p15670423
/
monkey
1
0
Fork 5
Code Issues Pull Requests 3 Projects Releases Wiki Activity

Island: Handle encryption/decryption of None credential components

This commit is contained in:
Mike Salvatore 2022-07-15 11:33:31 -04:00
parent 2af713dabd
commit 19a720898e
3 changed files with 25 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
monkey/monkey_island/cc/repository/mongo_credentials_repository.py
View File

@ -77,10 +77,13 @@ class MongoCredentialsRepository(ICredentialsRepository):
encrypted_mapping: Dict[str, Any] = {}
for secret_or_identity, credentials_component in mapping.items():
encrypted_component = {
key: self._repository_encryptor.encrypt(value.encode())
for key, value in credentials_component.items()
}
if credentials_component is None:
encrypted_component = None
else:
encrypted_component = {
key: self._repository_encryptor.encrypt(value.encode())
for key, value in credentials_component.items()
}
encrypted_mapping[secret_or_identity] = encrypted_component
@ -90,10 +93,13 @@ class MongoCredentialsRepository(ICredentialsRepository):
decrypted_mapping: Dict[str, Any] = {}
for secret_or_identity, credentials_component in mapping.items():
decrypted_component = {
key: self._repository_encryptor.decrypt(value).decode()
for key, value in credentials_component.items()
}
if credentials_component is None:
decrypted_component = None
else:
decrypted_component = {
key: self._repository_encryptor.decrypt(value).decode()
for key, value in credentials_component.items()
}
decrypted_mapping[secret_or_identity] = decrypted_component

5
monkey/tests/data_for_tests/propagation_credentials.py
View File

@ -6,6 +6,7 @@ NT_HASH = "C1C58F96CDF212B50837BC11A00BE47C"
LM_HASH = "299BD128C1101FD6299BD128C1101FD6"
PASSWORD_1 = "trytostealthis"
PASSWORD_2 = "password!"
PASSWORD_3 = "rubberbabybuggybumpers"
PUBLIC_KEY = "MY_PUBLIC_KEY"
PRIVATE_KEY = "MY_PRIVATE_KEY"
@ -16,6 +17,8 @@ NT_HASH_CREDENTIALS = Credentials(identity=Username(USERNAME), secret=NTHash(NT_
SSH_KEY_CREDENTIALS = Credentials(
identity=Username(USERNAME), secret=SSHKeypair(PRIVATE_KEY, PUBLIC_KEY)
)
EMPTY_SECRET_CREDENTIALS = Credentials(identity=Username(USERNAME), secret=None)
EMPTY_IDENTITY_CREDENTIALS = Credentials(identity=None, secret=Password(PASSWORD_3))
PROPAGATION_CREDENTIALS = [
PASSWORD_CREDENTIALS_1,
@ -23,4 +26,6 @@ PROPAGATION_CREDENTIALS = [
NT_HASH_CREDENTIALS,
PASSWORD_CREDENTIALS_2,
SSH_KEY_CREDENTIALS,
EMPTY_SECRET_CREDENTIALS,
EMPTY_IDENTITY_CREDENTIALS,
]

12
monkey/tests/unit_tests/monkey_island/cc/repository/test_mongo_credentials_repository.py
View File

@ -13,7 +13,7 @@ from monkey_island.cc.repository import MongoCredentialsRepository
from monkey_island.cc.server_utils.encryption import ILockableEncryptor
CONFIGURED_CREDENTIALS = PROPAGATION_CREDENTIALS[0:3]
STOLEN_CREDENTIALS = PROPAGATION_CREDENTIALS[3:6]
STOLEN_CREDENTIALS = PROPAGATION_CREDENTIALS[3:]
def reverse(data: bytes) -> bytes:
@ -91,9 +91,6 @@ def test_mongo_repository_all(mongo_repository):
assert mongo_repository.get_configured_credentials() == []
# NOTE: The following tests are complicated, but they work. Rather than spend the effort to improve
# them now, we can revisit them when we resolve #2072. Resolving #2072 will make it easier to
# simplify these tests.
@pytest.mark.parametrize("credentials", PROPAGATION_CREDENTIALS)
def test_configured_secrets_encrypted(
mongo_repository: MongoCredentialsRepository,
@ -116,8 +113,11 @@ def check_if_stored_credentials_encrypted(mongo_client: MongoClient, original_cr
for rc in raw_credentials:
for identity_or_secret, credentials_component in rc.items():
for key, value in credentials_component.items():
assert original_credentials_mapping[identity_or_secret][key] != value.decode()
if original_credentials_mapping[identity_or_secret] is None:
assert credentials_component is None
else:
for key, value in credentials_component.items():
assert original_credentials_mapping[identity_or_secret][key] != value.decode()
def get_all_credentials_in_mongo(