From cc27b5dd208a70a628852e518c8f837bf0757de0 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Tue, 4 Dec 2018 10:06:48 +0200 Subject: [PATCH 1/3] Actually use mimikatz configuration variable --- monkey/infection_monkey/system_info/windows_info_collector.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index fb2261572..93e160a93 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -55,6 +55,9 @@ class WindowsInfoCollector(InfoCollector): LOG.debug('finished get_wmi_info') def get_mimikatz_info(self): + from infection_monkey.config import WormConfiguration + if not WormConfiguration.should_use_mimikatz: + return mimikatz_collector = MimikatzCollector() mimikatz_info = mimikatz_collector.get_logon_info() if mimikatz_info: From f8f948439ce4526fabbf98c07449b2a4772c03c8 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Tue, 4 Dec 2018 10:09:55 +0200 Subject: [PATCH 2/3] Also add to example conf file --- monkey/infection_monkey/example.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/monkey/infection_monkey/example.conf b/monkey/infection_monkey/example.conf index 4e608f72f..0779301d2 100644 --- a/monkey/infection_monkey/example.conf +++ b/monkey/infection_monkey/example.conf @@ -16,6 +16,7 @@ "alive": true, "collect_system_info": true, "extract_azure_creds": true, + "should_use_mimikatz": true, "depth": 2, "dropper_date_reference_path_windows": "%windir%\\system32\\kernel32.dll", From 61f040ef6fc4956183b0c4a3c81960954eca5307 Mon Sep 17 00:00:00 2001 From: Daniel Goldberg Date: Wed, 5 Dec 2018 13:59:33 +0200 Subject: [PATCH 3/3] Moved the check to a top level function. --- .../system_info/windows_info_collector.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/monkey/infection_monkey/system_info/windows_info_collector.py b/monkey/infection_monkey/system_info/windows_info_collector.py index 93e160a93..1348a6fcb 100644 --- a/monkey/infection_monkey/system_info/windows_info_collector.py +++ b/monkey/infection_monkey/system_info/windows_info_collector.py @@ -2,7 +2,7 @@ import os import logging import sys -sys.coinit_flags = 0 # needed for proper destruction of the wmi python module +sys.coinit_flags = 0 # needed for proper destruction of the wmi python module import infection_monkey.config from infection_monkey.system_info.mimikatz_collector import MimikatzCollector @@ -38,7 +38,9 @@ class WindowsInfoCollector(InfoCollector): super(WindowsInfoCollector, self).get_info() self.get_wmi_info() self.get_installed_packages() - self.get_mimikatz_info() + from infection_monkey.config import WormConfiguration + if WormConfiguration.should_use_mimikatz: + self.get_mimikatz_info() return self.info @@ -55,9 +57,6 @@ class WindowsInfoCollector(InfoCollector): LOG.debug('finished get_wmi_info') def get_mimikatz_info(self): - from infection_monkey.config import WormConfiguration - if not WormConfiguration.should_use_mimikatz: - return mimikatz_collector = MimikatzCollector() mimikatz_info = mimikatz_collector.get_logon_info() if mimikatz_info: