Agent: refactor mimikatz_cred_collector to credential collector
This commit is contained in:
parent
c21cf681a4
commit
6aa2160f31
|
@ -0,0 +1,6 @@
|
|||
from .i_credential_collector import ICredentialCollector
|
||||
from .credential_components.nt_hashes import NTHashes
|
||||
from .credential_components.password import Password
|
||||
from .credential_components.ssh_keypair import SSHKeypair
|
||||
from .credential_components.username import Username
|
||||
from .credentials import Credentials
|
|
@ -0,0 +1,9 @@
|
|||
from ..credential_types import CredentialTypes
|
||||
from .i_credential_component import ICredentialComponent
|
||||
|
||||
|
||||
class NTHashes(ICredentialComponent):
|
||||
def __init__(self, ntlm_hash: str, lm_hash: str):
|
||||
super().__init__(
|
||||
type=CredentialTypes.NTLM_HASH, content={"ntlm_hash": ntlm_hash, "lm_hash": lm_hash}
|
||||
)
|
|
@ -1,8 +0,0 @@
|
|||
from ..credential_types import CredentialTypes
|
||||
|
||||
from .i_credential_component import ICredentialComponent
|
||||
|
||||
|
||||
class NtlmHash(ICredentialComponent):
|
||||
def __init__(self, content: dict):
|
||||
super().__init__(type=CredentialTypes.NTLM_HASH, content=content)
|
|
@ -1,8 +1,7 @@
|
|||
from ..credential_types import CredentialTypes
|
||||
|
||||
from .i_credential_component import ICredentialComponent
|
||||
|
||||
|
||||
class Password(ICredentialComponent):
|
||||
def __init__(self, content: dict):
|
||||
super().__init__(type=CredentialTypes.PASSWORD, content=content)
|
||||
def __init__(self, password: str):
|
||||
super().__init__(type=CredentialTypes.PASSWORD, content={"password": password})
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
from ..credential_types import CredentialTypes
|
||||
|
||||
from .i_credential_component import ICredentialComponent
|
||||
|
||||
|
||||
class SSHKeypair(ICredentialComponent):
|
||||
def __init__(self, content: dict):
|
||||
super().__init__(type=CredentialTypes.KEYPAIR, content=content)
|
||||
super().__init__(type=CredentialTypes.SSH_KEYPAIR, content=content)
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
from ..credential_types import CredentialTypes
|
||||
|
||||
from .i_credential_component import ICredentialComponent
|
||||
|
||||
|
||||
class Username(ICredentialComponent):
|
||||
def __init__(self, content: dict):
|
||||
super().__init__(type=CredentialTypes.USERNAME, content=content)
|
||||
def __init__(self, username: str):
|
||||
super().__init__(type=CredentialTypes.USERNAME, content={"username": username})
|
||||
|
|
|
@ -2,7 +2,7 @@ from enum import Enum
|
|||
|
||||
|
||||
class CredentialTypes(Enum):
|
||||
KEYPAIR = 1
|
||||
SSH_KEYPAIR = 1
|
||||
USERNAME = 2
|
||||
PASSWORD = 3
|
||||
NTLM_HASH = 4
|
||||
|
|
|
@ -1,25 +1,38 @@
|
|||
from typing import List
|
||||
|
||||
from infection_monkey.credential_collectors import (
|
||||
Credentials,
|
||||
ICredentialCollector,
|
||||
NTHashes,
|
||||
Password,
|
||||
Username,
|
||||
)
|
||||
from infection_monkey.system_info.windows_cred_collector import pypykatz_handler
|
||||
from infection_monkey.system_info.windows_cred_collector.windows_credentials import (
|
||||
WindowsCredentials,
|
||||
)
|
||||
|
||||
|
||||
class MimikatzCredentialCollector(object):
|
||||
@staticmethod
|
||||
def get_creds():
|
||||
class MimikatzCredentialCollector(ICredentialCollector):
|
||||
def collect_credentials(self) -> Credentials:
|
||||
creds = pypykatz_handler.get_windows_creds()
|
||||
return MimikatzCredentialCollector.cred_list_to_cred_dict(creds)
|
||||
return MimikatzCredentialCollector.to_credentials(creds)
|
||||
|
||||
@staticmethod
|
||||
def cred_list_to_cred_dict(creds: List[WindowsCredentials]):
|
||||
cred_dict = {}
|
||||
for cred in creds:
|
||||
# TODO: This should be handled by the island, not the agent. There is already similar
|
||||
# code in monkey_island/cc/models/report/report_dal.py.
|
||||
# Lets not use "." and "$" in keys, because it will confuse mongo.
|
||||
# Ideally we should refactor island not to use a dict and simply parse credential list.
|
||||
key = cred.username.replace(".", ",").replace("$", "")
|
||||
cred_dict.update({key: cred.to_dict()})
|
||||
return cred_dict
|
||||
def to_credentials(win_creds: List[WindowsCredentials]) -> Credentials:
|
||||
creds_obj = Credentials(identities=[], secrets=[])
|
||||
for win_cred in win_creds:
|
||||
|
||||
if win_cred.username:
|
||||
identity = Username(win_cred.username)
|
||||
creds_obj.identities.append(identity)
|
||||
|
||||
if win_cred.password:
|
||||
password = Password(win_cred.password)
|
||||
creds_obj.secrets.append(password)
|
||||
|
||||
if win_cred.lm_hash or win_cred.ntlm_hash:
|
||||
hashes = NTHashes(ntlm_hash=win_cred.ntlm_hash, lm_hash=win_cred.lm_hash)
|
||||
creds_obj.secrets.append(hashes)
|
||||
|
||||
return creds_obj
|
||||
|
|
Loading…
Reference in New Issue