.md updated to reflect the changes?
  • Was the documentation framework updated to reflect the changes?
  • Have you checked that you haven't introduced any duplicate code?

Testing Checklist

  • Added relevant unit tests?
  • Do all unit tests pass?
  • Do all end-to-end tests pass?
  • Any other testing performed?

    Tested by running the exploiter_plugin_runner

  • If applicable, add screenshots or log transcripts of the feature working
    $ python tests/agent_plugins/exploiter_plugin_runner.py
    ExploiterResultData(exploitation_success=True, propagation_success=True, os='', info=None, error_message='')
    

@codecov

codecov Bot commented Apr 27, 2023

Copy link
Copy Markdown

Codecov Report

Patch coverage has no change and project coverage change: -0.17 ⚠️

Comparison is base (eed66ac) 73.53% compared to head (a153f31) 73.36%.

❗ Current head a153f31 differs from pull request most recent head decf600. Consider uploading reports for the commit decf600 to get more accurate results

Additional details and impacted files
@@             Coverage Diff             @@
##           develop    #3271      +/-   ##
===========================================
- Coverage    73.53%   73.36%   -0.17%     
===========================================
  Files          484      490       +6     
  Lines        13968    14333     +365     
===========================================
+ Hits         10271    10516     +245     
- Misses        3697     3817     +120     

see 11 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch 4 times, most recently from af439cd to bec960e Compare April 28, 2023 14:59
@cakekoa cakekoa marked this pull request as ready for review April 28, 2023 15:02
Comment thread monkey/agent_plugins/exploiters/wmi/src/wmi_remote_access_client.py Outdated
Comment thread monkey/agent_plugins/exploiters/wmi/src/wmi_remote_access_client.py Outdated
@cakekoa

cakekoa commented Apr 28, 2023

Copy link
Copy Markdown
Contributor Author

It looks like the path provided to Win32_Process.Create will be the working directory for the new process:
https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/create-method-in-class-win32-process

@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch from a153f31 to 28bc02d Compare April 28, 2023 16:43
@cakekoa cakekoa force-pushed the 3163-wmi-exploit-client branch from 28bc02d to decf600 Compare April 28, 2023 16:54
Comment on lines +84 to +88
def copy_file(self, file: bytes, destination_path: PurePath, tags: Set[str]):
self._smb_client.copy_file(file, destination_path, tags)

def get_writable_paths(self) -> Collection[PurePath]:
return self._smb_client.get_writable_paths()

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:)

@mssalvatore mssalvatore merged commit 8e65f12 into develop Apr 28, 2023
@mssalvatore mssalvatore deleted the 3163-wmi-exploit-client branch April 28, 2023 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Migrate the WMI exploiter to a plugin

2 participants