Agent: Load and run SSH exploiter in concrete puppet

ilija-lazoroski · ilija-lazoroski · commit c17af162fbf9 · 2022-02-22T12:22:11.000+01:00
diff --git a/monkey/infection_monkey/i_puppet/i_puppet.py b/monkey/infection_monkey/i_puppet/i_puppet.py
@@ -103,14 +103,16 @@ def fingerprint(
 
     @abc.abstractmethod
     def exploit_host(
-        self, name: str, host: str, options: Dict, interrupt: threading.Event
+        self, name: str, host: object, options: Dict, interrupt: threading.Event
     ) -> ExploiterResultData:
         """
         Runs an exploiter against a remote host
         :param str name: The name of the exploiter to run
-        :param str host: The domain name or IP address of a host
+        :param object host: The domain name or IP address of a host
         :param Dict options: A dictionary containing options that modify the behavior of the
                              exploiter
+        :param threading.Event interrupt: A threading.Event object that signals the exploit to stop
+                                          executing and clean itself up.
         :return: True if exploitation was successful, False otherwise
         :rtype: ExploiterResultData
         """
diff --git a/monkey/infection_monkey/master/exploiter.py b/monkey/infection_monkey/master/exploiter.py
@@ -115,7 +115,7 @@ def _run_exploiter(
         credentials = self._get_credentials_for_propagation()
         options = {"credentials": credentials, **options}
 
-        return self._puppet.exploit_host(exploiter_name, victim_host.ip_addr, options, stop)
+        return self._puppet.exploit_host(exploiter_name, victim_host, options, stop)
 
     def _get_credentials_for_propagation(self) -> Mapping:
         try:
diff --git a/monkey/infection_monkey/monkey.py b/monkey/infection_monkey/monkey.py
@@ -16,6 +16,7 @@
     MimikatzCredentialCollector,
     SSHCredentialCollector,
 )
+from infection_monkey.exploit.sshexec import SSHExploiter
 from infection_monkey.i_puppet import IPuppet, PluginType
 from infection_monkey.master import AutomatedMaster
 from infection_monkey.master.control_channel import ControlChannel
@@ -213,6 +214,8 @@ def _build_puppet(self) -> IPuppet:
         puppet.load_plugin("smb", SMBFingerprinter(), PluginType.FINGERPRINTER)
         puppet.load_plugin("ssh", SSHFingerprinter(), PluginType.FINGERPRINTER)
 
+        puppet.load_plugin("SSHExploiter", SSHExploiter, PluginType.EXPLOITER)
+
         puppet.load_plugin("ransomware", RansomwarePayload(), PluginType.PAYLOAD)
 
         return puppet
diff --git a/monkey/infection_monkey/puppet/mock_puppet.py b/monkey/infection_monkey/puppet/mock_puppet.py
@@ -135,7 +135,7 @@ def fingerprint(
         return empty_fingerprint_data
 
     def exploit_host(
-        self, name: str, host: str, options: Dict, interrupt: threading.Event
+        self, name: str, host: object, options: Dict, interrupt: threading.Event
     ) -> ExploiterResultData:
         logger.debug(f"exploit_hosts({name}, {host}, {options})")
         attempts = [
@@ -193,9 +193,9 @@ def exploit_host(
         }
 
         try:
-            return successful_exploiters[host][name]
+            return successful_exploiters[host.ip_addr][name]
         except KeyError:
-            return ExploiterResultData(False, {}, [], f"{name} failed for host {host}")
+            return ExploiterResultData(False, {}, [], f"{name} failed for host {host.ip_addr}")
 
     def run_payload(self, name: str, options: Dict, interrupt: threading.Event):
         logger.debug(f"run_payload({name}, {options})")
diff --git a/monkey/infection_monkey/puppet/puppet.py b/monkey/infection_monkey/puppet/puppet.py
@@ -14,6 +14,9 @@
     PostBreachData,
 )
 
+from ..telemetry.messengers.legacy_telemetry_messenger_adapter import (
+    LegacyTelemetryMessengerAdapter,
+)
 from .mock_puppet import MockPuppet
 from .plugin_registry import PluginRegistry
 
@@ -57,9 +60,10 @@ def fingerprint(
         return fingerprinter.get_host_fingerprint(host, ping_scan_data, port_scan_data, options)
 
     def exploit_host(
-        self, name: str, host: str, options: Dict, interrupt: threading.Event
+        self, name: str, host: object, options: Dict, interrupt: threading.Event
     ) -> ExploiterResultData:
-        return self._mock_puppet.exploit_host(name, host, options, interrupt)
+        exploiter = self._plugin_registry.get_plugin(name, PluginType.EXPLOITER)
+        return exploiter(host, LegacyTelemetryMessengerAdapter(), options).exploit_host()
 
     def run_payload(self, name: str, options: Dict, interrupt: threading.Event):
         payload = self._plugin_registry.get_plugin(name, PluginType.PAYLOAD)
