p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

add draft for some tables

This commit is contained in:
Oran Nadler 2018-03-06 21:53:22 +02:00
parent 492bea27a5
commit 18114ea7fe
1 changed files with 84 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
monkey_island/cc/resources/pthmap.py
View File

@ -168,6 +168,16 @@ class Machine(object):
def GetLocalAdmins(self): def GetLocalAdmins(self):
return set(self.GetUsersByGroupSid(self.GetGroupSidByGroupName("Administrators")).keys()) return set(self.GetUsersByGroupSid(self.GetGroupSidByGroupName("Administrators")).keys())
def GetLocalSids(self):
doc = self.latest_system_info
SIDs = set()
for user in doc["data"]["Win32_UserAccount"]:
SIDs.add(eval(user["SID"]))
return SIDs
def GetLocalAdminNames(self): def GetLocalAdminNames(self):
return set(self.GetUsersByGroupSid(self.GetGroupSidByGroupName("Administrators")).values()) return set(self.GetUsersByGroupSid(self.GetGroupSidByGroupName("Administrators")).values())
@ -392,19 +402,22 @@ class PassTheHashMap(object):
return None return None
def GetAllSids(self): def GetAttackableMachineCountBySid(self, sid):
SIDs = {} count = 0
for m in self.vertices: for m in self.vertices:
for sid in m.GetLocalAdmins(): if sid in m.GetLocalAdmins():
if sid not in SIDs.keys(): count += 1
SIDs[sid] = {}
SIDs[sid]["admin_count"] = 0
SIDs[sid]["cache_count"] = self.GetSecretCacheCount(self.GetSecretBySid(sid))
SIDs[sid]["admin_count"] += 1 return count
return SIDs def GetAttackableMachineCountByMachine(self, attacker):
count = 0
for secret in attack.GetCachedSecrets():
count += len(m.GetVictimsBySecret(secret))
return count
def GetSecretCacheCount(self, secret): def GetSecretCacheCount(self, secret):
count = 0 count = 0
@ -415,14 +428,22 @@ class PassTheHashMap(object):
return count return count
def GetAllSids(self):
SIDs = set()
for m in self.vertices:
SIDs |= m.GetLocalSids()
return SIDs
def GetAllSecrets(self): def GetAllSecrets(self):
secrets = {} secrets = set()
for m in self.vertices: for m in self.vertices:
for secret in m.GetLocalAdminSecrets(): for secret in m.GetLocalAdminSecrets():
if secret not in secrets.keys(): secret.add(secret)
secrets[secret] = {} #secrets[secret]["cache_count"] = self.GetSecretCacheCount(secret)
secrets[secret]["cache_count"] = GetSecretCacheCount(secret) #secrets[secret]["sid_count"] = len(self.GetSidsBySecret(secret))
return secrets return secrets
@ -493,3 +514,51 @@ class PassTheHashMap(object):
def GetAttackersByVictim(self, victim): def GetAttackersByVictim(self, victim):
assert False, "TODO, get information from the graph" assert False, "TODO, get information from the graph"
def main():
pth = PassTheHashMap()
print "<h1>Pass The Hash Report</h1>"
print "<h2>Duplicated Passwords</h2>"
print "<h3>How many users share each secret?</h3>"
dups = dict(map(lambda x: (x, len(self.GetSidsBySecret(x))), pth.GetAllSecrets()))
print """<talbe>"""
print """<tr><th>Secret</th><th>User Count</th></tr>"""
for secret, count in sorted(dups.iteritems(), key=lambda (k,v): (v,k), reverse=True):
print """<tr><td>{secret}</td><td>{count}</td>""".format(secret=secret, count=count)
print """</talbe>"""
print "<h2>Cached Passwords</h2>"
print "<h3>On how many machines each secret is cached?</h3>"
cache_counts = dict(map(lambda x: (x, self.GetSecretCacheCount(x)), pth.GetAllSecrets()))
print """<talbe>"""
print """<tr><th>Secret</th><th>Machine Count</th></tr>"""
for secret, count in sorted(cache_counts.iteritems(), key=lambda (k,v): (v,k), reverse=True):
print """<tr><td>{secret}</td><td>{count}</td>""".format(secret=secret, count=count)
print """</talbe>"""
print "<h2>User's Creds</h2>"
print "<h3>To how many machines each user is able to connect with admin rights?</h3>"
attackable_counts = dict(map(lambda x: (x, self.GetAttackableMachineCountBySid(x)), pth.GetAllSids()))
print """<talbe>"""
print """<tr><th>SID</th><th>Username</th><th>Machine Count</th></tr>"""
for sid, count in sorted(attackable_counts.iteritems(), key=lambda (k,v): (v,k), reverse=True):
print """<tr><td>{sid}</td><td>{username}</td><td>{count}</td>""".format(sid=sid, username=pth.GetUsernameBySid(sid), count=count)
print """</talbe>"""
print "<h2>Machine's Creds</h2>"
print "<h3>To how many machines each machine is able to directly connect with admin rights?</h3>"
attackable_counts = dict(map(lambda m: (m, pth.GetAttackableMachineCountByMachine(m)), pth.vertices))
print """<talbe>"""
print """<tr><th>Attacker Ip</th><th>Attacker Hostname</th><th>Domain Name</th><th>Victim Machine Count</th></tr>"""
for m, count in sorted(attackable_counts.iteritems(), key=lambda (k,v): (v,k), reverse=True):
print """<tr><td>{ip}</td><td>{hostname}</td><td>{domain}</td><td>{count}</td>""".format(ip=m.GetIp(), hostname=n.GetHostName(), domain=m.GetDomainName(), count=count)
print """</talbe>"""
if __name__ == "__main__":
main()